PDA

View Full Version : Anti-Malware Programs Freeze



KMunzta
2005-12-05, 01:53
I do have windows Xp wih sp2 pentium 4. Im not exactly sure what HTT is. But i do have a CPU usage and the CPU usage history. I am running spybot 1.4 and everything is currently up to date.

Prior to spybot freezing i have had no problems with random popups or any ads. Also I did not see any difference in the performance of my computer. I did notice sluggishness of web pages and after spybot began freezing about two weeks ago, my computer did start to slow down and it still does. I also run adaware se and yahoo anti-spy that comes with my internet software. Also i have NortonSystem works 2003, i did a full pc scan and it did not detect any virus (yes everything was up to date) I went through the one button checkup and at the windows registry scan it found some errors, and it automatically fixed them. I scanned again right after doing so and it said 0 errors found. They were invalid activex/com entries. I also did the usual, erased all cookies, internet files and history. I ran speed disk, defragment, disk doctor and quick clean (all with the norton) I also tried running mcafee online virus scan, and that froze as well. We went away for a few days unexpectedly and forgot all about shutting down the comp. before we hurried to the train and when we got back norton had said it detected a virus trojan.vundo This was about a month ago. My brothers wife's stepdad is a computer wiz and had taken the computer for a week or so and fixed everything for us. He got us the norton systemworks before that we had the anti virus and firewall. When we got the pc back everything worked as good as new

KMunzta
2005-12-05, 01:53
My HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 6:50:30 PM, on 12/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\AOL\1133326698\ee\AOLSoftware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\aol\1133326698\ee\aim6.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133326698\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4642/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

KMunzta
2005-12-05, 01:54
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

KMunzta
2005-12-06, 05:42
*just a bump*

LonnyRJones
2005-12-06, 16:38
Hi

Which antimaleware programs freeze ?
"They were invalid activex/com entries."

Using Spybot system internals scan ?


"When we got the pc back everything worked as good as new"
Confused, so now there are problems ?

In task manager preformance are there two or three graphs ?

KMunzta
2005-12-07, 03:20
Spybot and mcafee online virus scan are the programs that freeze. Adaware se and yahoo anti spy both work fine. I got the invalid active x with Norton Systemworks one button checkup during the windows registry scan, not spybot. In the task manager performance I get CPU Usage History and Page File Usage History.

LonnyRJones
2005-12-07, 03:57
Hi

Please run SpyBot while in safe mode and see if there are still problems with it freezing. ?

How long has yahoo antispy been installed ?

KMunzta
2005-12-07, 04:08
The yahoo antispy has been installed since the beginning of november. Could you please tell me how to run spybot in safe mode? I know how to get into the safe just not how to have spybot run. Thanks

LonnyRJones
2005-12-07, 04:21
Once if safe mode just run it and check for problems, same as in a normal windows session.

Might be a good idea to run other scans there to, But one at a time.

KMunzta
2005-12-07, 05:22
Thanks for the reply. After running spybot in safe mode it got about halfway through the scan and then froze. I also ran adaware and yahoo, both ran fine and found nothing.

KMunzta
2005-12-07, 05:56
I got a free 5 day trial of mcafee antispyware with dell, so i downloaded it. It did not detect anything during the scan. Then I got this from norton:

Alert: Malicious Script detected
Object: filesystem object
Activity: Get folder

Your computer is halted and needs to do something about this script.

File: MsiExec.exe

What do you want to do?

Then it listed options and I clicked "stop this script from running (reccomended)"

LonnyRJones
2005-12-07, 10:41
Franky i would turn off nortons script blocking from within its options

Sorry to here SSD is still freezing, i think its a matter of to many resident type protection programs, and now yet another "mcafee antispyware"

KMunzta
2005-12-07, 11:23
ok well thanks. I figured mcafee might find something the other programs hadn't. so then you are reccomending that i uninstall the yahoo and mcafee?

LonnyRJones
2005-12-07, 14:27
My guess is yahoos programs are cousing conflicts

KMunzta
2005-12-08, 05:50
Ok well i uninstalled the yahoo and i'll try to rescan with spybot and let you know how it goes. Last night my internet brower suddenly closed i and recieved an error saying it had suddenly stopped responding. right after that i recieved an error saying drwatson postmortem debugger has encountered an error and needed to close.

KMunzta
2005-12-08, 06:04
Alright, spybot still froze. This time it got abut 3/4 done. It stopped at 22489/32232: c2.lop

bitman
2005-12-08, 09:37
Good guess Lonny, looks like multiple issues.

KMunzta: Try this:

In Spybot click Mode>Advanced to switch to Advanced mode and answer Yes to the question.
Click the Settings button on the lower left pane.
Click File Sets near the upper left.
In the reight pane uncheck all but the last two; Spybots.sbi and Trojans.sbi


Make sure Yahoo is still uninstalled.
Now return to the Spybot S&D menu (button at upper left) and run a scan.

What happens?

KMunzta
2005-12-08, 22:29
after doing as you suggested it did finish the scan without freezing and i got "congratulations no immediate threats were found"

bitman
2005-12-09, 00:17
OK, that's because we skipped most of the scans ahead of the group contianing C2.lop which avoided the issue somehow, which I thought might happen.

How much more time we spend on this depends mostly on you, since you'll need to perform the experiments. There's still a couple theories that fit, though this seems to have at least partially proven them.

The fact that you can test through the Spybots.sbi detections containing C2.lop seems to indicate that it isn't these detections themselves that are failing, since they're no longer freezing at that point. This also makes it unlikely that some other specific anti-malware program is interfering like Yahoo appeared to be.

However, it is still possible, though unlikely that another previous detection is helping 'set up' for the C2.lop freeze to occur. The only way I can see to confirm this is to contimue to add back in the other detections tests by working backwards and checking each .sbi file one at a time and running a scan.

Once it does freeze, and I believe it eventually will, try unckecking all tests except the last one checked that 'triggered' the freeze and the Spybots.sbi itself of course. If this still freezes, try one last test please. Turn off the computer, leave it for a half hour (dinner time) come back and re-run that test one more time. We want to know if it's really just the two .sbi groups, all of them together or just a build-up over time that's creating this.

As I said, a bit of work on your part, but you only need to return and post after you've tried most or all of it. Jot down results so you remember them and especially let us know if anything un-expected happens like freezing in some other detection. You've done a great job of indicating exactly where it's freezing to this point.

Thanks for helping track this down.
Bitman

Oh, one other thing, something I meant to ask that I forgot. What exactly are the specs of your computer; CPU & Speed, RAM, is it XP Home or Pro?

KMunzta
2005-12-09, 01:46
There is not a problem with me doing what you just mentioned. Its XP home edition CPU is 2.80ghz 512mb of ram and i believe the speed is 2.80ghz as well (system properties) I'll check those scans out and get back to you.

KMunzta
2005-12-09, 04:07
Ok well I ran each scan individually and did not run across any problems. So I did a full scan and the computer froze at 17706/32232: keenvalue.euniverse.myfreecursors I did the tracks.uti scan and it said "congratulations no immediate threats were found" but then it said below that 51 problems found. This is what I got:

Cache: 1 entry
Cookie: 1 entry
Internet Explorer: 5 entries
Log: 22 entries
MS Direct Draw: 1 entry
MS Media Player: 4 entries
MS Search Assistant: 1 entry
Windows Explorer: 5 entries
Windows Media sbk: 9 entries
Windows Open With: 1 entry
Windows: 1 entry

I did not click to fix any of these problems found, I didnt know if that was okay or not. Although I did print out all of the results.

bitman
2005-12-09, 08:16
Unless Spybot is identifying some piece of malware/spyware, I really don't care what the results are other then freeze or finish, basically pass/fail. I also don't want to confuse things with tracks, which I don't believe is the problem here, unless you can get it to freeze in the tracks scan itself.

I am assuming here that you've left it for at least a few minutes when it freezes to make sure it really is frozen and just not slow? I can't recall if you ever left it long enough to find out, so let me know when you post again.

What I'd like you to try next will sound strange, and it is. This is for testing purposes only and should be reversed once testing is completed.

Open either Windows Explorer or My Computer
Browse to the 'C:\Program Files\Spybot - Search & Destroy\Includes' folder
Right click on the Spybots.sbi file and make a copy by dragging it to a white part of the box
When you let go of the file click 'Copy Here'
Make a couple more of these copies of Spybots.sbi the same way
Start (or close and restart) Spybot S&D and go to the File Sets screen
Check all of the [Copy of] Spybots.sbi boxes and uncheck all other filenames

Run a scan and report what happens, including the information as usual if it freezes.

You can just uncheck the copies after the test and leave them to delete later in case we want them again.

KMunzta
2005-12-09, 08:42
Well I don't see spybots.sbi so i assume you mean spybots spyware include file? If so, the scan went fine, no threats nor did it freeze. And yes I do leave it for a few minutes after it freezes and it doesnt do anything, I cant do anything. Should I just fix the problems then that the tracks found?

bitman
2005-12-10, 20:29
Well, that wasn't exactly what I expected, but it's why were doing a complete set of tests rather then just skipping to an assumed conclusion.

Tracks; do you know what they really are? All of the lists of filenames when you click Open in programs like your word processor, the list of sites visited when you start typing in the IE Address Bar, the list in the Start Menu, Run box and even the Recent Documents list. Also, any passwords you've told IE to remember. Do you really want to clear all of these things?

These aren't really 'bad', just things you may not want others to know. Up to you, but I've never used it myself. Oh, and it also clears all cookies if you haven't gone into Advanced Mode, Settings, Ignore Cookies, and told it which ones to save. If you've told web sites to remember things like a username, or what color or font you prefer, they're usually stored in these cookies.

Right now I'd like to confirm all your Spybot and other files are up to date. Please do the following to get the portions of a full report that will show this.

Just run another scan that will complete since a successful scan is all that's needed, we don't really care what the resilts are. Then, right-click in the results screen and select 'Save full report to file...' and save it where you can easily find it. Open the file itself by double clicking and copy everything from the beginning up to the 'Startup entries list' section heading, but not the start-ups themselves. Paste this into your next post.

KMunzta
2005-12-13, 05:52
Here they are, as for the updates, everything is currently up to date. This was scanned with just copyofspybots.sbi


--- Search result list ---
Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-12-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-12-09 Includes\Cookies.sbi
2005-12-02 Includes\Copy (2) of Spybots.sbi
2005-12-02 Includes\Copy (3) of Spybots.sbi
2005-12-02 Includes\Copy (4) of Spybots.sbi
2005-12-02 Includes\Copy of Spybots.sbi (*)
2005-12-09 Includes\Dialer.sbi
2005-12-09 Includes\Hijackers.sbi
2005-12-09 Includes\Keyloggers.sbi
2005-12-09 Includes\Malware.sbi
2005-12-09 Includes\PUPS.sbi
2005-12-09 Includes\Revision.sbi
2005-12-09 Includes\Security.sbi
2005-12-09 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-12-09 Includes\Trojans.sbi



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB885855
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB887797
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Security Update for Windows XP (KB896688)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Update for Windows XP (KB900930)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)

LonnyRJones
2005-12-19, 20:22
Hi KMunzta

Try this please, close SpyBot if open then delete the contents of the Includes folder, 'C:\Program Files\Spybot - Search & Destroy\Includes' folder
Run SpyBot check for updates, get them all, then check for problems with spyware only checked, any problems ? do a check with just the tracts selected then one with all checks and let us know what happens.

KMunzta
2005-12-20, 18:25
I've done as you suggested. There were no problems running just the spyware check, but it wouldn't let me do just the tracks by itself. When I did the scan with both of them checked it found 9 log errors. No freezing at this point.

LonnyRJones
2005-12-26, 13:57
KMunzta

All i can think to suggest is to use a program such as System Security Suite.
then run vairious combinations of check with SSD to see if that helped
http://www.igorshpak.net/
If that site is unavailable use this link please
http://forums.subratam.org/index.php?act=Attach&type=post&id=25013
Extract it from the zip file and run setup.exe
after the install you can delete setup.exe and the downloaded zip file
Start the program Check all the boxes under the 'Items to Clear' (clear cookies to) tab and click
'Clear Selected Items'. You will be prompted to reboot, do so.

tashi
2005-12-30, 18:19
This topic will be archived.
If you need it re-opened please send a message to myself or Lonny with a link to this thread.