Results 1 to 4 of 4

Thread: Spybot S&D is closing automatically

  1. #1
    Junior Member
    Join Date
    Jul 2010

    Exclamation Spybot S&D is closing automatically

    First I know somethings about Computer, but I'm definity no expert, so I need your help

    Yesterday I downloaded a hack for a game, (yeah I know that was stupid), it was an .exe
    I tryed to run it, but nothing happened.
    I kept my eye on the anti-virus to see if it detected something, it didn't,.
    I eliminated the hack, a few minutes later, My anti-virus (ESET NOD32 Anti-Virus Buisness Edition) detected 4 Virus on my computer, whitch it automaticlly moved to quarantine.
    Next I started suffering from lagspike of 2 seconds, every 6 seconds, which I didn't experience before.
    I did a Full-System Check and It detected 2 more virus, which it automaticlly moved to quarantine, I still suffered the lagspike, so I decided to download Spybot S&D and I inmunize, and did a System Check, It detected Win32.Spynet.a, and then it closed itself, I opened Spybot again, and it detected and closed again itself,

    I don't what's happening, but I want to remove it.

    Help Please

    *Few Notes
    -Lagspike is completly gone
    -I got a teatimer blacklist detection of Winlogon.exe, I told it to kill it
    -When I start my computer I get a bunch of GoogleChrome errors for some reason
    -When I turn off my computer I get a WinLogon.exe error

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by User at 23:21:43,85 on 16/07/2010
    Internet Explorer: 7.0.5730.11
    Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.1983.1400 [GMT -5:00]

    AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Archivos de programa\Bonjour\mDNSResponder.exe
    C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Archivos de programa\iTunes\iTunesHelper.exe
    C:\Archivos de programa\PowerISO\PWRISOVM.EXE
    C:\Archivos de programa\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
    C:\archivos de programa\steam\steam.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Archivos de programa\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Archivos de programa\iPod\bin\iPodService.exe
    C:\Documents and Settings\User\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Configuración local\Datos de programa\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Escritorio\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://
    uWindow Title = Windows Internet Explorer proporcionado por Windows uE
    uDefault_Page_URL = hxxp://
    mDefault_Page_URL = hxxp://
    mStart Page = hxxp://
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archiv~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\archiv~1\micros~4\office12\GRA8E1~1.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\archivos de programa\java\jre1.6.0_01\bin\ssv.dll
    BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\archivos de programa\archivos comunes\microsoft shared\windows live\WindowsLiveLogin.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\user\configuración local\datos de programa\google\update\GoogleUpdate.exe" /c
    uRun: [Center Agent] c:\archivos de programa\kworld multimedia\hypermediacenter\dtvr\Scheduled.exe
    uRun: [dso32] c:\docume~1\user\config~1\temp\dsoqq.exe
    uRun: [Steam] "c:\archivos de programa\steam\steam.exe" -silent
    uRun: [HKCU] c:\windows\system32\winlog\Winlogon.exe
    mRun: [egui] "c:\archivos de programa\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [QuickTime Task] "c:\archivos de programa\quicktime alternative\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\archivos de programa\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\archivos de programa\archivos comunes\adobe\arm\1.0\AdobeARM.exe"
    mRun: [ZSSnp211] c:\windows\ZSSnp211.exe
    mRun: [Domino] c:\windows\Domino.exe
    mRun: [PWRISOVM.EXE] c:\archivos de programa\poweriso\PWRISOVM.EXE
    mRun: [HKLM] c:\windows\system32\winlog\Winlogon.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    uExplorerRun: [Policies] c:\windows\system32\winlog\Winlogon.exe
    mExplorerRun: [Policies] c:\windows\system32\winlog\Winlogon.exe
    StartupFolder: c:\docume~1\user\menini~1\progra~1\inicio\erunta~1.lnk - c:\archivos de programa\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\user\menini~1\progra~1\inicio\rocket~1.lnk - c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe
    StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\actual~1.lnk - c:\archivos de programa\eset\minodlogin\MiNODLogin.exe
    StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\remote~1.lnk - c:\archivos de programa\kworld multimedia\tv tuner card utilities\HMCP3XCtl.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~4\office12\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\archiv~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~4\office12\REFIEBAR.DLL
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\archivos de programa\archivos comunes\microsoft shared\encarta search bar\ENCSBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archiv~1\spybot~1\SDHelper.dll
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\archiv~1\micros~4\office12\GR99D3~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\archiv~1\micros~4\office12\GRA8E1~1.DLL
    mASetup: {XQ881J2H-07YA-WRBN-4P25-XN85W68VYEVT} - c:\windows\system32\winlog\Winlogon.exe

    ================= FIREFOX ===================

    FF - ProfilePath -

    ============= SERVICES / DRIVERS ===============

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-3-19 93848]
    R2 ekrn;ESET Service;c:\archivos de programa\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]
    R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2010-6-10 674048]
    R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [2010-6-15 480128]
    R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [2010-6-15 1472000]

    =============== Created Last 30 ================

    2010-07-15 22:38:14 0 d-----w- c:\archivos de programa\Safer Networking
    2010-07-15 22:05:21 0 d-----w- c:\docume~1\alluse~1\datosd~1\Spybot - Search & Destroy
    2010-07-15 22:05:21 0 d-----w- c:\archivos de programa\Spybot - Search & Destroy
    2010-07-15 21:55:47 117760 --sh--r- C:\biriprg.exe
    2010-07-14 23:09:09 333288 ----a-w- c:\docume~1\user\datosd~1\SQLite3.dll
    2010-07-13 15:08:45 116224 --sh--r- C:\i8gcgmg.exe
    2010-07-12 17:50:14 116736 --sh--r- C:\r3x0k.exe
    2010-07-10 03:32:51 0 d-----w- c:\docume~1\user\datosd~1\BitTorrent
    2010-07-10 03:32:47 0 d-----w- c:\archivos de programa\BitTorrent
    2010-07-09 14:17:10 116224 --sh--r- C:\ggb6w.exe
    2010-07-06 15:16:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-06 15:09:51 117248 --sh--r- C:\x3xh.exe
    2010-07-03 17:34:49 0 d-----w- c:\archivos de programa\PowerISO
    2010-07-03 17:24:01 0 d-----w- c:\archivos de programa\Tansee iPod Transfer
    2010-07-03 13:25:57 117248 --sh--r- C:\g6jk.exe
    2010-07-03 03:41:10 0 d-----w- c:\archivos de programa\SystemRequirementsLab
    2010-07-03 03:14:28 0 d-----w- c:\archivos de programa\Steam
    2010-06-24 21:44:04 0 d-----w- c:\archivos de programa\Bandoo
    2010-06-23 16:13:41 117248 --sh--r- C:\eyruu.exe
    2010-06-19 21:33:48 0 d-----w- c:\docume~1\alluse~1\datosd~1\WinMaximizer
    2010-06-18 15:19:05 117248 --sh--r- C:\09lf.exe
    2010-06-18 03:47:40 3417 ----a-w- c:\windows\system32\wbem\Outlook_01cb0e990050f2a2.mof
    2010-06-17 20:50:49 115712 --sh--r- C:\1gkbvsni.exe

    ==================== Find3M ====================

    2010-07-17 04:21:22 701793 ---ha-w- c:\docume~1\user\datosd~1\logs.dat
    2010-06-18 03:47:40 77520 ----a-w- c:\windows\system32\perfc00A.dat
    2010-06-18 03:47:40 456588 ----a-w- c:\windows\system32\perfh00A.dat
    2010-06-16 20:24:11 116224 --sh--r- C:\xcr.exe
    2010-06-16 01:52:32 114688 --sh--r- C:\krwyrv0d.exe
    2010-06-10 18:33:07 315392 ----a-w- c:\windows\HideWin.exe
    2010-06-10 13:36:12 64695 ----a-w- c:\windows\BricoPackUninst.cmd
    2010-06-10 13:36:12 5997 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
    2010-06-10 13:36:12 220160 ----a-w- c:\windows\system32\uxtheme.dll
    2010-06-10 04:12:40 505128 ----a-w- c:\windows\system32\msvcp71.dll
    2010-06-10 04:12:40 353576 ----a-w- c:\windows\system32\msvcr71.dll
    2010-06-10 04:12:40 29480 ----a-w- c:\windows\system32\msxml3a.dll
    2010-06-10 03:45:07 21900 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2005-09-20 12:44:14 354429 --sh--r- c:\windows\system32\winlog\Winlogon.exe

    ============= FINISH: 23:22:06,35 ===============


    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 09/06/2010 10:50:00 p.m.
    System Uptime: 16/07/2010 11:16:02 p.m. (0 hours ago)

    Motherboard: MSI | | MS-7309
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | CPU 1 | 2712/200mhz
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | CPU 1 | 2712/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 68 GiB total, 37,885 GiB free.
    D: is FIXED (NTFS) - 165 GiB total, 162,026 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP43: 11/07/2010 12:39:43 p.m. - Punto de control del sistema
    RP44: 11/07/2010 12:57:46 p.m. - Punto de control del sistema
    RP45: 12/07/2010 07:58:33 p.m. - Punto de control del sistema
    RP46: 14/07/2010 12:00:52 p.m. - Punto de control del sistema
    RP47: 15/07/2010 04:20:15 p.m. - Punto de control del sistema
    RP48: 16/07/2010 08:07:53 p.m. - Punto de control del sistema

    ==== Installed Programs ======================

    Actualización para Windows XP (KB898461)
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.3 - Español
    AMD Processor Driver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Chinese (Simplified) Language Support
    Chinese (Traditional) Language Support
    Compresor WinRAR
    Counter-Strike: Condition Zero
    Counter-Strike: Source
    CyberLink PowerDVD 9
    Dream Aquarium
    ERUNT 1.1j
    ESET Antivirus License Finder (MiNODLogin)
    ESET NOD32 Antivirus
    GameHouse Super Games AIO®
    Garry's Mod
    Google Chrome
    Herramienta de carga de Windows Live
    High Definition Audio Driver Package - KB888111
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Java(TM) SE Runtime Environment 6 Update 1
    K-Lite Codec Pack 3.01 Full
    Korean Language Support
    KWorld TV Tuner Card Utilities
    KWorld TV713X BDA Driver
    L&H Power Translator Pro 7.0
    Matemáticas de Microsoft
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 2.0 Language Pack - ESN
    Microsoft Age of Empires II
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Global IME for Chinese (Simplified)
    Microsoft Global IME for Chinese (Traditional)
    Microsoft Global IME for Chinese (Traditional) ChangJie
    Microsoft Global IME for Korean
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (Spanish) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (Spanish) 2007
    Microsoft Office Groove MUI (Spanish) 2007
    Microsoft Office InfoPath MUI (Spanish) 2007
    Microsoft Office OneNote MUI (Spanish) 2007
    Microsoft Office Outlook MUI (Spanish) 2007
    Microsoft Office PowerPoint MUI (Spanish) 2007
    Microsoft Office Proof (Basque) 2007
    Microsoft Office Proof (Catalan) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Galician) 2007
    Microsoft Office Proof (Portuguese (Brazil)) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (Spanish) 2007
    Microsoft Office Publisher MUI (Spanish) 2007
    Microsoft Office Shared MUI (Spanish) 2007
    Microsoft Office Word MUI (Spanish) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (Spanish) 12
    Microsoft Student con Encarta Premium 2009
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (
    MSXML 6.0 Parser
    Need for Speed™ Most Wanted
    NVIDIA Drivers
    Pack Vista Inspirat 2 1.0
    Paquete de idioma de Microsoft .NET Framework 2.0 - ESN
    Picasa 3
    PopCap Deluxe Games
    QuickTime Alternative 1.80
    Realtek High Definition Audio Driver
    Reproductor de Windows Media 11
    Segoe UI
    Shockwave Player
    Spybot - Search & Destroy
    System Requirements Lab
    Tansee iPod Transfer v3.8
    VideoLAN VLC media player 0.8.6d
    WebFldrs XP
    Winamp (remove only)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Asistente para el inicio de sesión
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Media Format 11 runtime
    Windows Media Player 11
    ZSMC USB PC Camera (ZS0211)

    ==== Event Viewer Messages From Past Week ========

    11/07/2010 12:39:15 p.m., error: sr [1] - El filtro de Restaurar sistema encontró el error inesperado "0xC0000043" mientras procesaba el archivo "ggb6w.exe" en el volumen "HarddiskVolume2". Se ha detenido la supervisión del volumen.

    ==== End Of File ===========================

  2. #2
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006



    Please post a fresh dds.txt file contents.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Jul 2010

    Default Thanx Alot For The Help

    Thanx Alot for the help,

    it's too late D:

    This seems to be a new virus or something, so in the future, if you can save people like me: This is the other of events

    1. I downloaded a Hack for Game, It looked suspicious so I downloaded it, so scanned it, It didn't detect anything (ESET NOD32 Buisness Edition), a few minutes later, it detected a virus, somewhere in my computer (dammnnnn) so it moved to Quarantine
    2. The next day, I started suffering a huge lagspike, and Google Chrome errors, I decided to get SpyBot, but it started closing automatically after detecting Windows.Spynet.a (I think), I decided to look for help, so I ended up here, with a simple problem, not seeing the storm that was coming
    3. Now I restarted my comp, the lagspike was gone, Teamtimer dected a WinLogon.exe error and I told it to kill it (I dont remeber now so well, what happened later) Then I start getting a WinLogon.exe error when shutting down
    4. Next day, I started seeing some process like
    mrziimrz.exe or something like that

    and it said I had bunch of weird programms opened, and I started getting a "Just an Awesome Tool" error

    5. I think I posted again,after that,...I went into safemode and search manually for virus (I know how it looked like, it had a special icon and shit), So I think that slowed down it shit

    6. I started seeing those process again, so I closed them, and had a bunch of chrome.exe in processes, even if I didn't even have it opened. I closed them, all good and easy

    7. Next day, it i went into safemode again, and I searched manually, and I finded again, and I deleted them, I restarted and then when I closed chrome.exe or SWARMBOT182.exe (another process from the virus) I gotted blue screen, I went into safemode, but now it restarted when ever i selected safe mode (awww shit)

    8. Next day my grumpy grandpa, used the computer, and block me from using it, I heard him arguing that computer was getting some errors and it was a galaxy.exe error (For some reason this computer has some virtual usb drives idk, but i think its fake or somethin) who was trying to duplicate into a Virtual Usb Drive, I told it to save remove those drives, and the error didnt appear again

    9. At Nextday I went to check how bad was the computer , and oh god, the virus gaved remote assistance to w/e and it was downloading a torrent by itself of a Keygen, I turned my comp off, and decided to get my local technican

    Hope you can add something to SpyBot to detect and stop this malware


  4. #4
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006


    Ok. Thanks for letting us know . Topic is now closed.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts