Cannot Download Spybot

B

bonniboo

New member
Okay I really didn't want to post a new thread. I tried to look for a solution but nothing I read makes sense. Plese help.

I went to .CNET to download Spybot and have it waiting on my desktop. For some reason when I execute the program it does not let me connect to the server I keep getting an error. I am using IE 6.0. The page keeps popping up as if I have no internet connect but if I Google Safer Networking and select cached the site is there and their server is not down.

I have removed over 151 viruses called Packed.Generic.200 which seems to be all over my computer. I also had a huge trojan which had like .Kotz in the name????? IDK

I would really appreciate someone assisting me I don't know what to do anymore. I have restored my computer to the factory default over six times trying to get rid of all of the viruses and malware and am one step away from throwing this computer away and buying a new one.

I appreciate any help you can give

Thx. Bonniboo
 
Spybot

Okay so I played around with the download and somehow got it to run without having too use IE. Now the program is telling me it's scanning but it will not open. I see it in the system tray.

How do I open it so I can use it?

Thx.

Bonniboo
 
Bonniboo:

The icon in the system tray is not associated with Spybot itself. The system tray icon is associated with TeaTimer which is an online process and registry change monitor.

If you have a desktop shortcut named "Spybot - Search & Destroy", double click on it. If you do not a desktop shortcut named "Spybot - Search & Destroy", right click on the icon in the system tray and select "Run Spybot-S&D".
 
Spybot

Thank you for your response.

I have tried doing that several times and nothing pops up. The tutorial I opened says I should get a wizard to assist but nothing happens. I have uninstalled reinstalled and restarted and still the same thing.

Does it have anything to do with not being able to get linked to the internet?

Bonniboo
 
Spybot

BTW ~

I have also tried starting it from the start menu and my program files folder. Still nothing. There is a document that says something about a screensaver being removed from the desktop. But the date on it is from 2007
 
Spybot

I cannot run Spybot because I cannot install the updates. The updates won't install because something, more than likely a trojan, is stopping me from connecting to the server. How can I update the product manually so I can run the scan.

BTW I am on CST. I notice your clock says it's 11:41 its actually four in the morning here.

Bonniboo
 
Bonniboo:

To use Spybot's integrated update you must authorize program SDUpdate.exe to access the internet in your firewall.

If you are unable to complete an integrated update you can manually update the detection rules as follows:_____

My clock is fine. Try setting your board time. Go into UserCP » Edit Options and set the time to Central Standard Time with automatic daylight savings time detection.
 
When I click both links it says this page cannot be displayed and that the website is unavailable. This is getting ridiculous. Whatever it is it has compromised all of my web browsers. Flock, IE, Netscape......None of the browsers can get to this page or anything within Safer Networking its somehow giving me this warning.

Should I try another spyware remover. I just purchased Kaspersky.


Thanks for the time zone answer.
 
Spybot

Finally ~ Does this report help?

- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-01-31 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2007-11-07 Includes\Revision.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB883667
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Hotfix for Windows XP (KB888795)
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Hotfix for Windows XP (KB891593)
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Windows XP Hotfix - KB892050
/ Windows XP / SP3: Windows XP Hotfix - KB893066
/ Windows XP / SP3: Hotfix for Windows XP (KB893357)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Hotfix for Windows XP (KB899337)
/ Windows XP / SP3: Hotfix for Windows XP (KB899510)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Hotfix for Windows XP (KB902841)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Hotfix for Windows XP (KB906569)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, AlwaysReady Power Message APP
command: ARPWRMSG.EXE
file: C:\WINDOWS\ARPWRMSG.EXE
size: 77312
MD5: B596347A26DC054EBB44EB3BC8E95B0A

Located: HK_LM:Run, ccApp
command: "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
file: c:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 53096
MD5: E49A329D21C9D2085128D185A45C6D6A

Located: HK_LM:Run, DISCover
command: C:\Program Files\DISC\DISCover.exe
file: C:\Program Files\DISC\DISCover.exe
size: 1064960
MD5: 58292A55B2D232987FDEC946A7D05A7C

Located: HK_LM:Run, DiscUpdateManager
command: C:\Program Files\DISC\DiscUpdateMgr.exe
file: C:\Program Files\DISC\DiscUpdateMgr.exe
size: 61440
MD5: AE8C96C6BA1465AE227D8292BCA15B17

Located: HK_LM:Run, DMAScheduler
command: c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
file: c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
size: 90112
MD5: 8C1846CF3628C1AF15E8A21BB48CB38A

Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 7A21E06385E748E9CB0252F1BBC493F1

Located: HK_LM:Run, HP Software Update
command: C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
file: C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
size: 49152
MD5: AC116F16A7716A720A45D7EA47CFD983

Located: HK_LM:Run, HPBootOp
command: "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
file: C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
size: 249856
MD5: 42DCC44CF5FA41100D7A5BE01D866180

Located: HK_LM:Run, HPHUPD08
command: c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
file: c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
size: 49152
MD5: 4F113169A2DE985D043A5530987AD6D0

Located: HK_LM:Run, MSConfig
command: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
file: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
size: 169984
MD5: 3C60AEFA68EFA2C4D13AB6B68FE82B81

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\NvCpl.dll
size: 7311360
MD5: DF5133EA0D6D7C34E44551F87044EE59

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1519616
MD5: AE0A7905C97BA30211C700C3E12DFD83

Located: HK_LM:Run, PCDrProfiler
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Recguard
command: C:\WINDOWS\SMINST\RECGUARD.EXE
file: C:\WINDOWS\SMINST\RECGUARD.EXE
size: 237568
MD5: F3EAEA279F09A7779C18793C87640794

Located: HK_LM:Run, Reminder
command: "C:\Windows\Creator\Remind_XP.exe"
file: C:\Windows\Creator\Remind_XP.exe
size: 663552
MD5: B385EAA6CC24BF7CB8FA7FC031D79B7A

Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 15969280
MD5: 1A909655D01FFA91090026FDA9E5B664

Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: PE_C_A G.BONNIBOO...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, MSMSGS (DISABLED)
where: PE_C_A G.BONNIBOO...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259

Located: HK_CU:Run, swg (DISABLED)
where: PE_C_A G.BONNIBOO...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE

Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: PE_C_LATRELL...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, MSMSGS (DISABLED)
where: PE_C_LATRELL...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259

Located: HK_CU:Run, swg (DISABLED)
where: PE_C_LATRELL...
command: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Yahoo! Pager (DISABLED)
where: PE_C_LATRELL...
command: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
file: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
size: 4347120
MD5: BF7F70A930CEFF0124CB70BFB0055E8F

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-3757602648-2278425356-2192302770-1008...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, MSMSGS
where: S-1-5-21-3757602648-2278425356-2192302770-1008...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-3757602648-2278425356-2192302770-1008...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2144088
MD5: 896A1DB9A972AD2339C2E8569EC926D1

Located: HK_CU:Run, MSMSGS (DISABLED)
where: S-1-5-21-3757602648-2278425356-2192302770-1008...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259

Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-3757602648-2278425356-2192302770-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, MSMSGS (DISABLED)
where: S-1-5-21-3757602648-2278425356-2192302770-500...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-3757602648-2278425356-2192302770-501...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, MSMSGS (DISABLED)
where: S-1-5-21-3757602648-2278425356-2192302770-501...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259

Located: Startup (disabled), AT&T Self Support Tool (DISABLED)
command: C:\PROGRA~1\SBCSEL~1\bin\matcli.exe -boot
file: C:\PROGRA~1\SBCSEL~1\bin\matcli.exe
size: 217088
MD5: 96610108433EC2F885672AB0F32A0466

Located: Startup (disabled), HP Digital Imaging Monitor (DISABLED)
command: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
file: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
size: 282624
MD5: 5597D0075861CB0A6E6087752D205C0D

Located: Startup (disabled), Updates From HP (DISABLED)
command: C:\PROGRA~1\UPDATE~1\9972322\Program\UPDATE~1.EXE -startup
file: C:\PROGRA~1\UPDATE~1\9972322\Program\UPDATE~1.EXE
size: 36903
MD5: 84A6C6456F86ED03B79DB55BCBCDB2BD

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 12/14/2004 10:56:50 AM
Date (last access): 1/31/2009 7:56:26 PM
Date (last write): 12/14/2004 10:56:50 AM
Filesize: 63136
Attributes: archive
MD5: 42729C3DE75A7A51FC6F9EF6546C9199
CRC32: 4D60BD07
Version: 7.0.0.1333

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files\Spybot - Search & Destroy\
Long name: SDHelper.dll

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (NAV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: NAV Helper
CLSID name: CNavExtBho Class
Path: c:\Program Files\Norton Internet Security\Norton AntiVirus\
Long name: NAVSHEXT.DLL
Short name:
Date (created): 10/7/2005 12:25:52 AM
Date (last access): 1/31/2009 8:29:44 PM
Date (last write): 5/23/2007 12:13:40 PM
Filesize: 140912
Attributes: archive
MD5: 488EBFD8A248EB6E26CD6840C6E3788C
CRC32: 1C84CFEE
Version: 12.8.0.4

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 2/22/2006 8:00:12 PM
Date (last access): 1/31/2009 7:39:40 PM
Date (last write): 2/22/2006 8:00:12 PM
Filesize: 1157120
Attributes: readonly archive
MD5: 8B5A0B5054E5A604E6FA6C87450C6649
CRC32: F2047595
Version: 3.0.124.6

{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (HpWebHelper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: HpWebHelper
CLSID name: hpWebHelper Class
Path: C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\
Long name: WebHelper.dll
Short name: WEBHEL~1.DLL
Date (created): 2/22/2006 7:53:28 PM
Date (last access): 1/31/2009 8:16:00 PM
Date (last write): 2/22/2006 7:53:28 PM
Filesize: 217088
Attributes: archive
MD5: A0EF773AA00AFAF320E7404304EC5220
CRC32: 210919B9
Version: 1.0.0.1



--- ActiveX list ---
{44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class)
DPF name:
CLSID name: Symantec Script Runner Class
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\tgctlsr.inf
Codebase: https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\
Long name: tgctlsr.dll
Short name:
Date (created): 9/3/2007 9:14:10 AM
Date (last access): 1/31/2009 8:29:44 PM
Date (last write): 9/3/2007 9:14:10 AM
Filesize: 578848
Attributes: archive
MD5: 11B757C44B95B50ECE47B3E1128B8A2B
CRC32: 384A8A8C
Version: 6.9.2674.0

{5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module)
DPF name:
CLSID name: Windows Live Safety Center Base Module
Installer: C:\WINDOWS\Downloaded Program Files\wlscBase.inf
Codebase: http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: wlscBase.dll
Short name:
Date (created): 10/28/2008 4:25:00 PM
Date (last access): 1/31/2009 7:48:32 PM
Date (last write): 10/28/2008 4:25:00 PM
Filesize: 453512
Attributes: archive
MD5: 3D6124E95D5351CD62D414CAF9148BD7
CRC32: 3609DEA4
Version: 1.9.6662.1



--- Process list ---
PID: 0 ( 0) [System]
PID: 696 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 760 ( 696) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 788 ( 696) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 832 ( 788) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 844 ( 788) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1016 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1064 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1160 ( 832) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1220 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1260 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1596 ( 832) c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
size: 169320
MD5: 3D6268B8EC5EE11BBAF9256252869589
PID: 1660 (1640) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1728 ( 832) c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
size: 191848
MD5: 0ED8EAF3FB6FB671103EECF52CF0D685
PID: 1812 ( 832) c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
size: 202088
MD5: B5DA112DE760722A829F4FDE067F12B0
PID: 1824 ( 832) c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
size: 214672
MD5: D09CFA6D5866ACBDD75AA3888225DFBA
PID: 1892 ( 832) c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
size: 1160800
MD5: 780DE647691972907D86194577F58C43
PID: 1928 ( 832) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
size: 1251720
MD5: FA2F6A8849219B16460BF44F9D1F3AA7
PID: 340 ( 832) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 7435B108B935E42EA92CA94F59C8E717
PID: 612 ( 832) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
size: 100032
MD5: 7768CE75C5CBF0D8F441CE2BBD806B7F
PID: 640 ( 832) C:\WINDOWS\eHome\ehRecvr.exe
size: 237568
MD5: 8301243BDE5B6CD316D79C0191D50D9A
PID: 656 ( 832) C:\WINDOWS\eHome\ehSched.exe
size: 102912
MD5: A53243709439AC2A4C216B817F8D7411
PID: 768 ( 832) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
size: 73728
MD5: 9696786759C4B43FA5C894747E893EA2
PID: 968 ( 832) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 1116 ( 832) c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
size: 139888
MD5: 606C21D97649E5C44B94763380F07B7C
PID: 1364 ( 832) C:\WINDOWS\system32\nvsvc32.exe
size: 131139
MD5: 95CAEC95D6777CE7D6B7091BC4D91CEB
PID: 1492 ( 832) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 2164 ( 832) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: DF0A511F38F16016BF658FCA0090CB87
PID: 2256 ( 832) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: DD87DB7387B9EB441C5674888A0D840C
PID: 2524 (1660) C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 7A21E06385E748E9CB0252F1BBC493F1
PID: 2532 (1660) C:\WINDOWS\ARPWRMSG.EXE
size: 77312
MD5: B596347A26DC054EBB44EB3BC8E95B0A
PID: 2564 (1660) C:\WINDOWS\RTHDCPL.EXE
size: 15969280
MD5: 1A909655D01FFA91090026FDA9E5B664
PID: 2592 (1660) C:\Program Files\DISC\DISCover.exe
size: 1064960
MD5: 58292A55B2D232987FDEC946A7D05A7C
PID: 2644 (1660) C:\Program Files\DISC\DiscUpdateMgr.exe
size: 61440
MD5: AE8C96C6BA1465AE227D8292BCA15B17
PID: 2660 (1660) C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
size: 90112
MD5: 8C1846CF3628C1AF15E8A21BB48CB38A
PID: 2708 (1660) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
size: 53096
MD5: E49A329D21C9D2085128D185A45C6D6A
PID: 2732 (2592) C:\Program Files\DISC\DiscGui.exe
size: 237568
MD5: C5E0A639877C380134A8A36E02143D1D
PID: 2756 (1660) C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
size: 49152
MD5: AC116F16A7716A720A45D7EA47CFD983
PID: 2768 (1016) C:\WINDOWS\eHome\ehmsas.exe
size: 46592
MD5: 03A905FBA1D62317087DB5C21C0F8F62
PID: 2792 (1660) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 3120 (1016) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 218112
MD5: 075EA6C849AB0FE416A3D6DD65C3CF41
PID: 3452 ( 832) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 4084 (2592) C:\Program Files\DISC\DiscStreamHub.exe
size: 49152
MD5: B925F41F1FAEED2F732FD800E280F4E7
PID: 2124 (2724) C:\HP\KBD\KBD.EXE
size: 61440
MD5: C81BE1B951C36E97D3DA90DA745DA5F7
PID: 2636 ( 832) c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
size: 750720
MD5: BDFD869422054A90372BF26FF4442C27
PID: 2744 (2724) c:\windows\system\hpsysdrv.exe
size: 52736
MD5: 06A1ECB63DF139EC639E084D4AB3C9D7
PID: 1060 (2724) C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
size: 36975
MD5: 4428823C1EDCC549E3F494F7A90B46A3
PID: 1692 (1060) C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
size: 241775
MD5: 21B7B06BE63DA790A031328CEBCDD715
PID: 3264 (1660) C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
size: 768512
MD5: 3BA608F5B5EB81B972E047FCC1813BFE
PID: 4060 ( 788) C:\PROGRA~1\SPYBOT~1\LQHKNJ~1.SCR
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System
PID: 4036 (1016) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 3172 (4060) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2144088
MD5: 896A1DB9A972AD2339C2E8569EC926D1


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 1/31/2009 8:39:17 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{889ED6B4-0069-41CB-BBB0-F4E904B3ADF4}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{889ED6B4-0069-41CB-BBB0-F4E904B3ADF4}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{334B3E76-6399-4315-9785-D04B716B7E1C}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{334B3E76-6399-4315-9785-D04B716B7E1C}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{892900FC-9814-4488-99C0-81491C1EE93D}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{892900FC-9814-4488-99C0-81491C1EE93D}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D589907-2D53-4DBA-8511-D302D05BE3EB}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D589907-2D53-4DBA-8511-D302D05BE3EB}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FECA2202-8AB9-4832-997F-0DA2317240A6}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FECA2202-8AB9-4832-997F-0DA2317240A6}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
 
Hello bonniboo,
bonniboo said:
I am using IE 6.0.
Click to expand...

Is there a reason you haven't upgraded to IE 7 which is a more secure browser than IE6?
bonniboo said:
I have removed over 151 viruses called Packed.Generic.200 which seems to be all over my computer. I also had a huge trojan which had like .Kotz in the name????? IDK
Click to expand...
What security programs were installed before you found the computer was infected, as opposed to installing afterwards?
Also is a firewall running, if so which one.

bonniboo said:
I have restored my computer to the factory default over six times trying to get rid of all of the viruses and malware and am one step away from throwing this computer away and buying a new one.
Click to expand...

Correction: Did you restore to factory default, or do a system restore-which would not remove infections.

Best regards. :)
 
Last edited:
Hi bonniboo,

In addition, how do you have Windows Updates set to install please.

bonniboo said:
Should I try another spyware remover. I just purchased Kaspersky.
Click to expand...
The log shows Norton Internet Security\Norton AntiVirus\ is installed, is that the program you meant?

Cheers.
 
You must log in or register to reply here.
Back
Top