Spybot S&D Not Getting the Job Done Anymore

Al_CapownAl_Capown Indiana
edited June 2004 in Science & Tech
For quite sometime now Spybot has not reported any spyware on my computer. Nor has it given me any new updates. I'd say for a good 2 months now nothing has changed and I'm growing somewhat suspicious that either support for spyware has dropped or something on my computer is messing with the program.

My basic question is... do you think something is wrong with my computer? are others experiencing the same thing?

HJT Log:
Logfile of HijackThis v1.97.7
Scan saved at 1:59:04 AM, on 6/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Documents and Settings\Al_Capown\My Documents\folding\fah4console\FAH4Console.exe
C:\Documents and Settings\Al_Capown\My Documents\folding\fah4console\FahCore_78.exe
C:\Program Files\Motherboard Monitor 5\DLL\display.dll
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\AL_CAP~1\LOCALS~1\Temp\Rar$EX00.737\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - Startup: Shortcut to FAH4Console.lnk = C:\Documents and Settings\Al_Capown\My Documents\folding\fah4console\FAH4Console.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37911.7106597222
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab

Comments

  • TheBaronTheBaron Austin, TX
    edited June 2004
    no, thats extremely clean. however you can remove the blank link to D-Link Airplus
  • DexterDexter Vancouver, BC Canada
    edited June 2004
    Spybot has not done any updates for a while. I have heard some rumours that they are focusing on a new release, and may not be doing updates for some time on the current free version. Here's hoping they keep a free version of any new release if this is true, though it is definitely a tool worth paying for.

    Dexter...
  • Al_CapownAl_Capown Indiana
    edited June 2004
    I saw a thread that someone made on running folding@home as a service and I decided, since my dad or cousin usually close the console to set the P4C and 2400-M to run as services to boost my production (which has been to say the least lacking). So I got on my P4 and I see weatherbug... WTF? And my dad tells me that I need to install an antivirus program if I want my computer to be clean? Anyways I ran spybot and it deleted a few things but I'm not sure if my system is clean yet.

    So here's another log:

    Logfile of HijackThis v1.97.7
    Scan saved at 2:42:18 AM, on 6/13/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\GEARSEC.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Documents and Settings\Administrator\My Documents\F@H\CPU0\FAH4Console1.exe
    C:\Documents and Settings\Administrator\My Documents\F@H\CPU1\FAH4Console2.exe
    C:\Documents and Settings\Administrator\My Documents\F@H\CPU1\FahCore_78.exe
    C:\Documents and Settings\Administrator\My Documents\F@H\CPU0\FahCore_65.exe
    C:\Program Files\Spybot - Search & Destroy 1.1\SpybotSD.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.812\HijackThis.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - Startup: Shortcut to FAH4Console1.lnk = C:\Documents and Settings\Administrator\My Documents\F@H\CPU0\FAH4Console1.exe
    O4 - Startup: Shortcut to FAH4Console2.lnk = C:\Documents and Settings\Administrator\My Documents\F@H\CPU1\FAH4Console2.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: WeatherBug (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\AutoCAD 2000i\AcDcToday.ocx
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37936.4282060185
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\AutoCAD 2000i\AcPreview.ocx
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff Icrontian
    edited June 2004
    Nothing in there looks bad. If you're worried, give it another runthrough with Ad-Aware.

    Spybot hasn't been updated since May 29, but Ad-Aware updates at least twice a week.
  • RADARADA Apple Valley, CA Member
    edited June 2004
    Al,

    I see your still using SB S&D Ver. 1.1. Dex is right, the SB people are putting their efforts into new releases.

    I've been using SpyBot 1.3 for about 3 weeks or so. I've already downloaded 2 definition updates. Version 1.3 looks for over 14,500 known (spyware/adware) products.

    One word of caution with 1.3, it is VERY agressive at stopping/removing cookies. If you use an internet webmail source (excite.com, hotmail, yahoo), you may have to do some trial-and-error tweaking of the settings to regain access to your online email accounts, after you immunize your machine. Most webmail sources have minor tracking cookies associated with these accounts, and since SB 1.3 won't allow the cookie through, so you can't get to your mail box!

    If you have any questions about 1.3, I'll be happy to help if I can.
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited June 2004
    I accidentally installed 1.2 the other day and they do not offer definition updates for it anymore. You have to have the latest release to get updates. Download 1.3 and see what it says.
  • LincLinc Owner Detroit Icrontian
    edited June 2004
    Yup, 1.3 is the ticket :) They should've put an update out for 1.2 called "Update to 1.3" or something to clue people in better.
  • Straight_ManStraight_Man Geeky, in my own way Naples, FL Icrontian
    edited June 2004
    Definitely SpyBot S&D 1.3 is much better. Well worth the download. CNET's download.com has it, it should be in the download area here (AFAIK it is there), so technically you do not need to even go to the site for it anymore in order to get it. The new 1.3 release is still freeware, although actually you could call it donationware as if you choose you can send a donation to the authors of SpyBot S&D.

    One reason 1.2 might not update, is that the URL for SpyBot S&D's home has changed. 1.3 has the new web home right, it DOES update defs right.
Sign In or Register to comment.