freija
2008-08-12, 18:45
I am having all sorts of events. CA Anti-Virus and Spybot S&D are busy displaying operations they are performing on my CPU's behalf. How do I clean this machine?
Thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:53 PM, on 8/12/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\AFinding.exe
D:\Program Files\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\macidwe.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\perfs.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\routing.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\sobicyt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\tdxdowkc.exe
D:\Program Files\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\eTrust EZ Antivirus\CAVRID.exe
C:\WINNT\system32\hphmon06.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O1 - Hosts: 64.14.244.60 debtbankonline.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar8.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {23DDAE8C-6A79-4d62-80AA-E95D89CB9811} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar8.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CAVRID] "D:\Program Files\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINNT\system32\hphmon06.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Helios] D:\Program Files\Helios Logger\helios_logger.exe
O4 - HKUS\S-1-5-21-2025429265-113007714-854245398-1000\..\Run: [ctfmon.exe] ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2025429265-113007714-854245398-1000\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2025429265-113007714-854245398-1000\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-2025429265-113007714-854245398-1000\..\Run: [Helios] D:\Program Files\Helios Logger\helios_logger.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] F:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: www.abcnews.com
O15 - Trusted Zone: http://www.airamericaradio.com
O15 - Trusted Zone: http://www.allmusic.com
O15 - Trusted Zone: http://www.americanexpress.com
O15 - Trusted Zone: http://www.americawest.com
O15 - Trusted Zone: http://www.auto.com
O15 - Trusted Zone: www.axaonline.com
O15 - Trusted Zone: http://www.byc.com
O15 - Trusted Zone: http://www.c-span.org
O15 - Trusted Zone: http://consumerdownloads.ca.com
O15 - Trusted Zone: http://www.ca.com
O15 - Trusted Zone: *.ca.com
O15 - Trusted Zone: http://www.census.gov
O15 - Trusted Zone: www.chase.com
O15 - Trusted Zone: http://www.chaseshop.com
O15 - Trusted Zone: http://www.citizensinsurance.biz
O15 - Trusted Zone: www.comcast.com
O15 - Trusted Zone: webbanking.comerica.com
O15 - Trusted Zone: *.comerica.com
O15 - Trusted Zone: http://portal.covisint.com
O15 - Trusted Zone: www.cspan.org
O15 - Trusted Zone: http://www.dailykos.com
O15 - Trusted Zone: http://support.dell.com
O15 - Trusted Zone: www.dell.com
O15 - Trusted Zone: http://www.dell.com
O15 - Trusted Zone: www.delta.com
O15 - Trusted Zone: http://www.delta.com
O15 - Trusted Zone: http://www.earthlink.net
O15 - Trusted Zone: http://www.flexiblebenefit.com
O15 - Trusted Zone: http://www.flexmsa.com
O15 - Trusted Zone: http://everest.dearborn.ford.com
O15 - Trusted Zone: supplier-lb.everest.ford.com
O15 - Trusted Zone: http://www.quality.ford.com
O15 - Trusted Zone: www.freep.com
O15 - Trusted Zone: www.abcnews.go.com
O15 - Trusted Zone: http://www.abcnews.go.com
O15 - Trusted Zone: http://www.grandchallenge.com
O15 - Trusted Zone: http://multimedia.honda-eu.com
O15 - Trusted Zone: http://www.honda.co.uk
O15 - Trusted Zone: www.hotwire.com
O15 - Trusted Zone: http://www.houseandgarden.com
O15 - Trusted Zone: http://h10025.www1.hp.com
O15 - Trusted Zone: www.hsabank.com
O15 - Trusted Zone: http://spaces.icgpartners.com
O15 - Trusted Zone: http://reg.imageshack.us
O15 - Trusted Zone: http://www.imageshack.us
O15 - Trusted Zone: http://www.imgag.com
O15 - Trusted Zone: www.intellicast.com
O15 - Trusted Zone: http://www.intellicast.com
O15 - Trusted Zone: www.joann.com
O15 - Trusted Zone: www.johnkerry.com
O15 - Trusted Zone: http://security.kolla.de
O15 - Trusted Zone: http://tln.lib.mi.us
O15 - Trusted Zone: http://web2.tln.lib.mi.us
O15 - Trusted Zone: http://www.macromedia.com
O15 - Trusted Zone: http://www.mapquest.com
O15 - Trusted Zone: http://www.metaldyne.com
O15 - Trusted Zone: www.metroairport.com
O15 - Trusted Zone: http://www.mi-democrats.com
O15 - Trusted Zone: www.michaelcurry design.com
O15 - Trusted Zone: www.michaelcurrydesign.com
O15 - Trusted Zone: http://www.michaelcurrydesign.com
O15 - Trusted Zone: http://www.michiganradio.org
O15 - Trusted Zone: http://info.my-etrust.com
O15 - Trusted Zone: www.my-etrust.com
O15 - Trusted Zone: http://www.newcranbrooksingers.org
O15 - Trusted Zone: www.npr.org
O15 - Trusted Zone: http://res.nwa.com
O15 - Trusted Zone: www.nwa.com
O15 - Trusted Zone: http://www.nwa.com
O15 - Trusted Zone: http://www.nytimes.com
O15 - Trusted Zone: www.ofoto.com
O15 - Trusted Zone: http://www.perfectosdragones.com
O15 - Trusted Zone: www.pmi.org
O15 - Trusted Zone: *.real.com
O15 - Trusted Zone: http://ilead.realtor.com
O15 - Trusted Zone: www.safer-networking.org
O15 - Trusted Zone: http://atomfilms.shockwave.com
O15 - Trusted Zone: http://www.starbucks.com
O15 - Trusted Zone: www.treas.state.mi.us
O15 - Trusted Zone: http://www.sun.com
O15 - Trusted Zone: http://weeklyad.target.com
O15 - Trusted Zone: dps1.travelocity.com
O15 - Trusted Zone: www.travelocity.com
O15 - Trusted Zone: http://www.travelocity.com
O15 - Trusted Zone: http://www.tvguide.com
O15 - Trusted Zone: ummedia02.rs.itd.umich.edu
O15 - Trusted Zone: http://www.universalcard.com
O15 - Trusted Zone: http://aiw1.uspto.gov
O15 - Trusted Zone: http://aiw2.uspto.gov
O15 - Trusted Zone: http://appft1.uspto.gov
O15 - Trusted Zone: http://patft.uspto.gov
O15 - Trusted Zone: http://patimg2.uspto.gov
O15 - Trusted Zone: http://www.visualtour.com
O15 - Trusted Zone: www.voguepatterns.com
O15 - Trusted Zone: http://lists.votecobb.org
O15 - Trusted Zone: www.wamu.org
O15 - Trusted Zone: http://www.washingtonpost.com
O15 - Trusted Zone: http://www.whitehouse.gov
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126976088096
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/ps/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C16FB97-1F9D-423F-A623-F6171DA8600F}: NameServer = 68.94.156.1,68.94.157.1
O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINNT\system32\AFinding.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - D:\Program Files\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Diskeeper\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINNT\system32\macidwe.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINNT\system32\perfs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: routing Service (routing) - Unknown owner - C:\WINNT\system32\routing.exe
O23 - Service: sobicyt Service (sobicyt) - Unknown owner - C:\WINNT\system32\sobicyt.exe
O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINNT\system32\tdxdowkc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - D:\Program Files\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINNT\system32\WServing.exe (file missing)
--
End of file - 13296 bytes
Thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:53 PM, on 8/12/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\AFinding.exe
D:\Program Files\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\macidwe.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\perfs.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\routing.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\sobicyt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\tdxdowkc.exe
D:\Program Files\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\eTrust EZ Antivirus\CAVRID.exe
C:\WINNT\system32\hphmon06.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O1 - Hosts: 64.14.244.60 debtbankonline.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar8.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {23DDAE8C-6A79-4d62-80AA-E95D89CB9811} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar8.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CAVRID] "D:\Program Files\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINNT\system32\hphmon06.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Helios] D:\Program Files\Helios Logger\helios_logger.exe
O4 - HKUS\S-1-5-21-2025429265-113007714-854245398-1000\..\Run: [ctfmon.exe] ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2025429265-113007714-854245398-1000\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2025429265-113007714-854245398-1000\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-2025429265-113007714-854245398-1000\..\Run: [Helios] D:\Program Files\Helios Logger\helios_logger.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] F:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: www.abcnews.com
O15 - Trusted Zone: http://www.airamericaradio.com
O15 - Trusted Zone: http://www.allmusic.com
O15 - Trusted Zone: http://www.americanexpress.com
O15 - Trusted Zone: http://www.americawest.com
O15 - Trusted Zone: http://www.auto.com
O15 - Trusted Zone: www.axaonline.com
O15 - Trusted Zone: http://www.byc.com
O15 - Trusted Zone: http://www.c-span.org
O15 - Trusted Zone: http://consumerdownloads.ca.com
O15 - Trusted Zone: http://www.ca.com
O15 - Trusted Zone: *.ca.com
O15 - Trusted Zone: http://www.census.gov
O15 - Trusted Zone: www.chase.com
O15 - Trusted Zone: http://www.chaseshop.com
O15 - Trusted Zone: http://www.citizensinsurance.biz
O15 - Trusted Zone: www.comcast.com
O15 - Trusted Zone: webbanking.comerica.com
O15 - Trusted Zone: *.comerica.com
O15 - Trusted Zone: http://portal.covisint.com
O15 - Trusted Zone: www.cspan.org
O15 - Trusted Zone: http://www.dailykos.com
O15 - Trusted Zone: http://support.dell.com
O15 - Trusted Zone: www.dell.com
O15 - Trusted Zone: http://www.dell.com
O15 - Trusted Zone: www.delta.com
O15 - Trusted Zone: http://www.delta.com
O15 - Trusted Zone: http://www.earthlink.net
O15 - Trusted Zone: http://www.flexiblebenefit.com
O15 - Trusted Zone: http://www.flexmsa.com
O15 - Trusted Zone: http://everest.dearborn.ford.com
O15 - Trusted Zone: supplier-lb.everest.ford.com
O15 - Trusted Zone: http://www.quality.ford.com
O15 - Trusted Zone: www.freep.com
O15 - Trusted Zone: www.abcnews.go.com
O15 - Trusted Zone: http://www.abcnews.go.com
O15 - Trusted Zone: http://www.grandchallenge.com
O15 - Trusted Zone: http://multimedia.honda-eu.com
O15 - Trusted Zone: http://www.honda.co.uk
O15 - Trusted Zone: www.hotwire.com
O15 - Trusted Zone: http://www.houseandgarden.com
O15 - Trusted Zone: http://h10025.www1.hp.com
O15 - Trusted Zone: www.hsabank.com
O15 - Trusted Zone: http://spaces.icgpartners.com
O15 - Trusted Zone: http://reg.imageshack.us
O15 - Trusted Zone: http://www.imageshack.us
O15 - Trusted Zone: http://www.imgag.com
O15 - Trusted Zone: www.intellicast.com
O15 - Trusted Zone: http://www.intellicast.com
O15 - Trusted Zone: www.joann.com
O15 - Trusted Zone: www.johnkerry.com
O15 - Trusted Zone: http://security.kolla.de
O15 - Trusted Zone: http://tln.lib.mi.us
O15 - Trusted Zone: http://web2.tln.lib.mi.us
O15 - Trusted Zone: http://www.macromedia.com
O15 - Trusted Zone: http://www.mapquest.com
O15 - Trusted Zone: http://www.metaldyne.com
O15 - Trusted Zone: www.metroairport.com
O15 - Trusted Zone: http://www.mi-democrats.com
O15 - Trusted Zone: www.michaelcurry design.com
O15 - Trusted Zone: www.michaelcurrydesign.com
O15 - Trusted Zone: http://www.michaelcurrydesign.com
O15 - Trusted Zone: http://www.michiganradio.org
O15 - Trusted Zone: http://info.my-etrust.com
O15 - Trusted Zone: www.my-etrust.com
O15 - Trusted Zone: http://www.newcranbrooksingers.org
O15 - Trusted Zone: www.npr.org
O15 - Trusted Zone: http://res.nwa.com
O15 - Trusted Zone: www.nwa.com
O15 - Trusted Zone: http://www.nwa.com
O15 - Trusted Zone: http://www.nytimes.com
O15 - Trusted Zone: www.ofoto.com
O15 - Trusted Zone: http://www.perfectosdragones.com
O15 - Trusted Zone: www.pmi.org
O15 - Trusted Zone: *.real.com
O15 - Trusted Zone: http://ilead.realtor.com
O15 - Trusted Zone: www.safer-networking.org
O15 - Trusted Zone: http://atomfilms.shockwave.com
O15 - Trusted Zone: http://www.starbucks.com
O15 - Trusted Zone: www.treas.state.mi.us
O15 - Trusted Zone: http://www.sun.com
O15 - Trusted Zone: http://weeklyad.target.com
O15 - Trusted Zone: dps1.travelocity.com
O15 - Trusted Zone: www.travelocity.com
O15 - Trusted Zone: http://www.travelocity.com
O15 - Trusted Zone: http://www.tvguide.com
O15 - Trusted Zone: ummedia02.rs.itd.umich.edu
O15 - Trusted Zone: http://www.universalcard.com
O15 - Trusted Zone: http://aiw1.uspto.gov
O15 - Trusted Zone: http://aiw2.uspto.gov
O15 - Trusted Zone: http://appft1.uspto.gov
O15 - Trusted Zone: http://patft.uspto.gov
O15 - Trusted Zone: http://patimg2.uspto.gov
O15 - Trusted Zone: http://www.visualtour.com
O15 - Trusted Zone: www.voguepatterns.com
O15 - Trusted Zone: http://lists.votecobb.org
O15 - Trusted Zone: www.wamu.org
O15 - Trusted Zone: http://www.washingtonpost.com
O15 - Trusted Zone: http://www.whitehouse.gov
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126976088096
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/ps/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C16FB97-1F9D-423F-A623-F6171DA8600F}: NameServer = 68.94.156.1,68.94.157.1
O23 - Service: afinding Service (afinding) - Unknown owner - C:\WINNT\system32\AFinding.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - D:\Program Files\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\Diskeeper\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: macidwe Service (macidwe) - Unknown owner - C:\WINNT\system32\macidwe.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: perfs Service (perfs) - Unknown owner - C:\WINNT\system32\perfs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: routing Service (routing) - Unknown owner - C:\WINNT\system32\routing.exe
O23 - Service: sobicyt Service (sobicyt) - Unknown owner - C:\WINNT\system32\sobicyt.exe
O23 - Service: tdxdowkc Service (tdxdowkc) - Unknown owner - C:\WINNT\system32\tdxdowkc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - D:\Program Files\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: wserving Service (wserving) - Unknown owner - C:\WINNT\system32\WServing.exe (file missing)
--
End of file - 13296 bytes