# Solved: SpyBot S&D Errors everytime



## bill.aam (Apr 29, 2004)

I get 1000's of these, Seems like mutil for each file S&D is searching.
I uninstalled and reinstalled S&D but it made no differance.

Any suggestions what went wrong? It used to work.

Error during check!: 00SyncNet [2] (Access violation at address 00000000. Read of address 00000000) ()
Error during check!: 00SyncNet [3] (Access violation at address 00000000. Read of address 00000000) ()
Error during check!: 00SyncNet [4] (Access violation at address 00000000. Read of address 00000000) ()
Error during check!: 00SyncNet [5] (Access violation at address 00000000. Read of address 00000000) ()
Error during check!: 00SyncNet [9] (Access violation at address 00000000. Read of address 00000000) ()
Error during check!: 00SyncNet [10] (Access violation at address 00000000. Read of address 00000000) ()
Error during check!: 00SyncNet [13] (Access violation at address 00000000. Read of address 00000000) ()
Error during check!: 00SyncNet [14] (Access violation at address 00000000. Read of address 00000000) ()
Error during check!: 00SyncNet [18] (Access violation at address 00000000. Read of address 00000000) ()
Error during check!: 00SyncNet [19] (Access violation at address 00000000. Read of address 00000000) ()
Error during check!: 00SyncNet [20] (Access violation at address 00000000. Read of address 00000000) ()
Error during check!: 00SyncNet [25] (Access violation at address 00000000. Read of address 00000000) ()
Error during check!: 00SyncNet [26] (Access violation at address 00000000. Read of address 00000000) ()
Error during check!: 00SyncNet [29] (Access violation at address 00000000. Read of address 00000000) ()
Error during check!: 00SyncNet [30] (Access violation at address 00000000. Read of address 00000000) ()
Error during check!: 00SyncNet [31] (Access violation at address 00000000. Read of address 00000000) ()
Error during check!: 00SyncNet [34] (Access violation at address 00000000. Read of address 00000000) ()
Error during check!: 00SyncNet [37] (Access violation at address 00000000. Read of address 00000000) ()

User abort!: Scan was not completed successfully. ()

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-08-19 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2004-02-29 Tools.dll (2.0.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-08-12 Includes\Dialer.sbi (*)
2005-08-12 Includes\Hijackers.sbi (*)
2005-06-23 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-08-12 Includes\Malware.sbi (*)
2005-08-12 Includes\PUPS.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-08-06 Includes\Security.sbi (*)
2005-08-12 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-08-12 Includes\Trojans.sbi (*)


----------



## D_Trojanator (May 13, 2005)

Lets start by checking a HJT log:

*HijackThis*

*Download HijackThis from http://www.merijn.org/files/hijackthis.zip 
*Unzip the file and install it to C:/ProgramFiles
*Click on scan and save a log
*When the txt file comes up, copy all and paste here.

It may need a re-install, but we might as well check HJT log first.........

David


----------



## bill.aam (Apr 29, 2004)

Here ya go.. Thanks..

Logfile of HijackThis v1.99.1
Scan saved at 12:34:37 PM, on 8/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\oracle\ora92\bin\omtsreco.exe
c:\windows\system32\rcmdsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Palm\hotsync.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\Anti-Spyware\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://online.corp.aam.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=internet.aam.net:21;gopher=internet.aam.net:80;http=internet.aam.net:80;https=internet.aam.net:443
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aam.net;aamoratest;*Imercer.com;*.gmsupplypower.com;*henry.hfhs.org;pspurch.net.hfh.edu*;*.anx.com;*symantecliveupdate.com;*.eds.com;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O15 - Trusted Zone: http://www.intel.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://forums.techguy.org
O16 - DPF: {57802C16-9A15-11D4-B2A8-0090272E599B} (SetServer2 Class) - http://fiswebdga.corp.aam.net/WebHMI/cabs/IcoSetServer.cab
O16 - DPF: {5B1A6E1E-5002-11D3-A605-00A0249E352D} (BlankTrendCtl Class) - http://fiswebdga.corp.aam.net/WebHMI/cabs/TWXViewerU.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096583396280
O16 - DPF: {98A5DDE3-563B-11CF-A343-487C03C10000} (ICONICS GraphWorX32 Viewer ActiveX) - http://fiswebdga.corp.aam.net/WebHMI/cabs/GWXview32U.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://prod.corp.aam.net:8101/jinitiator/oajinit.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AAM.NET
O17 - HKLM\Software\..\Telephony: DomainName = AAM.NET
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AAM.NET
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AAM.NET
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


----------



## D_Trojanator (May 13, 2005)

The log isn;t shwoing anything particularly bad....let me investigate.........
David


----------



## bill.aam (Apr 29, 2004)

Thanks.. There doesn't seem to be a problem with anything else. I can run AdAware, no problems, MS Anti-spyware, No Problems.


----------



## D_Trojanator (May 13, 2005)

I recommend that you reinstall it, and look at this article for configuring it correctly.......if the problem persists get back to me!
David


----------



## D_Trojanator (May 13, 2005)

http://ict.cas.psu.edu/training/howto/util/InstallConfigSpybot.htm


----------



## bill.aam (Apr 29, 2004)

Thanks for all yor help, That fixed it. I think it was the hidden folder and files under All Users...

THANKS!!!!!!!!


----------



## D_Trojanator (May 13, 2005)

Ok! Glad it worked!
David


----------



## D_Trojanator (May 13, 2005)

As the problem in this thread seems to have been *fixed*, we ask you to mark this thread as *solved*!

To do this please click on the *"thread tools"* button in the top right hand corner and click on *"solved"*

If you wish the thread to be re-opened at any time, please *PM* a _moderator_!
David


----------

