IT directs me to other sites and it also has disable my windows firewall on my wireless card. Spy-bot will some detect something called system guard, mcafee will detect a Trojan and instruct me to restart my computer. But the problem still persist even when they report that it gone. I NEED HELP here are my logs. I have also tried scanning with malwarebytes it can find somthing too not all the time but the problem is still here.
That is my processes:
2009-01-26 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-01-28 SDWinSec.exe (1.0.0.11)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-09-09 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-02-17 Includes\Adware.sbi
2010-06-01 Includes\AdwareC.sbi
2010-01-25 Includes\Cookies.sbi
2009-11-03 Includes\Dialer.sbi
2010-06-01 Includes\DialerC.sbi
2010-01-25 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2010-06-01 Includes\HijackersC.sbi
2010-06-02 Includes\iPhone.sbi
2010-01-20 Includes\Keyloggers.sbi
2010-06-01 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2010-06-01 Includes\Malware.sbi
2010-06-01 Includes\MalwareC.sbi
2010-05-18 Includes\PUPS.sbi
2010-06-02 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2010-06-01 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2010-03-02 Includes\Spyware.sbi
2010-06-02 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2010-06-01 Includes\Trojans.sbi
2010-06-01 Includes\TrojansC-02.sbi
2010-06-01 Includes\TrojansC-03.sbi
2010-06-01 Includes\TrojansC-04.sbi
2010-06-01 Includes\TrojansC-05.sbi
2010-06-01 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
PID: 0 ( 0) [System]
PID: 3460 (3896) C:\Program Files\AIM6\aim6.exe
size: 49968
MD5: 9DDF21A0182D1E9EEEAC6AA18EA4FD78
PID: 2984 (3460) C:\Program Files\AIM6\aolsoftware.exe
size: 41264
MD5: 1A4055C426FF81550233A32C5CFEA38E
PID: 1384 (1256) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 2656 (3896) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 3840 (1456) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
PID: 756 (1456) C:\WINDOWS\eHome\ehRecvr.exe
size: 237568
MD5: 5D1347AA5AE6E2F77D7F4F8372D95AC9
PID: 780 (1456) C:\WINDOWS\eHome\ehSched.exe
size: 102912
MD5: A53243709439AC2A4C216B817F8D7411
PID: 844 (1456) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
size: 794624
MD5: F10E7AA8BDF4488E3DFA989B8E7F7C9F
PID: 3896 (3632) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1028 (2900) C:\Program Files\Mozilla Firefox\firefox.exe
size: 910296
MD5: 49958506B773E40D31832E3EEDA522E7
PID: 1116 (1456) C:\Program Files\Java\jre6\bin\jqs.exe
size: 153376
MD5: 77AC10DB097DFD0CD3071465B644D0AB
PID: 1468 (1408) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 3332 (3896) C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 1180976
MD5: 76214141C70A8E98C5F7F5A904C0EA04
PID: 2592 (1456) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: DF0A511F38F16016BF658FCA0090CB87
PID: 1212 (1456) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
size: 93320
MD5: 454D8F0F3BDD3D68F7FF1065E478000E
PID: 2752 (1456) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
size: 170144
MD5: B987DCF1EFE87AB2E4D7F37ADB75C1A6
PID: 1664 (1456) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
size: 271480
MD5: 4175775A62EE719752B7867470BAD409
PID: 2836 (1456) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
size: 188136
MD5: E96F9CF4F8D244FDD5181FE90826E28F
PID: 2020 (1456) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
size: 141792
MD5: B0E1CE9ED1E5EA5642EB6602016B70CC
PID: 3716 (1456) C:\WINDOWS\system32\msiexec.exe
size: 78848
MD5: 5879D691E842574A20FE63817CB76DF9
PID: 5400 (3716) C:\WINDOWS\system32\MsiExec.exe
size: 78848
MD5: 5879D691E842574A20FE63817CB76DF9
PID: 4388 (3716) C:\WINDOWS\system32\MsiExec.exe
size: 78848
MD5: 5879D691E842574A20FE63817CB76DF9
PID: 3248 (3896) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3883856
MD5: D39DA5B7139B4B5147B3C6A94978B5AA
PID: 408 (1456) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
size: 483328
MD5: 7274BD434B6165BAA382BDD87F6CA4CE
PID: 3984 (1212) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: 037B1E7798960E0420003D05BB577EE6
PID: 1920 (1456) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
size: 1183744
MD5: 20F261E78CCF0EA36D4FE2C363A2EF8A
PID: 1032 (1456) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
size: 240512
MD5: 271077B91D7AD1B616F8AFDFE8E3F981
PID: 1456 (1408) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 1256 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 596 (1456) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 3344 (3896) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 2280 (1456) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 696 (1456) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2412 (1456) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 308 (1456) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 276 (1456) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1760 (1456) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1804 (1456) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1716 (1456) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1640 (1456) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 4 ( 0) System
PID: 3328 (3896) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
size: 136768
MD5: 5DC6DA1B20E62BBA3EB5716367DA580D
PID: 1408 (1256) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 2096 (1640) C:\Program Files\Windows Live\Contacts\wlcomm.exe
size: 27512
MD5: 654480EA67078C7B4C6C8BA871B07D5D
PID: 2528 (1456) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
size: 356352
MD5: C2ED9211101F3C9CF70B9CBDB3E99C8C
PID: 5944 (1760) C:\WINDOWS\system32\wuauclt.exe
size: 53472
MD5: 62BB79160F86CD962F312C68C6239BFD
PID: 3188 (1760) C:\WINDOWS\system32\wuauclt.exe
size: 53472
MD5: 62BB79160F86CD962F312C68C6239BFD
Here is my start up process:
2009-01-26 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-01-28 SDWinSec.exe (1.0.0.11)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-09-09 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-02-17 Includes\Adware.sbi
2010-06-01 Includes\AdwareC.sbi
2010-01-25 Includes\Cookies.sbi
2009-11-03 Includes\Dialer.sbi
2010-06-01 Includes\DialerC.sbi
2010-01-25 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2010-06-01 Includes\HijackersC.sbi
2010-06-02 Includes\iPhone.sbi
2010-01-20 Includes\Keyloggers.sbi
2010-06-01 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2010-06-01 Includes\Malware.sbi
2010-06-01 Includes\MalwareC.sbi
2010-05-18 Includes\PUPS.sbi
2010-06-02 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2010-06-01 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2010-03-02 Includes\Spyware.sbi
2010-06-02 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2010-06-01 Includes\Trojans.sbi
2010-06-01 Includes\TrojansC-02.sbi
2010-06-01 Includes\TrojansC-03.sbi
2010-06-01 Includes\TrojansC-04.sbi
2010-06-01 Includes\TrojansC-05.sbi
2010-06-01 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, McAfeeUpdaterUI
command: "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
file: C:\Program Files\McAfee\Common Framework\UdaterUI.exe
size: 136768
MD5: 5DC6DA1B20E62BBA3EB5716367DA580D
Located: HK_LM:Run, mcui_exe
command: "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
file: C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 1180976
MD5: 76214141C70A8E98C5F7F5A904C0EA04
Located: HK_LM:Run, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
Located: HK_CU:Run, Aim6
where: S-1-5-21-329068152-287218729-725345543-1004...
command: "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
file: C:\Program Files\AIM6\aim6.exe
size: 49968
MD5: 9DDF21A0182D1E9EEEAC6AA18EA4FD78
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-329068152-287218729-725345543-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, msnmsgr
where: S-1-5-21-329068152-287218729-725345543-1004...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3883856
MD5: D39DA5B7139B4B5147B3C6A94978B5AA
Located: HK_CU:Run, dsupxvkl (DISABLED)
where: S-1-5-21-329068152-287218729-725345543-1004...
command: C:\Documents and Settings\Kendra\Local Settings\Application Data\rjaibbfvb\uppfyoctssd.exe
file: C:\Documents and Settings\Kendra\Local Settings\Application Data\rjaibbfvb\uppfyoctssd.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-329068152-287218729-725345543-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, QuickTime Task
where: S-1-5-21-329068152-287218729-725345543-1005...
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 417792
MD5: 55D7A219AD8D0DB8980528944152A6FD
Located: HK_CU:Run, swg
where: S-1-5-21-329068152-287218729-725345543-1005...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
Located: HK_CU:Run, Aim6
where: S-1-5-21-329068152-287218729-725345543-500...
command: "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
file: C:\Program Files\AIM6\aim6.exe
size: 49968
MD5: 9DDF21A0182D1E9EEEAC6AA18EA4FD78
Located: HK_CU:Run, msnmsgr
where: S-1-5-21-329068152-287218729-725345543-500...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3883856
MD5: D39DA5B7139B4B5147B3C6A94978B5AA
Located: HK_CU:Run, Skype
where: S-1-5-21-329068152-287218729-725345543-500...
command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Program Files\Skype\Phone\Skype.exe
size: 26102056
MD5: 034AC2B2757FE6841AB092ECADA891B9
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-329068152-287218729-725345543-500...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-329068152-287218729-725345543-501...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, QuickTime Task
where: S-1-5-21-329068152-287218729-725345543-501...
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 417792
MD5: 55D7A219AD8D0DB8980528944152A6FD
Located: Startup (user), Xfire.lnk
where: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup...
command: C:\Program Files\Xfire\Xfire.exe
file: C:\Program Files\Xfire\Xfire.exe
size: 3250576
MD5: 2DF5996A8A811C2FB63C57E63B26C500
Located: Startup (disabled), Adobe Reader Speed Launch (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
file: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
size: 29696
MD5: DEB88AEF013DD1EEFB462D7CAD642166
Located: Startup (disabled), HP Digital Imaging Monitor (DISABLED)
command: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe
file: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe
size: 282624
MD5: A9D65CEEEC7844C9A0C6B445BCBE7823
Located: Startup (disabled), hp psc 1000 series (DISABLED)
command: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe
file: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe
size: 147456
MD5: 03163BAF3A5DBF8742804093931D7D32
Located: Startup (disabled), hpoddt01.exe (DISABLED)
command: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
file: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
size: 28672
MD5: A564A22308A3F55235BA2478EE82992D
Located: Startup (disabled), McAfee Security Scan Plus (DISABLED)
command: C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE
file: C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE
size: 255536
MD5: 89F7C30A91E5581BDF14C62AB46A2B2D
Located: Startup (disabled), Microsoft Office (DISABLED)
command: C:\PROGRA~1\MI1933~1\Office10\OSA.EXE -b -l
file: C:\PROGRA~1\MI1933~1\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
That is my processes:
2009-01-26 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-01-28 SDWinSec.exe (1.0.0.11)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-09-09 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-02-17 Includes\Adware.sbi
2010-06-01 Includes\AdwareC.sbi
2010-01-25 Includes\Cookies.sbi
2009-11-03 Includes\Dialer.sbi
2010-06-01 Includes\DialerC.sbi
2010-01-25 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2010-06-01 Includes\HijackersC.sbi
2010-06-02 Includes\iPhone.sbi
2010-01-20 Includes\Keyloggers.sbi
2010-06-01 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2010-06-01 Includes\Malware.sbi
2010-06-01 Includes\MalwareC.sbi
2010-05-18 Includes\PUPS.sbi
2010-06-02 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2010-06-01 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2010-03-02 Includes\Spyware.sbi
2010-06-02 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2010-06-01 Includes\Trojans.sbi
2010-06-01 Includes\TrojansC-02.sbi
2010-06-01 Includes\TrojansC-03.sbi
2010-06-01 Includes\TrojansC-04.sbi
2010-06-01 Includes\TrojansC-05.sbi
2010-06-01 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
PID: 0 ( 0) [System]
PID: 3460 (3896) C:\Program Files\AIM6\aim6.exe
size: 49968
MD5: 9DDF21A0182D1E9EEEAC6AA18EA4FD78
PID: 2984 (3460) C:\Program Files\AIM6\aolsoftware.exe
size: 41264
MD5: 1A4055C426FF81550233A32C5CFEA38E
PID: 1384 (1256) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 2656 (3896) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
PID: 3840 (1456) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: 0A9BA6AF531AFE7FA5E4FB973852D863
PID: 756 (1456) C:\WINDOWS\eHome\ehRecvr.exe
size: 237568
MD5: 5D1347AA5AE6E2F77D7F4F8372D95AC9
PID: 780 (1456) C:\WINDOWS\eHome\ehSched.exe
size: 102912
MD5: A53243709439AC2A4C216B817F8D7411
PID: 844 (1456) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
size: 794624
MD5: F10E7AA8BDF4488E3DFA989B8E7F7C9F
PID: 3896 (3632) C:\WINDOWS\Explorer.EXE
size: 1033728
MD5: 12896823FB95BFB3DC9B46BCAEDC9923
PID: 1028 (2900) C:\Program Files\Mozilla Firefox\firefox.exe
size: 910296
MD5: 49958506B773E40D31832E3EEDA522E7
PID: 1116 (1456) C:\Program Files\Java\jre6\bin\jqs.exe
size: 153376
MD5: 77AC10DB097DFD0CD3071465B644D0AB
PID: 1468 (1408) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: BF2466B3E18E970D8A976FB95FC1CA85
PID: 3332 (3896) C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 1180976
MD5: 76214141C70A8E98C5F7F5A904C0EA04
PID: 2592 (1456) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: DF0A511F38F16016BF658FCA0090CB87
PID: 1212 (1456) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
size: 93320
MD5: 454D8F0F3BDD3D68F7FF1065E478000E
PID: 2752 (1456) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
size: 170144
MD5: B987DCF1EFE87AB2E4D7F37ADB75C1A6
PID: 1664 (1456) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
size: 271480
MD5: 4175775A62EE719752B7867470BAD409
PID: 2836 (1456) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
size: 188136
MD5: E96F9CF4F8D244FDD5181FE90826E28F
PID: 2020 (1456) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
size: 141792
MD5: B0E1CE9ED1E5EA5642EB6602016B70CC
PID: 3716 (1456) C:\WINDOWS\system32\msiexec.exe
size: 78848
MD5: 5879D691E842574A20FE63817CB76DF9
PID: 5400 (3716) C:\WINDOWS\system32\MsiExec.exe
size: 78848
MD5: 5879D691E842574A20FE63817CB76DF9
PID: 4388 (3716) C:\WINDOWS\system32\MsiExec.exe
size: 78848
MD5: 5879D691E842574A20FE63817CB76DF9
PID: 3248 (3896) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3883856
MD5: D39DA5B7139B4B5147B3C6A94978B5AA
PID: 408 (1456) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
size: 483328
MD5: 7274BD434B6165BAA382BDD87F6CA4CE
PID: 3984 (1212) C:\WINDOWS\system32\rundll32.exe
size: 33280
MD5: 037B1E7798960E0420003D05BB577EE6
PID: 1920 (1456) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
size: 1183744
MD5: 20F261E78CCF0EA36D4FE2C363A2EF8A
PID: 1032 (1456) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
size: 240512
MD5: 271077B91D7AD1B616F8AFDFE8E3F981
PID: 1456 (1408) C:\WINDOWS\system32\services.exe
size: 110592
MD5: 65DF52F5B8B6E9BBD183505225C37315
PID: 1256 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 596 (1456) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
PID: 3344 (3896) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 2280 (1456) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 696 (1456) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 2412 (1456) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 308 (1456) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 276 (1456) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1760 (1456) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1804 (1456) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1716 (1456) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 1640 (1456) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
PID: 4 ( 0) System
PID: 3328 (3896) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
size: 136768
MD5: 5DC6DA1B20E62BBA3EB5716367DA580D
PID: 1408 (1256) \??\C:\WINDOWS\system32\winlogon.exe
size: 507904
PID: 2096 (1640) C:\Program Files\Windows Live\Contacts\wlcomm.exe
size: 27512
MD5: 654480EA67078C7B4C6C8BA871B07D5D
PID: 2528 (1456) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
size: 356352
MD5: C2ED9211101F3C9CF70B9CBDB3E99C8C
PID: 5944 (1760) C:\WINDOWS\system32\wuauclt.exe
size: 53472
MD5: 62BB79160F86CD962F312C68C6239BFD
PID: 3188 (1760) C:\WINDOWS\system32\wuauclt.exe
size: 53472
MD5: 62BB79160F86CD962F312C68C6239BFD
Here is my start up process:
2009-01-26 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-01-28 SDWinSec.exe (1.0.0.11)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-09-09 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-02-17 Includes\Adware.sbi
2010-06-01 Includes\AdwareC.sbi
2010-01-25 Includes\Cookies.sbi
2009-11-03 Includes\Dialer.sbi
2010-06-01 Includes\DialerC.sbi
2010-01-25 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2010-06-01 Includes\HijackersC.sbi
2010-06-02 Includes\iPhone.sbi
2010-01-20 Includes\Keyloggers.sbi
2010-06-01 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2010-06-01 Includes\Malware.sbi
2010-06-01 Includes\MalwareC.sbi
2010-05-18 Includes\PUPS.sbi
2010-06-02 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2010-06-01 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2010-03-02 Includes\Spyware.sbi
2010-06-02 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2010-06-01 Includes\Trojans.sbi
2010-06-01 Includes\TrojansC-02.sbi
2010-06-01 Includes\TrojansC-03.sbi
2010-06-01 Includes\TrojansC-04.sbi
2010-06-01 Includes\TrojansC-05.sbi
2010-06-01 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, McAfeeUpdaterUI
command: "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
file: C:\Program Files\McAfee\Common Framework\UdaterUI.exe
size: 136768
MD5: 5DC6DA1B20E62BBA3EB5716367DA580D
Located: HK_LM:Run, mcui_exe
command: "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
file: C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 1180976
MD5: 76214141C70A8E98C5F7F5A904C0EA04
Located: HK_LM:Run, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
Located: HK_CU:Run, Aim6
where: S-1-5-21-329068152-287218729-725345543-1004...
command: "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
file: C:\Program Files\AIM6\aim6.exe
size: 49968
MD5: 9DDF21A0182D1E9EEEAC6AA18EA4FD78
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-329068152-287218729-725345543-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, msnmsgr
where: S-1-5-21-329068152-287218729-725345543-1004...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3883856
MD5: D39DA5B7139B4B5147B3C6A94978B5AA
Located: HK_CU:Run, dsupxvkl (DISABLED)
where: S-1-5-21-329068152-287218729-725345543-1004...
command: C:\Documents and Settings\Kendra\Local Settings\Application Data\rjaibbfvb\uppfyoctssd.exe
file: C:\Documents and Settings\Kendra\Local Settings\Application Data\rjaibbfvb\uppfyoctssd.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-329068152-287218729-725345543-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, QuickTime Task
where: S-1-5-21-329068152-287218729-725345543-1005...
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 417792
MD5: 55D7A219AD8D0DB8980528944152A6FD
Located: HK_CU:Run, swg
where: S-1-5-21-329068152-287218729-725345543-1005...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 39408
MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
Located: HK_CU:Run, Aim6
where: S-1-5-21-329068152-287218729-725345543-500...
command: "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
file: C:\Program Files\AIM6\aim6.exe
size: 49968
MD5: 9DDF21A0182D1E9EEEAC6AA18EA4FD78
Located: HK_CU:Run, msnmsgr
where: S-1-5-21-329068152-287218729-725345543-500...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 3883856
MD5: D39DA5B7139B4B5147B3C6A94978B5AA
Located: HK_CU:Run, Skype
where: S-1-5-21-329068152-287218729-725345543-500...
command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Program Files\Skype\Phone\Skype.exe
size: 26102056
MD5: 034AC2B2757FE6841AB092ECADA891B9
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-329068152-287218729-725345543-500...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-329068152-287218729-725345543-501...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, QuickTime Task
where: S-1-5-21-329068152-287218729-725345543-501...
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 417792
MD5: 55D7A219AD8D0DB8980528944152A6FD
Located: Startup (user), Xfire.lnk
where: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup...
command: C:\Program Files\Xfire\Xfire.exe
file: C:\Program Files\Xfire\Xfire.exe
size: 3250576
MD5: 2DF5996A8A811C2FB63C57E63B26C500
Located: Startup (disabled), Adobe Reader Speed Launch (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
file: C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
size: 29696
MD5: DEB88AEF013DD1EEFB462D7CAD642166
Located: Startup (disabled), HP Digital Imaging Monitor (DISABLED)
command: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe
file: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe
size: 282624
MD5: A9D65CEEEC7844C9A0C6B445BCBE7823
Located: Startup (disabled), hp psc 1000 series (DISABLED)
command: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe
file: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe
size: 147456
MD5: 03163BAF3A5DBF8742804093931D7D32
Located: Startup (disabled), hpoddt01.exe (DISABLED)
command: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
file: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
size: 28672
MD5: A564A22308A3F55235BA2478EE82992D
Located: Startup (disabled), McAfee Security Scan Plus (DISABLED)
command: C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE
file: C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE
size: 255536
MD5: 89F7C30A91E5581BDF14C62AB46A2B2D
Located: Startup (disabled), Microsoft Office (DISABLED)
command: C:\PROGRA~1\MI1933~1\Office10\OSA.EXE -b -l
file: C:\PROGRA~1\MI1933~1\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
