PDA

View Full Version : Spybot SD won't run, freezes



poncho93
2009-07-24, 20:30
I cannot open Spybot SD with any of the the tips that Matt, the Spybot Forums Helper, recommended. I've tried running the screensaver, changing the spybotsd.exe name, running spybot in safe mode. I uninstalled Spybot SD after Kaspersky told me I needed to. I have run a number of different online virus/spyware/malware scanners. I have run MAM, Ad-Aware, and Superantispyware and still my problem persists. When I double-click on the spybot application I get the small hourglass and then nothing. When I try to click on anything else in the desktop my computer freezes. Your help is greatly appreciated. Thank you and let me know if you require any more information.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:04 AM, on 7/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWSB\System32\smss.exe
C:\WINDOWSB\system32\winlogon.exe
C:\WINDOWSB\system32\services.exe
C:\WINDOWSB\system32\lsass.exe
C:\WINDOWSB\system32\svchost.exe
C:\WINDOWSB\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWSB\system32\brsvc01a.exe
C:\WINDOWSB\system32\brss01a.exe
C:\WINDOWSB\system32\spoolsv.exe
C:\WINDOWSB\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWSB\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWSB\system32\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Dean Serrano.DEAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Dean Serrano.DEAN\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWSB\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWSB\System32\dmadmin.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWSB\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWSB\System32\svchost.exe
C:\Documents and Settings\Dean Serrano.DEAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dean Serrano.DEAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dean Serrano.DEAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - .DEFAULT Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE (User 'Default user')
O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWSB\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240676540629
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248390001861
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) - http://quickscan.bitdefender.com/cab/ActiveQscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWSB\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWSB\system32\brsvc01a.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c8e2f39029b09e) (gupdate1c8e2f39029b09e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 11012 bytes

Shaba
2009-07-25, 12:12
Hi poncho93

Download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop.
alternate download site (http://hype.free.googlepages.com/gmer.zip)

Unzip/extract the file to its own folder. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure. Win 2000 users click here (http://www.bleepingcomputer.com/tutorials/tutorial106.html).
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Run Gmer again and click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE (http://www.bleepingcomputer.com/forums/tutorial61.html)"
Important! Please do not select the "Show all" checkbox during the scan..

poncho93
2009-07-25, 20:40
Shaba,
thank you for your help. I am running gmer right now. I'll post the results when the scan is complete.

poncho93

poncho93
2009-07-26, 02:01
Shaba,
Here are the results. Let me know if you need anything else.

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-25 15:59:42
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT 82EA8630 ZwAssignProcessToJobObject
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF86C687E]
SSDT 82EA7A60 ZwOpenProcess
SSDT 82EA7E80 ZwOpenThread
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF86C6BFE]
SSDT 82EA8460 ZwSuspendProcess
SSDT 82EA8280 ZwSuspendThread
SSDT 82EA7C90 ZwTerminateProcess
SSDT 82EA80B0 ZwTerminateThread

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 8 Bytes JMP EA828082
.text ntoskrnl.exe!_abnormal_termination + 450 804E2AAC 8 Bytes JMP EA80B082

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[208] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\a-squared Free\a2service.exe[1784] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes CALL 0045493D C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93C080 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93C110 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!_aligned_free 77C29E33 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!_aligned_malloc 77C29E52 5 Bytes JMP 0A93BFC0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!_aligned_realloc 77C29FC6 5 Bytes JMP 0A93C000 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!_expand 77C29FE5 5 Bytes JMP 0A93BFA0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93C160 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93C170 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93C191 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93C260 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93C230 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!_msize 77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!calloc 77C2C0C3 5 Bytes JMP 0A93BE50 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!free 77C2C21B 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!malloc 77C2C407 5 Bytes JMP 0A93BE10 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[2304] MSVCRT.dll!realloc 77C2C437 5 Bytes JMP 0A93BE90 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[356] @ C:\WINDOWSB\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02072F20] C:\WINDOWSB\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[356] @ C:\WINDOWSB\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02072C90] C:\WINDOWSB\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[356] @ C:\WINDOWSB\system32\kernel32.dll [ntdll.dll!NtClose] [02072CF0] C:\WINDOWSB\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[356] @ C:\WINDOWSB\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02072CC0] C:\WINDOWSB\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWSB\Explorer.EXE[1708] @ C:\WINDOWSB\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C82F20] C:\WINDOWSB\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWSB\Explorer.EXE[1708] @ C:\WINDOWSB\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C82C90] C:\WINDOWSB\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWSB\Explorer.EXE[1708] @ C:\WINDOWSB\system32\kernel32.dll [ntdll.dll!NtClose] [00C82CF0] C:\WINDOWSB\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWSB\Explorer.EXE[1708] @ C:\WINDOWSB\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C82CC0] C:\WINDOWSB\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[1852] @ C:\WINDOWSB\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00FA2F20] C:\WINDOWSB\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[1852] @ C:\WINDOWSB\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00FA2C90] C:\WINDOWSB\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[1852] @ C:\WINDOWSB\system32\kernel32.dll [ntdll.dll!NtClose] [00FA2CF0] C:\WINDOWSB\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[1852] @ C:\WINDOWSB\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00FA2CC0] C:\WINDOWSB\TEMP\logishrd\LVPrcInj02.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

---- Threads - GMER 1.0.15 ----

Thread System [4:312] 82EA6790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWSB\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWSB\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWSB\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWSB\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWSB\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWSB\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWSB\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWSB\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWSB\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWSB\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWSB\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWSB\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----

Shaba
2009-07-26, 12:31
Please download DDS (http://download.bleepingcomputer.com/sUBs/dds.scr) and save it to your desktop.
Disable any script blocking protection Double click dds.scr to run the tool. When done, DDS.txt and Attach.txt will open.
Save both reports to your desktop.

Please copy/paste the contents of the following reports in your next reply:

DDS.txt
Attach.txt

poncho93
2009-07-27, 01:53
Shaba,
Here are the results. Let me know if you require anything else.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Dean Serrano at 15:49:20.23 on Sun 07/26/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.191 [GMT -7:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWSB\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWSB\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWSB\system32\spoolsv.exe
C:\WINDOWSB\system32\brss01a.exe
C:\WINDOWSB\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWSB\system32\atiptaxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Dean Serrano.DEAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Documents and Settings\Dean Serrano.DEAN\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWSB\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWSB\System32\svchost.exe -k imgsvc
C:\WINDOWSB\System32\dmadmin.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWSB\System32\svchost.exe -k HTTPFilter
C:\WINDOWSB\system32\wuauclt.exe
C:\Documents and Settings\Dean Serrano.DEAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Documents and Settings\Dean Serrano.DEAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe
C:\WINDOWSB\system32\wscntfy.exe
C:\Documents and Settings\Dean Serrano.DEAN\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\dean serrano.dean\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [AtiPTA] atiptaxx.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [MoneyStartUp10.0] "c:\program files\microsoft money\system\Activation.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\deanse~1.dea\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\deanse~1.dea\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
StartupFolder: c:\docume~1\deanse~1.dea\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Add to Google Photos Screensa&ver - c:\windowsb\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
DPF: Microsoft XML Parser for Java - file://c:\windowsb\java\classes\xmldso.cab
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240676540629
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248390001861
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://quickscan.bitdefender.com/cab/ActiveQscan.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windowsb\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\deanse~1.dea\applic~1\mozilla\firefox\profiles\2odavc14.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/
FF - plugin: c:\documents and settings\dean serrano.dean\application data\mozilla\firefox\profiles\2odavc14.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\dean serrano.dean\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windowsb\system32\drivers\Lbd.sys [2009-7-23 64160]
R1 ehdrv;ehdrv;c:\windowsb\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windowsb\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-7-23 719392]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windowsb\system32\drivers\ousbehci.sys [2008-3-3 45696]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windowsb\system32\drivers\ousb2hub.sys [2008-3-3 56960]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 gupdate1c8e2f39029b09e;Google Update Service (gupdate1c8e2f39029b09e);c:\program files\google\update\GoogleUpdate.exe [2008-7-17 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
S3 wldel48b;Dell TrueMobile 1150 Series PCCard Driver;c:\windowsb\system32\drivers\wldel48b.sys [2009-6-8 171520]

=============== Created Last 30 ================

2009-07-24 17:30 3,555,328 a------- c:\windowsb\system32\dllcache\moviemk.exe
2009-07-24 14:19 382,464 -------- c:\windowsb\system32\_004520_.tmp.dll
2009-07-24 14:19 2,897,920 -------- c:\windowsb\system32\_004519_.tmp.dll
2009-07-24 14:04 27,496 a------- c:\windowsb\system32\mucltui.dll.mui
2009-07-24 14:04 268,648 a------- c:\windowsb\system32\mucltui.dll
2009-07-24 12:50 15,688 a------- c:\windowsb\system32\lsdelete.exe
2009-07-24 10:22 <DIR> --d----- c:\program files\Trend Micro
2009-07-24 09:01 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-24 00:49 246,272 -c------ c:\windowsb\system32\dllcache\ieproxy.dll
2009-07-24 00:49 12,800 -c------ c:\windowsb\system32\dllcache\xpshims.dll
2009-07-24 00:49 1,985,024 -c------ c:\windowsb\system32\dllcache\iertutil.dll
2009-07-24 00:49 11,064,832 -c------ c:\windowsb\system32\dllcache\ieframe.dll
2009-07-24 00:29 <DIR> --d----- c:\docume~1\deanse~1.dea\applic~1\QuickScan
2009-07-24 00:28 <DIR> --dsh--- c:\documents and settings\dean serrano.dean\IECompatCache
2009-07-23 21:16 64,160 a------- c:\windowsb\system32\drivers\Lbd.sys
2009-07-23 21:13 <DIR> -cd-h--- c:\docume~1\alluse~1.win\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-23 20:14 <DIR> --d----- c:\windowsb\system32\scripting
2009-07-23 20:14 <DIR> --d----- c:\windowsb\l2schemas
2009-07-23 20:14 <DIR> --d----- c:\windowsb\system32\en
2009-07-23 20:14 <DIR> --d----- c:\windowsb\system32\bits
2009-07-23 20:05 <DIR> --d----- c:\windowsb\network diagnostic
2009-07-23 19:59 382,464 -------- c:\windowsb\system32\_004482_.tmp.dll
2009-07-23 19:59 2,897,920 -------- c:\windowsb\system32\_004481_.tmp.dll
2009-07-23 19:57 983,552 -------- c:\windowsb\system32\_004435_.tmp.dll
2009-07-23 19:29 438,784 a------- c:\windowsb\system32\SET1279.tmp
2009-07-23 19:28 474,112 a------- c:\windowsb\system32\SETCB1E.tmp
2009-07-23 19:27 997,376 a------- c:\windowsb\system32\SETCC2C.tmp
2009-07-23 19:26 265,728 a------- c:\windowsb\system32\SETCCC0.tmp
2009-07-23 18:33 <DIR> --d----- c:\docume~1\deanse~1.dea\applic~1\Malwarebytes
2009-07-23 18:33 38,160 a------- c:\windowsb\system32\drivers\mbamswissarmy.sys
2009-07-23 18:32 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-07-23 18:32 19,096 a------- c:\windowsb\system32\drivers\mbam.sys
2009-07-23 18:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-23 15:16 <DIR> --d----- c:\program files\a-squared Free
2009-07-23 15:10 <DIR> --d----- c:\documents and settings\dean serrano.dean\.housecall6.6
2009-07-23 14:09 <DIR> --d----- c:\program files\SequoiaView
2009-07-23 13:34 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-07-23 13:34 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-23 13:34 <DIR> --d----- c:\docume~1\deanse~1.dea\applic~1\SUPERAntiSpyware.com
2009-07-22 21:45 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Kaspersky Lab Setup Files
2009-07-22 16:52 <DIR> --d----- c:\program files\ESET
2009-07-22 16:35 <DIR> --d----- c:\docume~1\deanse~1.dea\applic~1\AVG8
2009-07-21 15:43 55,640 a------- c:\windowsb\system32\drivers\avgntflt.sys
2009-07-21 15:26 <DIR> --dsh--- c:\documents and settings\dean serrano.dean\PrivacIE
2009-07-11 11:54 <DIR> --d----- c:\docume~1\deanse~1.dea\applic~1\PC-FAX TX
2009-06-28 23:24 410,984 a------- c:\windowsb\system32\deploytk.dll

==================== Find3M ====================

2009-06-03 12:27 1,290,752 a------- c:\windowsb\system32\quartz.dll
2009-06-03 12:27 1,290,752 a------- c:\windowsb\system32\dllcache\quartz.dll
2009-05-12 22:15 915,456 a------- c:\windowsb\system32\wininet.dll
2009-05-07 08:44 344,064 a------- c:\windowsb\system32\localspl.dll
2009-05-07 08:44 344,064 a------- c:\windowsb\system32\dllcache\localspl.dll
2009-05-07 08:44 344,064 -------- c:\windowsb\system32\_004502_.tmp.dll
2009-05-07 08:44 344,064 -------- c:\windowsb\system32\_004464_.tmp.dll
2009-04-25 08:46 59,048 ac------ c:\docume~1\deanse~1.dea\applic~1\GDIPFONTCACHEV1.DAT
2008-03-09 09:19 32 ac------ c:\docume~1\alluse~1.win\applic~1\ezsid.dat

============= FINISH: 15:49:46.85 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/3/2008 7:42:39 PM
System Uptime: 7/26/2009 1:59:17 PM (2 hours ago)

Motherboard: Dell Computer Corporation | | Inspiron 4150
Processor: Intel(R) Pentium(R) 4 Mobile CPU 1.70GHz | Microprocessor | 1695/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 93 GiB total, 22.577 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell TrueMobile 1150 Series Mini PCI Card
Device ID: PCMCIA\DELL-TRUEMOBILE_1150_SERIES_PC_CARD-C043\1
Manufacturer: Dell Corporation
Name: Dell TrueMobile 1150 Series Mini PCI Card
PNP Device ID: PCMCIA\DELL-TRUEMOBILE_1150_SERIES_PC_CARD-C043\1
Service: wldel48b

==== System Restore Points ===================

RP1: 7/24/2009 10:07:52 AM - System Checkpoint
RP2: 7/24/2009 2:08:39 PM - Software Distribution Service 3.0
RP3: 7/24/2009 5:25:08 PM - Software Distribution Service 3.0
RP4: 7/25/2009 9:31:03 PM - Unsigned driver install

==== Installed Programs ======================


a-squared Free 4.5
AC97 SoftV92 Data Fax Modem
ACD Media Support Package 1.0
ACDSee 7.0 PowerPack
Active@ KillDisk FREE Suite
Active@ Password Changer Professional
Ad-Aware
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Amazon MP3 Downloader 1.0.3
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
AutoUpdate
Belarc Advisor 7.2
BibleWorks
Bonjour
Brother MFL-Pro Suite
Canon iP4500 series
Canon iP4500 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities PhotoStitch 3.1
Canon Utilities Solution Menu
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
CyberLink PhotoNow
CyberLink PowerDirector
Dell ResourceCD
Duplicate Cleaner 1.3
ERUNT 1.1j
ESET NOD32 Antivirus
ESET Online Scanner v3
ExtractNow
Flickr Uploadr 3.1
Flock 1.2
Foxit Reader
Google Chrome
Google Earth Plugin
Google Update Helper
HijackThis 2.0.2
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB917021)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Image Data Converter SR
iTunes
Java(TM) 6 Update 14
KhalInstallWrapper
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Office XP Professional with FrontPage
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.12)
Mozilla Thunderbird (2.0.0.14)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 7 Essentials
Palm Desktop
PaperPort
PhotoStitch
Picasa 3
Picture Package Music Transfer
PowerDirector
Quicken WillMaker Plus 2008
QuickTime
REALVIZ StitcherEZ ACD
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
SequoiaView
Skype™ 3.8
SmartSound Quicktracks Plugin
Sony Picture Utility
Sony USB Driver
SplashMoney
Spybot - Search & Destroy
SyncToy 2.0 (x86)
TurboTax 2008
TurboTax 2008 wcaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Deluxe 2007
TweetDeck
Undelete Plus 2.94
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC 9.0 Runtime
Visual C++ CRT 8.0
Visual C++ CRT 9.0
WebFldrs XP
WinDirStat 1.1.2
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781

==== Event Viewer Messages From Past Week ========

7/26/2009 3:48:42 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
7/24/2009 6:05:17 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Windows XP Service Pack 3 (KB936929).
7/24/2009 5:49:14 PM, error: NtServicePack [4374] - Windows XP Service Pack 3 installation failed, leaving Windows XP partially updated.
Service Pack 3 installation did not complete.
7/24/2009 5:40:20 PM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
Access is denied.
7/24/2009 4:34:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
7/24/2009 4:34:37 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
7/24/2009 4:34:37 PM, error: Service Control Manager [7000] - The OrangeWare USB Enhanced Host Controller Service service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/24/2009 3:17:48 PM, error: NtServicePack [4374] - Windows XP Service Pack 3 installation failed, leaving Windows XP partially updated.
Service Pack 3 installation did not complete.
7/24/2009 2:34:10 PM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
Access is denied.

==== End Of File ===========================

Shaba
2009-07-27, 07:09
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

poncho93
2009-07-27, 19:47
Shaba,
I downloaded Combofix and have tried to run it three times but whenever it tries to create a System Restore Point the program freezes. Let me know what you think.

Poncho93

Shaba
2009-07-27, 20:02
Do you have system restore enabled?

poncho93
2009-07-27, 20:59
Shaba,
System restore was enabled. Should I disable it?

POncho

Shaba
2009-07-27, 21:15
No. Please try to run then combofix in safe mode.

poncho93
2009-07-27, 21:23
Shaba,
Already tried to run combofix in safe mode and got the same problem.

Poncho93

Shaba
2009-07-27, 21:32
That might be then spybot issue and not malware issue.

Delete these:

c:\windowsb\system32\_004520_.tmp.dll
c:\windowsb\system32\_004519_.tmp.dll
c:\windowsb\system32\_004482_.tmp.dll
c:\windowsb\system32\_004481_.tmp.dll
c:\windowsb\system32\_004435_.tmp.dll
c:\windowsb\system32\_004502_.tmp.dll
c:\windowsb\system32\_004464_.tmp.dll

Empty Recycle Bin.

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

poncho93
2009-07-28, 05:57
Shaba,
Here is the report from the Kaspersky online scan.

KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, July 27, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, July 27, 2009 21:14:04
Records in database: 2555466


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\

Scan statistics
Files scanned 101543
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 06:26:52

No malware has been detected. The scan area is clean.
The selected area was scanned.

________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:22 PM, on 7/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWSB\System32\smss.exe
C:\WINDOWSB\system32\winlogon.exe
C:\WINDOWSB\system32\services.exe
C:\WINDOWSB\system32\lsass.exe
C:\WINDOWSB\system32\svchost.exe
C:\WINDOWSB\System32\svchost.exe
C:\WINDOWSB\system32\ZoneLabs\vsmon.exe
C:\WINDOWSB\system32\brsvc01a.exe
C:\WINDOWSB\system32\spoolsv.exe
C:\WINDOWSB\system32\brss01a.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWSB\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWSB\System32\svchost.exe
C:\WINDOWSB\System32\dmadmin.exe
C:\WINDOWSB\Explorer.EXE
C:\WINDOWSB\system32\wscntfy.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Dean Serrano.DEAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dean Serrano.DEAN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dean Serrano.DEAN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - S-1-5-18 Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWSB\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240676540629
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248390001861
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) - http://quickscan.bitdefender.com/cab/ActiveQscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWSB\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWSB\system32\brsvc01a.exe
O23 - Service: Google Update Service (gupdate1c8e2f39029b09e) (gupdate1c8e2f39029b09e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWSB\system32\ZoneLabs\vsmon.exe

--
End of file - 8384 bytes

Shaba
2009-07-28, 07:02
OK, that appears to be clean.

Do you have any other issues left than spybot one?

poncho93
2009-07-28, 07:12
Shaba,
Before Spybot I was having issues with my photo editing software, ACDSee, but it appears to be working properly now. Spybot still doesn't work at this point. Thank you for your help. I really appreciate it.

Poncho93

Shaba
2009-07-28, 07:18
Then I suggest that you start new thread here (http://forums.spybot.info/forumdisplay.php?f=4).

Are you ready for final instructions?

poncho93
2009-07-28, 18:44
Shaba,
Are you saying that I can't use Spybot for good? I really liked the program. Too bad I can't figure out what is wrong with it.

Poncho93

Shaba
2009-07-28, 20:14
No. I redirected you there because it appears to be spybot related issue and not malware related issue and there are people who can help with that kind of issue better than I can :)

Shaba
2009-08-04, 07:05
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.