Scan Report help please.

[championskill]

Hi,

 

I would like to know if there's any thing I should have in this report. I can't post it all because the forum saids its too long. Therefore, I've attached it to my message. Thanks for you time in advance.

log.txt

[solbjerg]

Hi championskill

If you save the report, then zip it I am sure it will be easy to attach to your post.

Take a look at the information about attachments in Usage of IObit Products

Link provided in my signature

 

Cheers and welcome

solbjerg

 

 

Hi,

 

I would like to know if there's any thing I should have in this report. I can't post it all because the forum saids its too long. Therefore, I've attached it to my message. Thanks for you time in advance.

[enoskype]

Hi championskill,

 

What is your complaint?

 

Cheers

[Melvin_Deal]

Hi championskill.

 

Read this concerning spybot: http://www.pcmag.com/article2/0,2817,2261193,00.asp

 

If your complaint is slow system, then manage/limit your start up programs and ditch the toolbar.

 

-Mel

[enoskype]

Hi Mel, that article is too old and I am still using SS&D on XP pro sp3 with good results and Tea Timer saved me couple of times from big disasters.

 

Cheers.

[Mongoose]

You can send your results here, http://www.hijackthis.de/ and they will analyze them for you.

[So_sad]

@Mongoose : HijackThis automated analyzers should be avoided. They cannot truely reflect the nature of some lines, can throw false positives, but the usual problems we have with them is the absence of detections on some real malware that they miss entirely. When you suspect the presence of malware on your machine, it's always best to ask real people for advice.

 

=============

 

Something's weird in the HijackScan. It's either a bug with the program, or...

 

Running processes:

-

-

-

C:\Program Files\Spybot

-

-

C:\Program Files\Spybot

-

-

That's not right. The list is for active processes, and we're seeing what appears to be a folder here ("Spybot") and not a process (executable file). Either HijackScan is reporting it wrong, or that "Spybot" is really a sneaky executable file.

 

And this one :

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown - C:\Program Files\Spybot.dll

 

Again, this isn't right. "Spybot.dll" isn't a Spybot file, as far as I know.

The Service "SBSDWSCService" does exist, but should point to the following file :

 

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

 

http://www.systemlookup.com/O23/2808-SDWinSec_exe.html

 

======

 

So... we either have a misread from HijackScan, or a nasty.

 

championskill : can you have that Spybot.dll analyzed at VirusTotal for us please ? It's really easy. Just go here :

 

http://www.virustotal.com

 

> Once there, click on "Browse" and look for this file :

 

C:\Program Files\Spybot.dll

 

> Double-click on it to select it, then click on "Send File"

> If the servers are busy, you might be put in a queue ; please wait for your turn

> They may say your file has already been analyzed and offer you two choices : choose to have the file analyzed again.

> Once done, just copy/paste the link (URL) from the VirusTotal page here on the forum.

 

===

===

[Melvin_Deal]

Aye Enoskype!

 

The article is two years old. XPsp2 and vista (no sp, at the time vista was beleagured).

 

There are excessive svc files in that log. More than appears are called for (there are apparent replications in a couple of services). As we cannot see what came on at startup, and what was started later, or how long the machine was run without being cleansed, (put our hands on the system), I hope the secondary apps will be shutdown, reboot, and then we can compare the fresh logs with the old ones.

 

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

 

There are more.

 

If you find the softwares previously mentioned to be useful today, then by all means continue! I cannot second guess!

 

-Mel

 

 

 

Thank you So_Sad. It is Weird.

[So_sad]

@Mel :

 

I'm not sure, but I think you mentionned there seems to be too many svchost.exe showing in the log ; it's normal to see 6 or 7 on XP boxes, and 9 or more on Vista / Win7 boxes.

 

Those Spybot entries may not even be related to SpyBot Search & Destroy ; they could be fake, so let's wait for our friend championskill to tell us if he has SpyBot on the machine and then we can look at the VirusTotal report.

 

Perhaps HijackScan cannot list the .dll extension in the list of active processes so that could explain the lines :

 

C:\Program Files\Spybot (no extension)

 

No SpyBot Search & Destroy files would sit directly in %ProgramFiles%, because the program has its own sub directory (folder).

%ProgramFiles% is a parent directory for programs, not a direct "home" for them.

 

My gut tells me this could be a sneaky program, designed to elude detection by using familiar file names, not typical malware. Monitoring software perhaps ? Wouldn't suprise me...

 

===

 

I hope our member comes back.

 

===

===

[jelrikj]

Reply

 

Hello

 

i think there is nothing wrong with your computer

and about Spybot KEEP IT The Very New! Version 2.0 is coming soon :mrgreen:

 

http://twitter.com/SpybotSD

[So_sad]

Hi jelrikj ;

 

Hello

 

i think there is nothing wrong with your computer

and about Spybot KEEP IT The Very New! Version 2.0 is coming soon :mrgreen:

 

Do you know what "C:\Program Files\Spybot.dll" is ?

If you do, I'm all ears ;-)

 

===