PDA

View Full Version : No final report



Galceran
2008-11-29, 01:18
Running spybot V 1.6.0.30 Runs as a scheduled task from 21:30 for 1 hour 48mins then shuts itself down. Last line in the report: 28.11.2008 21:30:46 - ##### checking bots #####
Only Spybot running from 21:30, no browser, email programme, antivirus etc. Usage tracks are not scanned. Previous version would give the time it finished, normally around 55mins to complete.
Grateful any suggestions

Greyfox
2008-11-29, 05:44
Running spybot V 1.6.0.30 Runs as a scheduled task from 21:30 for 1 hour 48mins then shuts itself down. Last line in the report: 28.11.2008 21:30:46 - ##### checking bots #####
Only Spybot running from 21:30, no browser, email programme, antivirus etc. Usage tracks are not scanned. Previous version would give the time it finished, normally around 55mins to complete.
Grateful any suggestions

Using version 1.6.1.38, have just run a quick check (scheduled to scan for usage tracks only). The log file shows

29.11.2008 14:05:04 - ##### check started #####
29.11.2008 14:05:04 - ### Version: 1.6.1
29.11.2008 14:05:04 - ### Date: 29/11/2008 2:05:04 PM
29.11.2008 14:05:06 - ##### checking bots #####
29.11.2008 14:05:07 - ##### checking usage tracking #####
..
..
29.11.2008 14:05:19 - ##### check finished #####"

At a guess yours dropped out before completing the scan for some reason.
I will now do a full scan and post any additional thoughts.

Greyfox
2008-11-29, 09:41
Galceran,

Further to my last post - I ran a full scan with all items primarily to see whether the log could be used to give any indication of where it had stopped, but as you can see from the extract below, after it says ##### checking bots ##### at the start of the scan, it makes no further entries until right near the end of the scan where it starts to look for usage tracks

29.11.2008 14:22:04 - ##### check started #####
29.11.2008 14:22:04 - ### Version: 1.6.1
29.11.2008 14:22:04 - ### Date: 29/11/2008 2:22:04 PM
29.11.2008 14:22:06 - ##### checking bots #####
29.11.2008 14:51:11 - ##### checking usage tracking #####
29.11.2008 14:51:11 - found: Common Dialogs History 9 files
....

....
29.11.2008 14:51:23 - ##### check finished #####

If you set up the scan to only look for spyware, then there is no entries between the "checking bots", and the "check finished" entries.

So all I can suggest is that yours stopped/exited the scan abruptly somewhere along the way. I guess the only thing is to do a scan and watch what happens - unfortunately that will be about as much fun as watching paint dry.

Galceran
2008-11-29, 10:26
Greyfox

I have watched it shut down, that is how I know it runs for 1hr 48mins. The Spybot window just disappears. I have had Windows Task Manager running, in Processes Spybot will be showing around 75 only to disappear from the list. It has failed every day for some time so I would leave it running at the start (2130) and return about 2215hrs to watch it die, but no clues. I will try sacnning for usage tracks only.

I need to know the check finished time to schedule AVG to run shortly after et seq.

Thanks

Galceran
2008-11-29, 10:41
Now I get Check Finished after including Malware.sbi and Usage tracks. A thought, these are the switches used in Scheduled Tasks Run window: /autocheck /autofix /autoclose
Last Log entry:
29.11.2008 08:29:35 - ##### check started #####
29.11.2008 08:29:35 - ### Version: 1.6.0
29.11.2008 08:29:35 - ### Date: 29 Nov 2008 08:29:35
29.11.2008 08:29:39 - ##### checking bots #####
29.11.2008 08:33:11 - ##### checking usage tracking #####
29.11.2008 08:33:11 - found: Common Dialogs History 312 files
29.11.2008 08:33:11 - found: Log Activity: COM+.log COM+.log
29.11.2008 08:33:11 - found: Log Activity: SchedLgU.Txt SchedLgU.Txt
29.11.2008 08:33:11 - found: Log Activity: imsins.log imsins.log
29.11.2008 08:33:11 - found: Log Activity: OEWABLog.txt OEWABLog.txt
29.11.2008 08:33:11 - found: Log Activity: ntbtlog.txt ntbtlog.txt
29.11.2008 08:33:11 - found: Log Install: comsetup.log comsetup.log
29.11.2008 08:33:11 - found: Log Install: ocgen.log ocgen.log
29.11.2008 08:33:11 - found: Log Install: setupact.log setupact.log
29.11.2008 08:33:11 - found: Log Install: setupapi.log setupapi.log
29.11.2008 08:33:12 - found: Log Install: setuplog.txt setuplog.txt
29.11.2008 08:33:12 - found: Log Install: svcpack.log svcpack.log
29.11.2008 08:33:12 - found: Log Install: wmsetup.log wmsetup.log
29.11.2008 08:33:12 - found: Log Install: DtcInstall.log DtcInstall.log
29.11.2008 08:33:12 - found: Log Shutdown: System32\wbem\logs\mofcomp.log System32\wbem\logs\mofcomp.log
29.11.2008 08:33:12 - found: Log Shutdown: System32\wbem\logs\setup.log System32\wbem\logs\setup.log
29.11.2008 08:33:12 - found: Log Shutdown: System32\wbem\logs\wbemcore.log System32\wbem\logs\wbemcore.log
29.11.2008 08:33:12 - found: Log Shutdown: System32\wbem\logs\wbemess.lo_ System32\wbem\logs\wbemess.lo_
29.11.2008 08:33:12 - found: Log Shutdown: System32\wbem\logs\wbemess.log System32\wbem\logs\wbemess.log
29.11.2008 08:33:12 - found: Log Shutdown: System32\wbem\logs\wbemprox.log System32\wbem\logs\wbemprox.log
29.11.2008 08:33:12 - found: Log Shutdown: System32\wbem\logs\wmiadap.log System32\wbem\logs\wmiadap.log
29.11.2008 08:33:12 - found: Log Shutdown: System32\wbem\logs\wmiprov.log System32\wbem\logs\wmiprov.log
29.11.2008 08:33:12 - found: Adobe Acrobat Reader 4 Recent file #1
29.11.2008 08:33:12 - found: Adobe Acrobat Reader 4 Recent file #2
29.11.2008 08:33:13 - found: Ahead Nero Burning Rom Recent file list 1 files
29.11.2008 08:33:13 - found: Ahead Nero Burning Rom Compilation directory
29.11.2008 08:33:13 - found: Ahead Nero Burning Rom Browser directory
29.11.2008 08:33:13 - found: Ahead Nero Burning Rom Working directory
29.11.2008 08:33:13 - found: Ahead Nero Burning Rom Last ISO directory
29.11.2008 08:33:14 - found: Internet Explorer Typed URL list 17 files
29.11.2008 08:33:14 - found: Internet Explorer Download directory
29.11.2008 08:33:14 - found: Internet Explorer User agent
29.11.2008 08:33:14 - found: Internet Explorer User agent
29.11.2008 08:33:14 - found: Internet Explorer AutoComplete data 3 files
29.11.2008 08:33:14 - found: Isobuster Last save folder
29.11.2008 08:33:15 - found: MS Management Console Recent command list 3 files
29.11.2008 08:33:15 - found: MS Media Player Recent file list 7 files
29.11.2008 08:33:15 - found: MS Media Player Application data file (global)
29.11.2008 08:33:15 - found: MS Media Player Client ID
29.11.2008 08:33:15 - found: MS Media Player Client ID
29.11.2008 08:33:15 - found: MS Direct3D Most recent application
29.11.2008 08:33:15 - found: MS Direct3D Most recent application
29.11.2008 08:33:15 - found: MS Direct3D Most recent application
29.11.2008 08:33:15 - found: MS Direct3D Most recent application
29.11.2008 08:33:15 - found: MS DirectDraw Most recent application
29.11.2008 08:33:15 - found: MS Office 11.0 Last opened-from-web file
29.11.2008 08:33:15 - found: MS Office 11.0 (Access) Recent database #1
29.11.2008 08:33:15 - found: MS Office 11.0 (Access) Recent database #2
29.11.2008 08:33:15 - found: MS Office 11.0 (Access) Recent database #3
29.11.2008 08:33:15 - found: MS Office 11.0 (Access) Recent database #4
29.11.2008 08:33:15 - found: MS Office 11.0 (Access) Recent database #5
29.11.2008 08:33:15 - found: MS Office 11.0 (Access) Recent database #6
29.11.2008 08:33:15 - found: MS Office 11.0 (Access) Recent database #7
29.11.2008 08:33:15 - found: MS Office 11.0 (Access) Recent database #8
29.11.2008 08:33:15 - found: MS Office 11.0 (Access) Recent database #9
29.11.2008 08:33:16 - found: MS Office 11.0 (Excel) Recent file list 4 files
29.11.2008 08:33:16 - found: MS Office 11.0 (Excel) Recent template list 4 files
29.11.2008 08:33:16 - found: MS Office 11.0 (Word) Recent file list
29.11.2008 08:33:16 - found: MS Office 11.0 (Word) Recent template list 8 files
29.11.2008 08:33:17 - found: MS Regedit Recent open key
29.11.2008 08:33:17 - found: MS Search Assistant Typed search terms history
29.11.2008 08:33:17 - found: MS Wordpad Recent file list 3 files
29.11.2008 08:33:17 - found: Pinnacle Studio 8 Last captured video
29.11.2008 08:33:17 - found: Pinnacle Studio 8 Last grabbed image
29.11.2008 08:33:17 - found: Pinnacle Studio 8 Last opened title
29.11.2008 08:33:17 - found: Pinnacle Studio 8 Last saved project
29.11.2008 08:33:17 - found: Pinnacle Studio 8 Last opened sound file
29.11.2008 08:33:17 - found: Pinnacle Studio 8 TitleDeko - Last used background image
29.11.2008 08:33:17 - found: Pinnacle Studio 8 TitleDeko - Last used button
29.11.2008 08:33:17 - found: Pinnacle Studio 8 TitleDeko - Last used picture
29.11.2008 08:33:17 - found: RealOne Player 2 (aka RealPlayer 6.0) Last open file directory
29.11.2008 08:33:17 - found: RealOne Player 2 (aka RealPlayer 6.0) Most recent clips #1
29.11.2008 08:33:17 - found: RealOne Player 2 (aka RealPlayer 6.0) Most recent clips #2
29.11.2008 08:33:17 - found: RealOne Player 2 (aka RealPlayer 6.0) Most recent clips #3
29.11.2008 08:33:17 - found: RealOne Player 2 (aka RealPlayer 6.0) Most recent clips #4
29.11.2008 08:33:17 - found: RealOne Player 2 (aka RealPlayer 6.0) Most recent clips #5
29.11.2008 08:33:17 - found: RealOne Player 2 (aka RealPlayer 6.0) Most recent clips #6
29.11.2008 08:33:17 - found: RealOne Player 2 (aka RealPlayer 6.0) Most recent clips #7
29.11.2008 08:33:17 - found: RealOne Player 2 (aka RealPlayer 6.0) Most recent clips #8
29.11.2008 08:33:17 - found: RealOne Player 2 (aka RealPlayer 6.0) Most recent skins #1
29.11.2008 08:33:19 - found: Windows.OpenWith Open with list - .ASP extension 4 files
29.11.2008 08:33:19 - found: Windows.OpenWith Open with list - .AVI extension 4 files
29.11.2008 08:33:19 - found: Windows.OpenWith Open with list - .BAS extension 3 files
29.11.2008 08:33:19 - found: Windows.OpenWith Open with list - .BIN extension 3 files
29.11.2008 08:33:19 - found: Windows.OpenWith Open with list - .BMP extension 4 files
29.11.2008 08:33:19 - found: Windows.OpenWith Open with list - .BZ2 extension 1 files
29.11.2008 08:33:19 - found: Windows.OpenWith Open with list - .CAB extension 1 files
29.11.2008 08:33:19 - found: Windows.OpenWith Open with list - .CDA extension 2 files
29.11.2008 08:33:19 - found: Windows.OpenWith Open with list - .CDX extension 2 files
29.11.2008 08:33:19 - found: Windows.OpenWith Open with list - .CFG extension 2 files
29.11.2008 08:33:19 - found: Windows.OpenWith Open with list - .CGI extension 2 files
29.11.2008 08:33:19 - found: Windows.OpenWith Open with list - .CHM extension 2 files
29.11.2008 08:33:20 - found: Windows.OpenWith Open with list - .CSS extension 5 files
29.11.2008 08:33:20 - found: Windows.OpenWith Open with list - .CSV extension 6 files
29.11.2008 08:33:20 - found: Windows Explorer Recent wallpaper list 500 files
29.11.2008 08:33:20 - found: Windows Explorer Run history 9 files
29.11.2008 08:33:20 - found: Windows Explorer Stream history 201 files
29.11.2008 08:33:20 - found: Windows Explorer User Assistant history IE 33 files
29.11.2008 08:33:20 - found: Windows Explorer User Assistant history files 886 files
29.11.2008 08:33:20 - found: Windows Explorer Last visited history 26 files
29.11.2008 08:33:20 - found: Windows Explorer Recent file global history
29.11.2008 08:33:20 - found: Windows Explorer Recent file global history
29.11.2008 08:33:20 - found: Windows Explorer Recent file global history
29.11.2008 08:33:20 - found: Windows Explorer Recent file global history
29.11.2008 08:33:20 - found: Windows Explorer Last Copy/MoveTo folder
29.11.2008 08:33:20 - found: Windows Media SDK Computer name
29.11.2008 08:33:20 - found: Windows Media SDK Unique ID
29.11.2008 08:33:20 - found: Windows Media SDK Volume serial number
29.11.2008 08:33:20 - found: Windows Media SDK Volume serial number
29.11.2008 08:33:20 - found: Windows Media SDK Volume serial number
29.11.2008 08:33:21 - found: Cookie Cookie (2)
29.11.2008 08:33:21 - found: History History (156)
29.11.2008 08:33:21 - found: Cookie Cookie (2)
29.11.2008 08:33:21 - ##### check finished #####

Greyfox
2008-11-29, 12:47
Galceran,

Two questions - does it abort the scan at the same place each time and if so what is showing in the status bar at the time, and does it still shut down abnormally if you don't have anything else sheduled to occur at a later time?

Galceran
2008-11-29, 13:23
Greyfox

1. Yes it always appears to have completed the scan. It is run as a scheduled task and I do not get the full window with the buttons "Check for Problems", "Recover" etc. I get a smaller window with "Check in progress" on the Title bar, the progress of the scan "7038/346867" the first figure steps up rapidly, Time left for the scan to complete "42:38" this figure fluctuates - it can jump up to 45:02.
Eventually it shows "346867/346867", Time left "00:00". The window stays on screen for about 2 mins before closing. Inspection of the log does not show "Time finished"
2. This is always the first programme to run nightly followed (after 10min gap) by AVG, Norton Ghost Backup (once a week), finally Genie Backup.

Something connected with it running as a scheduled task?

Thanks

Greyfox
2008-11-29, 14:06
Galceran,

This is just a thought. Can you try running a scan for everything, but NOT setting it to carry out any fixes. Leave it set to close the program at the end of the scan.

If that works, and you then get the Time finished entry, I would suggest it is actually dropping out of the program part way through fixing the usage track entries.

If removing the fixes works, it will be a matter of isolating which item is causing Spybot to fall out of its program.

I am making that suggestion because I have had to exclude an MSOffice usage entry from several PC's that have Office 2000 installed, because Spybot drops out of the program as soon as it tries to fix that particular usage entry. Because it is not an entry of any concern I haven't bothered to investigate it any further, because excluding just that entry gets rid of the problem.

The other point to make is that you are probably aware that scan times have recently risen due to an increase in the number of threats being scanned for, so you should make sure to leave plenty of time before the other scheduled items are started.

Galceran
2008-11-29, 15:49
Thank you for that. I shall do a scan now and let you know.

Galceran
2008-11-29, 17:22
Scan started 1354. Last line in the log:
29.11.2008 13:54:19 - ##### checking bots #####

I came back at 1459 to find it showing 314932/346867 Time left 00:00. It then took 3mins to reach 314965/346867 with ZLOB Downloader.bs as the item being scanned. At 1505 the window closed, however I noted the bottom bar of my browser had a SpyBot tab which would not maximise, opened Task Manager and Spybot not showing in processes but, Teatimer was active shutting down 3mins later at 1508. In other words it appears Teatime started running as soon as Spybot shut down.

What can you make of this?

Thanks

Greyfox
2008-11-29, 23:58
Scan started 1354. Last line in the log:
29.11.2008 13:54:19 - ##### checking bots #####
... however I noted the bottom bar of my browser had a SpyBot tab which would not maximise

Why did you have your browser open?



Teatimer was active shutting down 3mins later at 1508.


I take it teatimer was running prior to the scheduled scan, and stopped at 15:08 i.e. it's icon disappeared from the task bar, is that correct.



.... 314932/346867 Time left 00:00. It then took 3mins to reach 314965/346867 with ZLOB Downloader.bs as the item being scanned. At 1505 the window closed


In an earlier post you indicated it always completes the scan "Eventually it shows "346867/346867", Time left "00:00". Did it get to 346867/346867 this time?

OK basically I don't know what the problem is - I would suggest you go back to basics, go into Spybot and turn off Teatimer (Advanced mode/Tools/Resident, untick the box). Clear out your temporary files and browser caches, reboot the computer and manually scan with your browser closed then fix anything it finds. If that works, then schedule another scan (at this stage with Teatimer inactive). You might also consider shutting down any other AS and AV software normally running (off line of course) to try to isolate the problem.

Galceran
2008-11-30, 07:34
Sorry misled you there. Bottom bar of the Taskbar had a Spybot tab showing, could not see all of its title (Spybot - ..) too many tabs open.

It was only when the Spybot scan window closed that the other tab then appeared, presumably Teatimer from what Task Manager showed. Whether it was running prior to the scan I don't know, not noticed this tab before.

Did it get to 346867? Possibly, as you remarked it's like watching paint dry. The window closes before you can remember the last count.

I will proceed as you suggest.

Thanks

Galceran
2008-12-05, 10:41
Greyfox

Switched off TeaTimer also set ignore ZLOB.Downloads.bs It was just about static when it got to this one. Had 3 results like this one.

04.12.2008 21:55:30 - ##### check started #####
04.12.2008 21:55:30 - ### Version: 1.6.0
04.12.2008 21:55:30 - ### Date: 04 Dec 2008 21:55:30
04.12.2008 21:55:35 - ##### checking bots #####
04.12.2008 22:49:49 - ##### checking usage tracking #####
04.12.2008 22:49:49 - found: Common Dialogs History 22 files
04.12.2008 22:49:49 - found: Log Activity: SchedLgU.Txt SchedLgU.Txt
04.12.2008 22:49:49 - found: Log Shutdown: System32\wbem\logs\wbemcore.log System32\wbem\logs\wbemcore.log
04.12.2008 22:49:49 - found: Log Shutdown: System32\wbem\logs\wbemess.log System32\wbem\logs\wbemess.log
04.12.2008 22:49:59 - found: MS Office 11.0 (Excel) Recent file list 4 files
04.12.2008 22:50:00 - found: MS Office 11.0 (Word) Recent file list
04.12.2008 22:50:00 - found: MS Office 11.0 (Word) Recent template list 2 files
04.12.2008 22:50:09 - found: History History (33)
04.12.2008 22:50:09 - found: Cookie Cookie (42)
04.12.2008 22:50:09 - ##### check finished #####

Everything closed whilst Spybot running. AVG scheduled to run at 2315, which it has been doing. Presume TeaTimer can be switched on now and uncheck the one exclusion. May have to schedule AVG for 2330 if results return to showing no Check Finished.

Thanks Gilbert

Greyfox
2008-12-05, 11:58
Galceran,

I'm not sure what the present status is. You turned off Teatimer and ran the scan manually as suggested. The results you posted however don't indicate to me that you completed the fix following the scan, and you didn't say whether these results were with the AV disabled or not.

In addition, you also removed the ZLOB.Downloads.bs from the scan. I appreciate your reason for doing this but I still don't know whether you can physically complete a full scan including ZLOB.Downloads.bs and including making the fixes, all as a manual operation without problems.

Perhaps you could clarify that, and also let's know what difference if any having the AV disabled during the Spybot scan makes. One of the things I was hoping to see, if/when the check finished message appeared at the end of the log, was the total time taken. The results in your last post suggest that with ZLOB.Downloads.bs included (which you indicated was almost making the scan stall) the overall time may indeed have run into the scheduled start time of the second task.

It was also my intention, if the above was completing correctly, to then ask you do a sheduled version again, still without Teatimer present, without any other task being scheduled to take place afterwards.

Galceran
2008-12-05, 19:31
Greyfox

Sorry the last results posted were of a scheduled scan. I cannot remember exactly what happened with the manual scans which I did get right in the end and then started the scheduled scans. The last scan had the switches /autoscan /autofix /autoclose in the command line. AVG was not disabled.

OK I will start over again. Problem is that I am kept busy with adding new members to a password protected website most of the day. The maintenance programmes run from 21:55 to 03:15.
However I shall make time in the mornings for manual scans as suggested. ZLOB.Downloads.bs included, AVG disabled, fix at the end. First result tomorrow about 1000hrs GMT.

Thanks
Galceran

Galceran
2008-12-06, 11:44
Greyfox

No excludes, AVG disabled, Nothing else open except Spybot. Scan completed in 32mins. I then opened Ignore Products to check ZLOB.Downloader.bs had been unchecked, it was. Found I was unable to return to the Problem list, the normal Check for Problems, Recovery, Search for Updates window was showing. Is there a way to get back to the fix problems window or once you leave is that it?

Ran another check to do a fix. There was another result for 09:02 similar to the 09:04, excluded that as it did not appear relevant. Let me know if you wish to see it.

Results:

06.12.2008 08:29:20 - ##### check started #####
06.12.2008 08:29:20 - ### Version: 1.6.0
06.12.2008 08:29:20 - ### Date: 06 Dec 2008 08:29:20
06.12.2008 08:29:23 - ##### checking bots #####
06.12.2008 09:02:20 - ##### checking usage tracking #####
06.12.2008 09:02:20 - found: Common Dialogs History 8 files
06.12.2008 09:02:20 - found: Log Activity: SchedLgU.Txt SchedLgU.Txt
06.12.2008 09:02:20 - found: Log Shutdown: System32\wbem\logs\wbemcore.log System32\wbem\logs\wbemcore.log
06.12.2008 09:02:20 - found: Log Shutdown: System32\wbem\logs\wbemess.log System32\wbem\logs\wbemess.log
06.12.2008 09:02:20 - found: Adobe Acrobat Reader 4 Recent file #1
06.12.2008 09:02:20 - found: Adobe Acrobat Reader 4 Recent file #2
06.12.2008 09:02:24 - found: MS Office 11.0 Last opened-from-web file
06.12.2008 09:02:24 - found: MS Office 11.0 (Excel) Recent file list 4 files
06.12.2008 09:02:28 - found: History History (21)
06.12.2008 09:02:28 - found: Cookie Cookie (8)
06.12.2008 09:02:28 - ##### check finished #####


--- Report generated: 2008-12-06 09:04 ---

Hint of the Day: Click the bar at the right of this to see more information! ()


Common Dialogs: History (8 files) (Registry key, fixed)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: SchedLgU.Txt (Backup file, fixed)
C:\WINDOWS\SchedLgU.Txt

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Adobe Acrobat Reader 4: [SBI $58E23D78] Recent file #1 (Registry change, fixed)
HKEY_USERS\S-1-5-21-2187618736-2042299109-634187873-1003\Software\Adobe\Acrobat Reader\4.0\AdobeViewer\avpRecentFile1

Adobe Acrobat Reader 4: [SBI $A2EB5B0A] Recent file #2 (Registry change, fixed)
HKEY_USERS\S-1-5-21-2187618736-2042299109-634187873-1003\Software\Adobe\Acrobat Reader\4.0\AdobeViewer\avpRecentFile2

MS Office 11.0: [SBI $53EEAC4B] Last opened-from-web file (Registry value, fixed)
HKEY_USERS\S-1-5-21-2187618736-2042299109-634187873-1003\Software\Microsoft\Office\11.0\Common\Internet\UseRWHlinkNavigation

MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2187618736-2042299109-634187873-1003\Software\Microsoft\Office\11.0\Excel\Recent Files

History: [SBI $49804B54] History (21) (History, fixed)


Cookie: [SBI $49804B54] Cookie (8) (Cookie, fixed)


Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-08-28 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2008-11-04 Includes\Adware.sbi (*)
2008-11-25 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2008-11-18 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-11-18 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2008-12-03 Includes\MalwareC.sbi (*)
2008-11-03 Includes\PUPS.sbi (*)
2008-12-02 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-11-04 Includes\Spyware.sbi (*)
2008-12-02 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti (*)
2008-11-04 Includes\Trojans.sbi (*)
2008-12-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Greyfox
2008-12-07, 01:16
..Scan completed in 32mins.


I did expect that the scan time would be reduced if the antivirus software and Teatimer were disabled during the scan, but a reduction from 1 hour 48 minutes (see your earlier post) to 32 minutes is impressive.



Is there a way to get back to the fix problems window or once you leave is that it?

When you leave it, that's it. The only way to regenerate the items to be fixed is to do another scan.

OK, as I see it, with the AV disabled, you are able to complete a full manual scan in just 32 minutes, and the only thing it found was green usage tracking entries, and it was able to "fix" all of these. So that is all good.

At the end of my previous post I said "It was also my intention, if the above was completing correctly, to then ask you do a sheduled version again, still without Teatimer present, without any other task being scheduled to take place afterwards."

That is the next step. In order that this be a logical progression from where you are now, AVG should be disabled (and also Teatimer, if it was disabled for the previous manual test - you didn't actually confirm this). The main two points for this test is to have everything the same as when you ran the manual test subject of your last post, and to NOT have anything else set up on schedule other than the Spybot scan.

If this test sheduled scan completes OK, then re-enable AVG and repeat the exercise (also please note time taken).

If that is also OK, and if Teatimer was disabled in the previous tests, then re-enable it (and again note the time taken).

Please post back results.

Galceran
2008-12-07, 17:57
Yes Teatimer was disabled in the last manual scan and still is.
Will advise on the Scheduled runs as they finish.

Galceran

Galceran
2008-12-07, 19:24
AVG and Teatimer disabled, nothing else set up or running.

07.12.2008 16:20:09 - ##### check started #####
07.12.2008 16:20:09 - ### Version: 1.6.0
07.12.2008 16:20:09 - ### Date: 07 Dec 2008 16:20:09
07.12.2008 16:20:12 - ##### checking bots #####
07.12.2008 17:06:28 - ##### checking usage tracking #####
07.12.2008 17:06:28 - found: Common Dialogs History 12 files
07.12.2008 17:06:28 - found: Log Activity: SchedLgU.Txt SchedLgU.Txt
07.12.2008 17:06:28 - found: Log Install: setupact.log setupact.log
07.12.2008 17:06:28 - found: Log Shutdown: System32\wbem\logs\wbemcore.log System32\wbem\logs\wbemcore.log
07.12.2008 17:06:28 - found: Log Shutdown: System32\wbem\logs\wbemess.log System32\wbem\logs\wbemess.log
07.12.2008 17:06:28 - found: Log Shutdown: System32\wbem\logs\wbemprox.log System32\wbem\logs\wbemprox.log
07.12.2008 17:06:28 - found: Log Shutdown: System32\wbem\logs\wmiprov.log System32\wbem\logs\wmiprov.log
07.12.2008 17:06:34 - found: MS Direct3D Most recent application
07.12.2008 17:06:37 - found: MS Office 11.0 (Excel) Recent file list 4 files
07.12.2008 17:06:37 - found: MS Office 11.0 (Excel) Recent template list 2 files
07.12.2008 17:06:39 - found: MS Regedit Recent open key
07.12.2008 17:06:46 - found: History History (21)
07.12.2008 17:06:47 - found: Cookie Cookie (26)
07.12.2008 17:06:47 - ##### check finished #####

--- Report generated: 2008-12-07 17:06 ---

Hint of the Day: Click the bar at the right of this to see more information! ()


Common Dialogs: History (12 files) (Registry key, fixed)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: SchedLgU.Txt (Backup file, fixed)
C:\WINDOWS\SchedLgU.Txt

Log: Install: setupact.log (Backup file, fixed)
C:\WINDOWS\setupact.log

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, fixed)
HKEY_USERS\S-1-5-21-2187618736-2042299109-634187873-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (4 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2187618736-2042299109-634187873-1003\Software\Microsoft\Office\11.0\Excel\Recent Files

MS Office 11.0 (Excel): [SBI $397BF56C] Recent template list (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-2187618736-2042299109-634187873-1003\Software\Microsoft\Office\11.0\Excel\Recent Templates

MS Regedit: [SBI $C3B62FC1] Recent open key (Registry change, fixed)
HKEY_USERS\S-1-5-21-2187618736-2042299109-634187873-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey

History: [SBI $49804B54] History (21) (History, fixed)


Cookie: [SBI $49804B54] Cookie (26) (Cookie, fixed)


Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-08-28 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2008-11-04 Includes\Adware.sbi (*)
2008-11-25 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2008-11-18 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-11-18 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2008-12-03 Includes\MalwareC.sbi (*)
2008-11-03 Includes\PUPS.sbi (*)
2008-12-02 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-11-04 Includes\Spyware.sbi (*)
2008-12-02 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti (*)
2008-11-04 Includes\Trojans.sbi (*)
2008-12-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Galceran
2008-12-07, 20:21
AVG enabled. Teatimer disabled, nothing else open or running.

07.12.2008 17:30:09 - ##### check started #####
07.12.2008 17:30:09 - ### Version: 1.6.0
07.12.2008 17:30:09 - ### Date: 07 Dec 2008 17:30:09
07.12.2008 17:30:12 - ##### checking bots #####
07.12.2008 18:16:24 - ##### checking usage tracking #####
07.12.2008 18:16:24 - found: Log Activity: SchedLgU.Txt SchedLgU.Txt
07.12.2008 18:16:43 - found: History History (6)
07.12.2008 18:16:43 - found: Cookie Cookie (8)
07.12.2008 18:16:43 - ##### check finished #####

Reported 3 problems fixed at 18:16:49

Galceran
2008-12-07, 21:49
Greyfox

Avg and Teatime enabled. Nothing else open or running.

07.12.2008 18:25:09 - ##### check started #####
07.12.2008 18:25:09 - ### Version: 1.6.0
07.12.2008 18:25:09 - ### Date: 07 Dec 2008 18:25:09
07.12.2008 18:25:12 - ##### checking bots #####
07.12.2008 19:13:00 - ##### checking usage tracking #####
07.12.2008 19:13:00 - found: Log Activity: SchedLgU.Txt SchedLgU.Txt
07.12.2008 19:13:21 - found: History History (3)
07.12.2008 19:13:21 - found: Cookie Cookie (4)
07.12.2008 19:13:21 - ##### check finished #####

Reported 3 problems fixed at 19:13:35

So the last scan is 48mins. I noted ZLOB.Downloader.BS slowed as usual but Spybot stepped on to the next process after 20secs, not the 3 or 4min wait first experienced.
However, I rescheduled the times for Spybot to run (3 times) in Task Scheduler, I did not right clik and select Run. Thought it best to have it start some 4 or 5mins after I rescheduled. What came to light as I checked all the Task Scheduler tabs was the Settings tab - Stop the task if it runs for 1 hour 10mins.

This goes back 9 months when I had the max time taken over a week for each task. Added 5mins to each max time before the next task start time.

This explains why Spybot shut down. I suspect ZLOB.Downloader.BS was being being scanned at the Stop task time, which is why it hung for 4 or 5 mins before finishing and shutting down.

I will now reschedule the Spybot scan for 2155hrs and AVG at 2255hrs allowing about 13mins between the two. I shall post that result tomorrow 1000GMT

Thanks
Galceran

Galceran
2008-12-08, 11:59
Greyfox

AVG and Teatimer enabled. Task scheduler set Spybot to run at 2156hrs and AVG at 2255. Log entries:

07.12.2008 21:56:31 - ##### check started #####
07.12.2008 21:56:31 - ### Version: 1.6.0
07.12.2008 21:56:31 - ### Date: 07 Dec 2008 21:56:31
07.12.2008 21:56:34 - ##### checking bots #####
07.12.2008 22:43:22 - ##### checking usage tracking #####
07.12.2008 22:43:22 - found: Common Dialogs History 10 files
07.12.2008 22:43:22 - found: Log Activity: SchedLgU.Txt SchedLgU.Txt
07.12.2008 22:43:32 - found: MS Office 11.0 (Excel) Recent file list 2 files
07.12.2008 22:43:41 - found: History History (23)
07.12.2008 22:43:41 - found: Cookie Cookie (10)
07.12.2008 22:43:41 - ##### check finished #####

Extract from second log:

--- Report generated: 2008-12-07 22:43 ---

Hint of the Day: Click the bar at the right of this to see more information! ()


Common Dialogs: History (10 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

MS Office 11.0 (Excel): [SBI $8DAB8D88] Recent file list (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2187618736-2042299109-634187873-1003\Software\Microsoft\Office\11.0\Excel\Recent Files

History: [SBI $49804B54] History (23) (History, nothing done)


Cookie: [SBI $49804B54] Cookie (10) (Cookie, nothing done)


Congratulations!: No immediate threats were found. ()


AVG ran at 2255.

Is this all ok now?

Thanks
Galceran

Greyfox
2008-12-08, 13:45
Is this all ok now?


Looks OK to me, and no doubt you are happy to see it working as it should.
You might want to increase the gap a bit more to play safe (scan could extend with extra temporary files) and review from time to time if the rate of new nasties continues to ramp up like it has recently. Hopefully version 2 will provide some relief.

I think we can mark this one solved.

Galceran
2008-12-08, 16:09
Fine. I will increase the gap between Spybot and AVG and watch it.

Thanks for your patience and very helpful advice which solved the problem

Regards
Galceran