dave513
04-19-2006, 10:09 PM
hello,
i'm hoping someone could please help me out with this spyware on my computer. i've run all sorts of scans and it seems to still be present in my computer. anything would help at this point. here is my log:
Logfile of HijackThis v1.99.1
Scan saved at 11:49:57 PM, on 4/19/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT5\System32\smss.exe
C:\WINNT5\system32\winlogon.exe
C:\WINNT5\system32\services.exe
C:\WINNT5\system32\lsass.exe
C:\WINNT5\system32\svchost.exe
C:\WINNT5\system32\spoolsv.exe
C:\WINNT5\system32\E_S00RP1.EXE
C:\WINNT5\System32\svchost.exe
C:\WINNT5\system32\LxrJD31s.exe
C:\WINNT5\system32\regsvc.exe
C:\WINNT5\system32\MSTask.exe
C:\WINNT5\system32\stisvc.exe
C:\WINNT5\System32\WBEM\WinMgmt.exe
C:\WINNT5\System32\mspmspsv.exe
C:\WINNT5\system32\svchost.exe
C:\WINNT5\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = sas.r3.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.r3.attbi.com
R3 - Default URLSearchHook is missing
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT5\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nxtwscc] "C:\WINNT5\System32\nxtwscc.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Microsoft AntiSpyware helper - {04E1B563-B899-446E-B9AA-F86E6FE9ECA7} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {04E1B563-B899-446E-B9AA-F86E6FE9ECA7} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {0A6A5FD8-E452-48DA-92FE-970B42E19EC5} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0A6A5FD8-E452-48DA-92FE-970B42E19EC5} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {23DACAB8-3375-4658-8995-0919746C464D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {23DACAB8-3375-4658-8995-0919746C464D} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {25E6AF89-DFB9-4EC5-8D38-5D55043422CB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {25E6AF89-DFB9-4EC5-8D38-5D55043422CB} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2783DF51-CB1A-4FE6-B7F0-0C564001D2AE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2783DF51-CB1A-4FE6-B7F0-0C564001D2AE} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {33CC9F1E-1CCF-462E-8DB9-E9B3CE683B25} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {33CC9F1E-1CCF-462E-8DB9-E9B3CE683B25} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {3B1695B6-216C-4629-97E0-88CE9A522E61} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3B1695B6-216C-4629-97E0-88CE9A522E61} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {51E7004C-292B-45F0-85CF-E44DA87EA238} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {51E7004C-292B-45F0-85CF-E44DA87EA238} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {57826AB2-4F81-4CCE-A5CD-D3F4D9DC1651} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {57826AB2-4F81-4CCE-A5CD-D3F4D9DC1651} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {585F8105-3866-4638-A4D5-A09FFB023245} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {585F8105-3866-4638-A4D5-A09FFB023245} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5E1C43B2-761B-4CFB-8801-11385EA972F0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5E1C43B2-761B-4CFB-8801-11385EA972F0} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {60A86696-B34B-4352-8997-7B7BDD943D17} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {60A86696-B34B-4352-8997-7B7BDD943D17} - (no file) (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6FCC3576-2D54-4473-BAC4-5090B6C0C300} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6FCC3576-2D54-4473-BAC4-5090B6C0C300} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {701B6700-352E-4175-8B32-583403D39A62} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {701B6700-352E-4175-8B32-583403D39A62} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8248B64E-35B1-4360-884C-F8D706579A53} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8248B64E-35B1-4360-884C-F8D706579A53} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {AB4419FA-D746-4BBC-8738-D58C99E0E366} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AB4419FA-D746-4BBC-8738-D58C99E0E366} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B63C1BEA-6EF6-4F29-AE15-8024468279A5} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B63C1BEA-6EF6-4F29-AE15-8024468279A5} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B8E842F3-E0A7-4F7B-A833-9C677D6A88F7} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B8E842F3-E0A7-4F7B-A833-9C677D6A88F7} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C3D0A540-DB1A-414F-AE82-525734A1E35F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C3D0A540-DB1A-414F-AE82-525734A1E35F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D2AB63B5-01DA-48C3-9264-22FE22AA00C8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D2AB63B5-01DA-48C3-9264-22FE22AA00C8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E619FA5E-D965-4226-956D-7DE76A117BAF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E619FA5E-D965-4226-956D-7DE76A117BAF} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F527FF70-7A0E-4590-A56D-BCE42F751B43} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F527FF70-7A0E-4590-A56D-BCE42F751B43} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.finefind.net
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {0EF3FE41-2E21-14BF-0352-4C7009393F28} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://spinpalace.microgaming.com/spinpalace/FlashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINNT5\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT5\System32\dmadmin.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINNT5\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINNT5\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
i'm hoping someone could please help me out with this spyware on my computer. i've run all sorts of scans and it seems to still be present in my computer. anything would help at this point. here is my log:
Logfile of HijackThis v1.99.1
Scan saved at 11:49:57 PM, on 4/19/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT5\System32\smss.exe
C:\WINNT5\system32\winlogon.exe
C:\WINNT5\system32\services.exe
C:\WINNT5\system32\lsass.exe
C:\WINNT5\system32\svchost.exe
C:\WINNT5\system32\spoolsv.exe
C:\WINNT5\system32\E_S00RP1.EXE
C:\WINNT5\System32\svchost.exe
C:\WINNT5\system32\LxrJD31s.exe
C:\WINNT5\system32\regsvc.exe
C:\WINNT5\system32\MSTask.exe
C:\WINNT5\system32\stisvc.exe
C:\WINNT5\System32\WBEM\WinMgmt.exe
C:\WINNT5\System32\mspmspsv.exe
C:\WINNT5\system32\svchost.exe
C:\WINNT5\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = sas.r3.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.r3.attbi.com
R3 - Default URLSearchHook is missing
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT5\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nxtwscc] "C:\WINNT5\System32\nxtwscc.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Microsoft AntiSpyware helper - {04E1B563-B899-446E-B9AA-F86E6FE9ECA7} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {04E1B563-B899-446E-B9AA-F86E6FE9ECA7} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {0A6A5FD8-E452-48DA-92FE-970B42E19EC5} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0A6A5FD8-E452-48DA-92FE-970B42E19EC5} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {23DACAB8-3375-4658-8995-0919746C464D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {23DACAB8-3375-4658-8995-0919746C464D} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {25E6AF89-DFB9-4EC5-8D38-5D55043422CB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {25E6AF89-DFB9-4EC5-8D38-5D55043422CB} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2783DF51-CB1A-4FE6-B7F0-0C564001D2AE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2783DF51-CB1A-4FE6-B7F0-0C564001D2AE} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {33CC9F1E-1CCF-462E-8DB9-E9B3CE683B25} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {33CC9F1E-1CCF-462E-8DB9-E9B3CE683B25} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {3B1695B6-216C-4629-97E0-88CE9A522E61} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3B1695B6-216C-4629-97E0-88CE9A522E61} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {51E7004C-292B-45F0-85CF-E44DA87EA238} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {51E7004C-292B-45F0-85CF-E44DA87EA238} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {57826AB2-4F81-4CCE-A5CD-D3F4D9DC1651} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {57826AB2-4F81-4CCE-A5CD-D3F4D9DC1651} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {585F8105-3866-4638-A4D5-A09FFB023245} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {585F8105-3866-4638-A4D5-A09FFB023245} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5E1C43B2-761B-4CFB-8801-11385EA972F0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5E1C43B2-761B-4CFB-8801-11385EA972F0} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {60A86696-B34B-4352-8997-7B7BDD943D17} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {60A86696-B34B-4352-8997-7B7BDD943D17} - (no file) (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.ht m (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6FCC3576-2D54-4473-BAC4-5090B6C0C300} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6FCC3576-2D54-4473-BAC4-5090B6C0C300} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {701B6700-352E-4175-8B32-583403D39A62} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {701B6700-352E-4175-8B32-583403D39A62} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8248B64E-35B1-4360-884C-F8D706579A53} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8248B64E-35B1-4360-884C-F8D706579A53} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {AB4419FA-D746-4BBC-8738-D58C99E0E366} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AB4419FA-D746-4BBC-8738-D58C99E0E366} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B63C1BEA-6EF6-4F29-AE15-8024468279A5} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B63C1BEA-6EF6-4F29-AE15-8024468279A5} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B8E842F3-E0A7-4F7B-A833-9C677D6A88F7} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B8E842F3-E0A7-4F7B-A833-9C677D6A88F7} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C3D0A540-DB1A-414F-AE82-525734A1E35F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C3D0A540-DB1A-414F-AE82-525734A1E35F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D2AB63B5-01DA-48C3-9264-22FE22AA00C8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D2AB63B5-01DA-48C3-9264-22FE22AA00C8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E619FA5E-D965-4226-956D-7DE76A117BAF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E619FA5E-D965-4226-956D-7DE76A117BAF} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F527FF70-7A0E-4590-A56D-BCE42F751B43} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F527FF70-7A0E-4590-A56D-BCE42F751B43} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.finefind.net
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {0EF3FE41-2E21-14BF-0352-4C7009393F28} - http://82.179.166.72/1/rdgUS208.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://spinpalace.microgaming.com/spinpalace/FlashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O19 - User stylesheet: (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINNT5\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT5\System32\dmadmin.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINNT5\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINNT5\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe