Platform: Windows
XP SP1 (WinNT 5.01.2600)
C:\WINDOWS\System32\tsqla.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
C:\Win\msn.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O4 - HKLM\..\Run: [LTT2]
C:\WINDOWS\system\rundll32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Internet Firewall Layer]
tsqla.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [Windows Service Agent]
wgl23.exe
O4 - HKLM\..\RunServices: [Internet Security Service]
nmsq22.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update]
lfdfqpq.exe
O4 - HKLM\..\RunServices: [Systam13]
first.exe
O4 - HKLM\..\RunServices: [Internet Firewall Layer]
tsqla.exe
O4 - HKCU\..\Run: [Internet Firewall Layer]
tsqla.exe
O4 - HKUS\S-1-5-18\..\Run: [Internet Firewall Layer]
tsqla.exe (User '?')
O16 - DPF: {9E7138EE-4E7B-11D5-94EF-006008A4ED7F} (DialZ Class) -
http://216.101.214.150/dnavi/DialX16.CAB
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} -
http://www.greatplugin.com/diallerfiles/013636.exe
O20 - AppInit_DLLs:
608769M.BMP
O23 - Service: MXS(mxs) (MXS) - Unknown owner - C:\WINDOWS\system32\mxs.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)