Report Generated: 4/28/2005 10:55:58 AM Program Version 3.5.0 (Build 198) Using Spyware Definitions 474 Operating System: Windows XP Email: Comments: Running Processes: \??\c:\windows\system32\csrss.exe \??\c:\windows\system32\winlogon.exe \systemroot\system32\smss.exe c:\program files\autoupdate\autoupdate.exe c:\program files\common files\aol\acs\acsd.exe c:\program files\common files\dell\eusw\support.exe c:\program files\cxtpls\cxtpls.exe c:\program files\dell\support\alert\bin\notifyalert.exe c:\program files\mcafee.com\agent\mcagent.exe c:\program files\mcafee.com\shared\mghtml.exe c:\program files\mcafee.com\vso\mcmnhdlr.exe c:\program files\mcafee.com\vso\mcshield.exe c:\program files\mcafee.com\vso\mcvsrte.exe c:\program files\webroot\spy sweeper\spysweeper.exe c:\windows\assembly\nativeimages1_v1.0.3705\notifyalert\2.1.0.72___84fffc6a\notifyalert.exe c:\windows\explorer.exe c:\windows\system\khrtdwer.exe c:\windows\system32\alg.exe c:\windows\system32\cidaemon.exe c:\windows\system32\cisvc.exe c:\windows\system32\lsass.exe c:\windows\system32\ntddetect.exe c:\windows\system32\services.exe c:\windows\system32\sndign32.exe c:\windows\system32\spoolsv.exe c:\windows\system32\svchost.exe c:\windows\system32\tuyuxwb\bgmsn.exe c:\windows\system32\wdfmgr.exe c:\windows\wanmpsvc.exe [Run] HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 HKCU\..\Run: [ntddetect] C:\WINDOWS\system32\ntddetect.exe HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe HKLM\..\Run: [ntddetect] C:\WINDOWS\system32\ntddetect.exe HKLM\..\Run: [bgmsn] C:\WINDOWS\System32\tuyuxwb\bgmsn.exe HKLM\..\Run: [oroxuxj] c:\windows\system32\oroxuxj.exe HKLM\..\Run: [p33V3sX] sndign32.exe HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" HKLM\..\Run: [Disk Keeper] C:\WINDOWS\sys758.exe HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe HKLM\..\RunServices: [ntddetect] C:\WINDOWS\system32\ntddetect.exe [WinLogon] [AppInit_DLLs] [Windows Services] AOL ACS: [ImagePath] C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe AOL ACS: [DisplayName] AOL Connectivity Service bgmsntuyuxwb: [ImagePath] C:\WINDOWS\System32\tuyuxwb\bgmsn.exe bgmsntuyuxwb: [DisplayName] bgmsntuyuxwb iprip: [ImagePath] %SystemRoot%\System32\svchost.exe -k netsvcs kpeeoyjrkfb: [ImagePath] C:\WINDOWS\System32\rkfb\kpeeoyj.exe kpeeoyjrkfb: [DisplayName] kpeeoyjrkfb McShield: [ImagePath] c:\PROGRA~1\mcafee.com\vso\mcshield.exe McShield: [DisplayName] McAfee.com McShield mcupdmgr.exe: [ImagePath] C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe mcupdmgr.exe: [DisplayName] McAfee SecurityCenter Update Manager MCVSRte: [ImagePath] c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding MCVSRte: [DisplayName] McAfee.com VirusScan Online Realtime Engine NMSSvc: [ImagePath] C:\WINDOWS\System32\NMSSvc.exe NMSSvc: [DisplayName] Intel(R) NMS ose: [ImagePath] C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE ose: [DisplayName] Office Source Engine ScsiPort: [ImagePath] %SystemRoot%\system32\drivers\scsiport.sys WANMiniportService: [ImagePath] "C:\WINDOWS\wanmpsvc.exe" WANMiniportService: [DisplayName] WAN Miniport (ATW) Service [Internet Explorer Search Settings] HKCU\..\Internet Explorer: [SearchURL] http://ie.search.msn.com HKCU\..\Main: [Start Page] http://www.hotoffers.info/278/ [URLSearchHooks] [URL Prefixes] [Internet Explorer Security Zones [2=Trusted, 4=Restricted]] [Browser Helper Objects] {016235BE-59D4-4CEB-ADD5-E2378282A1D9} [default] C:\Program Files\CxtPls\cxtpls.dll {53707962-6F74-2D53-2644-206D7942484F} [default] C:\Program Files\Spybot - Search & Destroy\SDHelper.dll {DC3BE0B9-725D-44FD-2E52-0FC2B75641E0} [default] C:\WINDOWS\System32\dexsh.dll [Internet Explorer Toolbars] {BA52B914-B692-46c4-B683-905236F6F655} [McAfee VirusScan] c:\progra~1\mcafee.com\vso\mcvsshl.dll [Internet Explorer Extensions] {FF059E31-CC5A-4E2E-BF3B-96E929D65503} [&Research] C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} [Toolbar Extension for Executable] %SystemRoot%\System32\shdocvw.dll {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} [Toolbar Extension for Executable] %SystemRoot%\System32\shdocvw.dll {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} [Real.com] C:\WINDOWS\System32\Shdocvw.dll {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} [Toolbar Extension for Executable] %SystemRoot%\System32\shdocvw.dll {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} [Toolbar Extension for Executable] %SystemRoot%\System32\shdocvw.dll [Internet Explorer Context Menu] [Internet Explorer Styles] [General Internet Explorer Settings] [Downloaded Program Files] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [QuickTime Object] C:\Program Files\QuickTime\QTPlugin.ocx {166B1BCA-3F9C-11CF-8075-444553540000} [Shockwave ActiveX Control] C:\WINDOWS\System32\macromed\Shockwave 10\Download.dll {CE74A05D-ED12-473A-97F8-85FB0E2F479F} [dlControl.UserControl1] C:\WINDOWS\Downloaded Program Files\dlControl.ocx {D27CDB6E-AE6D-11CF-96B8-444553540000} [Shockwave Flash Object] C:\WINDOWS\System32\macromed\flash\Flash.ocx {E6AAD7A3-468F-11D3-A6F7-0020FE000743} [MailingList Control] C:\WINDOWS\DOWNLO~1\MAILIN~1.OCX {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} [MSN Chat Control 4.5] C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx [Downloaded Program Files - CODEBASE] HKLM\..\Distribution Units\DirectAnimation Java Classes\Contains\Java: [com.ms.dxmedia] HKLM\..\Distribution Units\DirectAnimation Java Classes\Contains\Java: [com.ms.dxmedia.rawcom] HKLM\..\Distribution Units\DirectAnimation Java Classes\DownloadInformation: [CODEBASE] file://C:\WINDOWS\Java\classes\dajava.cab HKLM\..\Distribution Units\DirectAnimation Java Classes\DownloadInformation: [OSD] C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd HKLM\..\Distribution Units\Microsoft XML Parser for Java\Contains\Java: [com.ms.xml.dso] HKLM\..\Distribution Units\Microsoft XML Parser for Java\Contains\Java: [com.ms.xml.om] HKLM\..\Distribution Units\Microsoft XML Parser for Java\Contains\Java: [com.ms.xml.parser] HKLM\..\Distribution Units\Microsoft XML Parser for Java\Contains\Java: [com.ms.xml.util] HKLM\..\Distribution Units\Microsoft XML Parser for Java\DownloadInformation: [CODEBASE] file://C:\WINDOWS\Java\classes\xmldso.cab HKLM\..\Distribution Units\Microsoft XML Parser for Java\DownloadInformation: [OSD] C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd HKLM\..\Distribution Units\WMP10ctrl\Contains\Files: [C:\WINDOWS\Downloaded Program Files\CN_WMP10_Ctrl.ocx] HKLM\..\Distribution Units\WMP10ctrl\DownloadInformation: [CODEBASE] http://www.cinemanow.com/WMP10ctrl.CAB HKLM\..\Distribution Units\WMP10ctrl\DownloadInformation: [OSD] C:\WINDOWS\Downloaded Program Files\OSD3EB.OSD HKLM\..\Distribution Units\{00000075-9980-0010-8000-00AA00389B71}\DownloadInformation: [CODEBASE] http://codecs.microsoft.com/codecs/i386/voxacm.CAB HKLM\..\Distribution Units\{00000075-9980-0010-8000-00AA00389B71}\DownloadInformation: [INF] C:\WINDOWS\Downloaded Program Files\voxacm.inf HKLM\..\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\DownloadInformation: [CODEBASE] http://www.apple.com/qtactivex/qtplugin.cab HKLM\..\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\DownloadInformation: [INF] C:\WINDOWS\Downloaded Program Files\QTPlugin.inf HKLM\..\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\DownloadInformation: [CODEBASE] http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab HKLM\..\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\DownloadInformation: [INF] C:\WINDOWS\Downloaded Program Files\erma.inf HKLM\..\Distribution Units\{33564D57-9980-0010-8000-00AA00389B71}\DownloadInformation: [CODEBASE] http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab HKLM\..\Distribution Units\{33564D57-9980-0010-8000-00AA00389B71}\DownloadInformation: [INF] C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf HKLM\..\Distribution Units\{CE74A05D-ED12-473A-97F8-85FB0E2F479F}\Contains\Files: [C:\WINDOWS\System32\Msvbvm60.dll] HKLM\..\Distribution Units\{CE74A05D-ED12-473A-97F8-85FB0E2F479F}\Contains\Files: [C:\WINDOWS\System32\OLEAUT32.DLL] HKLM\..\Distribution Units\{CE74A05D-ED12-473A-97F8-85FB0E2F479F}\Contains\Files: [C:\WINDOWS\System32\OLEPRO32.DLL] HKLM\..\Distribution Units\{CE74A05D-ED12-473A-97F8-85FB0E2F479F}\Contains\Files: [C:\WINDOWS\System32\ASYCFILT.DLL] HKLM\..\Distribution Units\{CE74A05D-ED12-473A-97F8-85FB0E2F479F}\Contains\Files: [C:\WINDOWS\System32\STDOLE2.TLB] HKLM\..\Distribution Units\{CE74A05D-ED12-473A-97F8-85FB0E2F479F}\Contains\Files: [C:\WINDOWS\System32\COMCAT.DLL] HKLM\..\Distribution Units\{CE74A05D-ED12-473A-97F8-85FB0E2F479F}\Contains\Files: [C:\WINDOWS\System32\objsafe.tlb] HKLM\..\Distribution Units\{CE74A05D-ED12-473A-97F8-85FB0E2F479F}\Contains\Files: [C:\WINDOWS\Downloaded Program Files\dlControl.ocx] HKLM\..\Distribution Units\{CE74A05D-ED12-473A-97F8-85FB0E2F479F}\Contains\Files: [C:\WINDOWS\System32\MSWINSCK.OCX] HKLM\..\Distribution Units\{CE74A05D-ED12-473A-97F8-85FB0E2F479F}\Contains\Files: [C:\WINDOWS\System32\CNFileIO.dll] HKLM\..\Distribution Units\{CE74A05D-ED12-473A-97F8-85FB0E2F479F}\DownloadInformation: [CODEBASE] http://www.cinemanow.com/dlControl_3_0.CAB HKLM\..\Distribution Units\{CE74A05D-ED12-473A-97F8-85FB0E2F479F}\DownloadInformation: [INF] C:\WINDOWS\Downloaded Program Files\dlControl.INF HKLM\..\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation: [CODEBASE] http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab HKLM\..\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation: [INF] C:\WINDOWS\Downloaded Program Files\swflash.inf HKLM\..\Distribution Units\{E6AAD7A3-468F-11D3-A6F7-0020FE000743}\Contains\Files: [C:\WINDOWS\Downloaded Program Files\MailingList.ocx] HKLM\..\Distribution Units\{E6AAD7A3-468F-11D3-A6F7-0020FE000743}\DownloadInformation: [CODEBASE] http://www.jokes.co.il/MailingList.cab HKLM\..\Distribution Units\{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}\Contains\Files: [C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx] HKLM\..\Distribution Units\{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}\DownloadInformation: [CODEBASE] http://chat.msn.com/bin/msnchat45.cab HKLM\..\Distribution Units\{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}\DownloadInformation: [INF] C:\WINDOWS\Downloaded Program Files\MsnChat45.inf [Protocol Filters] {807553E5-5146-11D5-A672-00B0D022E945} [default] C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL [Protocol Handlers] [Winsock LSP's]