I'm fixing a friends PC, and have run into something with Spybot that I've never seen before.

The PC has WinXP SP3 and all the latest updates.

My friend had Spybot, Ad-Aware SE and AVG free on his computer, but never actually ran spybot, and somehow teatimer was either not turned on when he installed it, or it got bugged. Either way, the kid's a putz because he had limewire and 3 or 4 torrent programs, a fake antivirus software (spyware) and some other crap on it that I uninstalled.

I was able to get into all the files and folders and do some manual cleaning of the temp, prefetch, and other folders etc.

After everything suspect was uninstalled or deleted, I installed a clean version of AVG Free 8.5, Spywareblaster, Ad-Aware AE, and Spybot. I also used msconfig to clean up the startup and services to remove suspect programs i couldn't uninstall from loading.

Everything installed fine with the exception of Spybot. It installed, loaded teatimer and the IE plugins, and gave me access to secure shredder (which i immediately used to shred the other temp files and caches on the system) but it never went into the usual setup screen with the intro...which was weird.

I figured it was spyware blocking the program from loading, so I checked my running processes in the task manager (ctrl-alt-del). SpybotSD.exe shows as running, but only using like 3800k of memory (as opposed to the usual 38000). So I ended the process thinking it was spyware and renamed the shortcut - which didn't help.

I then went into the program files and to the spybot folder, and looked for either the .scr file (which there was one for teatimer, but not for spybot) and the spybotsd.exe file was missing. I checked the folder options and the "show hidden files and folders" option is checked off. It's not there. The shortcut works and I get the program in the task manager, but it's not doing anything beyond that, and not using what it should.

I used the windows search assistant to try to locate spybotsd.exe and it can't find it either, despite doing a search of the entire system. I'm wondering if anyone knows what malware might be on the system that is capable of moving or hiding the spybot executable so it can't be renamed. The shortcut on the desktop and in the start menu both point to the correct folder, but it's clearly not there.

Wondering what to do now, never run into this before (and i clean up a lot of peoples computers, this one is just especially bad).

Along with showing hidden files and folders,make sure that Hide protected operating system files(Recommended) is unchecked as well,to be able to see SpybotSD.exe.
Is it there now?

No, it was already set for that also.

I was finally able to get spybot to operate, there was a registry key that (i'm assuming) was put there by one of the 70-something files i found between ad-aware, avg command-line scanner, and trojan remover 6.8.1. Despite running all these different programs, it STILL didn't find the registry key causing the issue.

All the key consisted of was a list of about 30 anti-spyware programs and a command to hide them from view regardless of windows settings - hence them starting up and using a little memory, but not running full out, again i'm assuming because of that registry key. This prevented me from being able to change the name of spybotsd.exe to something else, but allowed the IE plugins, the explorer scanline plugin (but it refused to load and scan the entire harddrive when i clicked on it), and teatimer to still operate.

I manually deleted it once i found it (I knew for a fact my buddy never used 30-someodd different spyware removers) and after that, spybot reinstalled and ran fine.

I'm also making the fool buy a router - his PC was plugged directly into the cable modem, and he left his pc on 24/7...didn't update windows when he should etc - oh, and also turned of windows firewall when he needed "more speed for his torrents because the program told him to..." and never ran or updated the programs he had installed...

After 12 hours of messing with this thing and still yanking off bad files and keys (spybot found 33 more when I ran it, putting the total at well over 100), he better buy me dinner or a case of expensive beer...despite the fact that i turn things on and walk away for 80% of that time.

Something on this thing is also keeping his windows security center service from loading, and it doesn't even show in the services window. He does have xp media center, but i've loaded all the updates and patches so it should work fine...once i get the rest of it cleaned off.

I strongly recommend trojan remover to anyone that has issues finding things. You get full functionality for 30 days before you have to buy it (and i just might buy it i was so impressed!) It doesn't find everything that spybot finds, but it helped.

I think maybe he ought to buy you dinner and an expensive case of beer. :laugh:

There's a fix for security center listed here:
http://www.winhelponline.com/articles/33/1/How-to-restore-the-missing-Security-Center-service-in-Windows-XP-SP2.html
It's listed as being for XP service pack 2,but I think it should be fine to use with service pack 3 as well,if you want to give it a try.

If you run into any troubles cleaning the rest of the computer,this forum has a malware removal forum section you or your friend could get help at,if you wished too. :)