PDA

View Full Version : Spybot never completes its run



PhilipB
2008-04-02, 00:50
I've recently had to reload my operating system. I'm running Windows XP Pro and have updated it with all updates and the SP2.

Installed my Panda IS 2008, ran scan.

Installed Spybot 1.5.2, but it never runs to completion. Was having this difficulty before having to reload Operating System anyway.

Ran Trend Micro House Call - No problem
Ran Kaspersky - have copied the results below
Ran HJTInstall - Have copied the results below

Ran Under Safe mode - does not complete.

Kaspersky
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 01, 2008 3:50:58 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/04/2008
Kaspersky Anti-Virus database records: 676350
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 37670
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:41:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\sentinel\2.1\gwhashs.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Philip Botwinick\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Philip Botwinick\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Philip Botwinick\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Philip Botwinick\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Philip Botwinick\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Philip Botwinick\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Philip Botwinick\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Philip Botwinick\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\chandir.dat Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\chandir.idx Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\chn.dat Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\chn.idx Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\inuse.txt Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\L0000002.FCS Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\main.log Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\prs.dat Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\prs.idx Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\prs_die.dat Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\prs_die.idx Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\storydb.dat Object is locked skipped
C:\Program Files\Desktop Messenger\8876480\Users\Philip Botwinick\Data\storydb.idx Object is locked skipped
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\MshConf\scoffset.bin.incr Object is locked skipped
C:\Program Files\Panda Security\Panda Internet Security 2008\f4d4851e8935eebef0f2eb52b3212bc9PSK_NAMES Object is locked skipped
C:\Program Files\Panda Security\Panda Internet Security 2008\f4d4851e8935eebef0f2eb52b3212bc9PSK_NAMES2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6E26545D-1ADD-4C5F-98A8-29186D842F2E}\RP36\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Hjack This results
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:51:51 PM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\ApvxdWin.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206554419545
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

--
End of file - 6544 bytes

Have read some of the posts referring to heat problem.

How does one determine if the system is running hot?

I did add the /verbose to the task in the properties but since the system freezes I get nothing from this.

I never had this difficulty with earlier versions of Spybot.

Thanks for the held

pskelley
2008-04-02, 16:29
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Hi Philip, first let me say I see no problems in the KOS or the HJT log. Since you say this started when you updated to Spybot S&D 1.5.2. It is very possible something went wrong with the download or a file got corrupted, so many things can happen. First, let me introduce you to the experts who know all about Spybot S&D:
http://forums.spybot.info/forumdisplay.php?f=4 <<< Spybot forum
http://forums.spybot.info/forumdisplay.php?f=16 <<< false positives

Are any other programs new, like Panda, that might have blocked something in the download?
What I want you to try first is to uninstall Spybot S&D and download it again from here:
http://www.safer-networking.org/en/download/index.html

If that does not fix the problem, post at the Spybot S&D forum giving them a link to this topic so they can see what we tried, and they will be glad to help you.
(if you post there, post a link for me in this topic so I can learn with you)

As far as the heat issue goes, when was the last time you blew the dust out of the computer cabinet?
http://www.computerhope.com/cleaning.htm
http://www.google.com/search?hl=en&q=how+to+tell+if+a+computer+is+overheating&btnG=Search

Thanks...Phil

pskelley
2008-04-09, 23:50
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.