PDA

View Full Version : Spybot not working, firefox not working



BigBad
2010-10-22, 22:32
I got to the office yesterday morning to find that I could not use firefox. IExplorer at least starts, but also not working. Tried to use spybot to check things out, but it also won't start. Able to get online with chrome.
I ran highjack this and did some tinkering, without knowing what I am doing. Also tried things I found in other forums before coming here and reading the "read this first" thread, which showed my that I should not have done all that. Oh, I also installed the new version of Avast (free), which is what I use for anti-virus, and Ad-aware, which ran and found nothing. Avast is still running. I am going to try to post my DDSfile here...

DS (Ver_10-10-21.02) - NTFSx86
Run by Bruce at 21:27:48,48 on 22.10.2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.3070.1969 [GMT 2:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\Programme\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
C:\Programme\ScanSoft\OmniPage15\Opware15.exe
C:\Programme\Logitech\LWS\Webcam Software\LWS.exe
C:\Programme\Alwil Software\Avast5\avastUI.exe
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Programme\Launchy\Launchy.exe
C:\Programme\ElephantDrive\ElephantDrive Desktop\ElephantDesktop.exe
C:\Programme\WordWeb\wweb32.exe
C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Programme\Gemeinsame Dateien\Logishrd\LQCVFX\COCIManager.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Google\Chrome\Application\chrome.exe
C:\Programme\Google\Chrome\Application\chrome.exe
C:\Programme\Google\Chrome\Application\chrome.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
D:\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://today.ask.com/foxit?o=101702&l=dis
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\programme\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\programme\askbardis\bar\bin\askBar.dll
uRun: [H/PC Connection Agent] "c:\programme\microsoft activesync\Wcescomm.exe"
uRun: [GMX SMS-Manager] c:\programme\gmx\gmx sms-manager\SMSMngr.exe
uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AlcoholAutomount] "c:\programme\alcohol soft\alcohol 52\AxAutoMntSrv.exe" -automount
uRun: [SpybotSD TeaTimer] c:\programme\spybot - search & destroy\TeaTimer.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SSBkgdUpdate] "c:\programme\gemeinsame dateien\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [Opware15] "c:\programme\scansoft\omnipage15\Opware15.exe"
mRun: [ScanSoft OmniPage 15-reminder] "c:\programme\scansoft\omnipage15\ereg\ereg.exe" -r "c:\dokumente und einstellungen\all users\anwendungsdaten\scansoft\omnipage15.0\ereg\Ereg.ini
mRun: [ISUSPM Startup] c:\progra~1\gemein~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [LWS] c:\programme\logitech\lws\webcam software\LWS.exe -hide
mRun: [avast5] "c:\programme\alwil software\avast5\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\bruce\startm~1\progra~1\autost~1\logite~1.lnk - c:\programme\logitech\ereg\eReg.exe
StartupFolder: c:\dokume~1\bruce\startm~1\progra~1\autost~1\wordwe~1.lnk - c:\programme\wordweb\wweb32.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\launchy.lnk - c:\programme\launchy\Launchy.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\shortc~1.lnk - c:\programme\elephantdrive\elephantdrive desktop\ElephantDesktop.exe
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-explorer: NoActiveDesktop = 01000000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\dokume~1\bruce\anwend~1\mozilla\firefox\profiles\r0kie9jz.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
FF - plugin: c:\dokumente und einstellungen\bruce\anwendungsdaten\mozilla\firefox\profiles\r0kie9jz.default\extensions\npzorap@zorap.com\plugins\npZorap.dll
FF - plugin: c:\programme\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\programme\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-21 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-10-2 165584]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-6-20 13696]
R1 Ndisprot;GreenPacket NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [2010-6-4 21504]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2001-12-19 8576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-2 17744]
R2 avast! Antivirus;avast! Antivirus;c:\programme\alwil software\avast5\AvastSvc.exe [2010-10-22 40384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\lavasoft\ad-aware\AAWService.exe [2010-9-23 1355928]
R2 SentinelKeysServer;Sentinel Keys Server;c:\programme\gemeinsame dateien\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-11 328992]
R2 StarWindServiceAE;StarWind AE Service;c:\programme\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\programme\alwil software\avast5\AvastSvc.exe [2010-10-22 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\programme\alwil software\avast5\AvastSvc.exe [2010-10-22 40384]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-10-15 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-10-15 3072]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programme\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15008]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 TrunkDrive.exe;TrunkDrive;c:\programme\elephantdrive\elephantdrive desktop\TrunkDrive-Service.exe [2009-12-15 114392]
S4 gupdate1ca704af1f62854;Google Update Service (gupdate1ca704af1f62854);c:\programme\google\update\GoogleUpdate.exe [2009-11-28 133104]

=============== Created Last 30 ================

2010-10-22 18:58:20 -------- d-----w- c:\dokume~1\bruce\anwend~1\Safer Networking
2010-10-22 18:58:08 -------- d-----w- c:\programme\Safer Networking
2010-10-22 18:44:15 38848 ----a-w- c:\windows\avastSS.scr
2010-10-22 18:43:56 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\Alwil Software
2010-10-21 16:26:12 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-10-21 16:07:22 -------- d-----w- c:\dokume~1\bruce\lokale~1\anwend~1\Sunbelt Software
2010-10-21 16:07:06 -------- dc-h--w- c:\dokume~1\alluse~1\anwend~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-21 16:06:52 -------- d-----w- c:\programme\Lavasoft
2010-10-21 15:36:06 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-10-21 15:36:06 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-21 15:35:51 -------- d-----w- c:\programme\uTorrent
2010-10-12 11:44:59 53248 ----a-r- c:\dokume~1\bruce\anwend~1\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2010-10-12 11:43:52 -------- d-----w- c:\windows\system32\logishrd
2010-10-12 11:43:46 -------- d-----w- c:\programme\gemeinsame dateien\LWS
2010-10-12 11:43:45 -------- d-----w- c:\programme\Common Files
2010-10-10 08:45:36 -------- d-----w- c:\dokume~1\bruce\lokale~1\anwend~1\LogiShrd
2010-10-10 08:41:26 6842464 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-10-10 08:41:26 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-10-10 08:41:26 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-10-10 08:41:26 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-10-10 08:41:17 66528 ----a-w- c:\windows\system32\drivers\lvselsus.sys
2010-10-10 08:41:17 37518 ----a-w- c:\windows\system32\Repository.reg
2010-10-10 08:41:17 282336 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-10-10 08:41:17 199192 ----a-r- c:\windows\system32\lvci1201278.dll
2010-10-10 08:41:01 23904 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2010-09-23 07:56:03 -------- d-----w- c:\dokume~1\bruce\lokale~1\anwend~1\Yahoo
2010-09-23 07:51:22 -------- d-----w- c:\programme\Yahoo!

==================== Find3M ====================

2010-07-27 08:08:34 203360 ----a-w- c:\windows\system32\lvci1311021.dll
2010-07-27 08:03:20 10829656 ----a-w- c:\windows\system32\LogiDPP.dll
2010-07-27 08:03:20 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-07-27 08:03:18 290648 ----a-w- c:\windows\system32\DevManagerCore.dll

============= FINISH: 21:31:29,85 ===============

I am very grateful for any help from the forum, but I have to go to bed. I'll check back Saturday, about 3pm Central European Time.
Cheers,
Bruce

Jack&Jill
2010-11-12, 09:52
Hello BigBad,

Sorry for the delay.

If you still need help, please delete the DDS file that you have and download a fresh copy from one of the links below. Please post new DDS logs.

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Link 3 (http://www.infospyware.net/sUBs/dds)

Otherwise, this topic will be closed after 3 days.

Jack&Jill
2010-11-15, 13:43
Due to lack of response, this topic is now closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log. (http://forums.spybot.info/showpost.php?p=1150&postcount=2)

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.