Thread: Help - troj_startpge.fl virus!
View Single Post
Old 12-02-2005, 08:51 AM   #13 (permalink)
Emmanuel2005
Registered User
 
Join Date: Nov 2005
Posts: 15
OS: WinXP


Hi Reid

As requested here are the latest scans and reports. Thanks.


-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, December 02, 2005 17:19:39
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 2/12/2005
Kaspersky Anti-Virus database records: 153085
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 21052
Number of viruses found: 4
Number of infected objects: 151
Number of suspicious objects: 0
Duration of the scan process: 629 sec

Infected Object Name - Virus Name
C:\HijackThis\backups\backup-20051130-213404-466.dll Infected: Trojan-Downloader.Win32.WinShow.bg
C:\HijackThis\backups\backup-20051130-213404-882.dll Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP1\A0000001.pif:advcpv:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP1\A0000001.pif:mmbfo:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP1\A0000001.pif:qclxnt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP1\A0000001.pif:qgxdmt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP1\A0000001.pif:xfexkr:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP1\A0000002.ini:sfkos:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP1\A0000015.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000055.pif:advcpv:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000055.pif:cqqybn:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000055.pif:mmbfo:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000055.pif:qclxnt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000055.pif:qgxdmt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000055.pif:urbeeq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000055.pif:xfexkr:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000056.ini:sfkos:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000072.pif:advcpv:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000072.pif:cqqybn:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000072.pif:mmbfo:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000072.pif:qclxnt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000072.pif:qgxdmt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000072.pif:urbeeq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000072.pif:xfexkr:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000074.ini:sfkos:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000096.pif:advcpv:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000096.pif:cqqybn:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000096.pif:mmbfo:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000096.pif:qclxnt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000096.pif:qgxdmt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000096.pif:urbeeq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000096.pif:xfexkr:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000098.ini:sfkos:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000111.pif:advcpv:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000111.pif:cqqybn:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000111.pif:mmbfo:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000111.pif:qclxnt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000111.pif:qgxdmt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000111.pif:urbeeq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000111.pif:xfexkr:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000112.ini:sfkos:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000131.dll Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000132.dll Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0000133.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001196.pif:advcpv:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001196.pif:cqqybn:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001196.pif:mmbfo:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001196.pif:qclxnt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001196.pif:qgxdmt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001196.pif:urbeeq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001196.pif:xfexkr:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001197.ini:sfkos:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001218.pif:advcpv:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001218.pif:cqqybn:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001218.pif:hkjfjm:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001218.pif:mmbfo:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001218.pif:qclxnt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001218.pif:qgxdmt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001218.pif:urbeeq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001218.pif:xfexkr:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001218.pif:zlctep:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001219.ini:sfkos:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001228.pif:advcpv:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001228.pif:cqqybn:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001228.pif:hkjfjm:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001228.pif:mmbfo:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001228.pif:qclxnt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001228.pif:qgxdmt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001228.pif:urbeeq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001228.pif:xfexkr:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001228.pif:zlctep:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001229.ini:sfkos:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001235.pif:advcpv:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001235.pif:cqqybn:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001235.pif:hkjfjm:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001235.pif:mmbfo:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001235.pif:qclxnt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001235.pif:qgxdmt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001235.pif:urbeeq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001235.pif:xfexkr:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001235.pif:zlctep:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001236.ini:sfkos:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001246.dll Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001247.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001248.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001249.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001250.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001251.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001252.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001253.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001254.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001255.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001256.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001257.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001258.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001259.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001260.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001261.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001262.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP3\A0001263.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\addko.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\addpu32.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\addtm32.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\addyl32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\apial32.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\apida32.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\apiql.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\apisd32.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\apitb.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\appgr32.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\d3td.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\Fast800.ini:sfkos:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\iexu.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\netpb32.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\netuw.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\ntzt32.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\Q321064.log:bdfvva:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\Rhododendron.bmp:udxixd:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\syski.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\addfm.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\atlhy.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\system32\atljd.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\system32\d3af32.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\system32\d3wk.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\system32\ienu32.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\system32\ipdz.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\javapf.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\system32\mfcfg32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\mfckh32.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\system32\mfcmq32.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\system32\mspw.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\system32\msyc.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\system32\netkc32.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\system32\nettj.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\system32\netwq.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\system32\syskq32.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\system32\syslo.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\system32\sysvn32.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\winbu.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\winip32.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\winwp.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\_default.pif:advcpv:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\WINDOWS\_default.pif:cqqybn:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\WINDOWS\_default.pif:hkjfjm:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\_default.pif:mmbfo:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\WINDOWS\_default.pif:qclxnt:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\_default.pif:qgxdmt:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\_default.pif:urbeeq:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\_default.pif:xfexkr:$DATA Infected: Trojan-Downloader.Win32.WinShow.bg
C:\WINDOWS\_default.pif:zlctep:$DATA Infected: Trojan-Downloader.Win32.Agent.td
D:\System Volume Information\_restore{6BEB3D6C-1E25-4413-B74F-320F256A8AC9}\RP2\A0001183.exe Infected: Trojan.Win32.Dialer.ec

Scan process completed.



WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll

Checking %System% folder...
PEC2 8/4/2004 2:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 11/4/2005 4:27:24 PM 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 11/10/2005 9:17:18 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 11/10/2005 9:17:18 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:00:00 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
PEC2 8/26/1997 163384 C:\WINDOWS\SYSTEM32\ODBCJET.HLP
Umonitor 8/4/2004 2:00:00 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/4/2004 2:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX! 9/26/2005 2:23:54 PM 962672 C:\WINDOWS\SYSTEM32\drivers\VsapiNT.sys
aspack 9/26/2005 2:23:54 PM 962672 C:\WINDOWS\SYSTEM32\drivers\VsapiNT.sys

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/2/2005 5:22:50 PM S 2048 C:\WINDOWS\bootstat.dat
11/10/2005 7:35:56 AM RH 749 C:\WINDOWS\WindowsShell.Manifest
11/10/2005 7:36:02 AM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
11/10/2005 7:36:34 AM HS 67 C:\WINDOWS\Fonts\desktop.ini
11/27/2005 12:59:58 PM RH 0 C:\WINDOWS\forms\MSCREATE.DIR
11/27/2005 12:59:58 PM RH 0 C:\WINDOWS\forms\configs\MSCREATE.DIR
11/27/2005 10:30:26 AM H 0 C:\WINDOWS\inf\oem12.inf
12/2/2005 4:52:14 PM H 0 C:\WINDOWS\LastGood\INF\oem13.inf
12/2/2005 4:52:14 PM H 0 C:\WINDOWS\LastGood\INF\oem13.PNF
11/10/2005 7:36:02 AM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
11/10/2005 7:36:18 AM RHS 727 C:\WINDOWS\pchealth\helpctr\PackageStore\package_1.cab
11/10/2005 7:36:18 AM RHS 19854 C:\WINDOWS\pchealth\helpctr\PackageStore\package_2.cab
11/10/2005 7:36:18 AM RHS 244933 C:\WINDOWS\pchealth\helpctr\PackageStore\package_3.cab
11/10/2005 7:37:02 AM H 225280 C:\WINDOWS\repair\ntuser.dat
11/27/2005 1:04:18 PM RH 0 C:\WINDOWS\SendTo\MSCREATE.DIR
11/10/2005 7:35:56 AM RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
11/10/2005 7:36:02 AM RH 488 C:\WINDOWS\system32\logonui.exe.manifest
11/10/2005 7:35:56 AM RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
11/10/2005 7:35:56 AM RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
11/10/2005 7:35:56 AM RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
11/10/2005 7:36:02 AM RH 488 C:\WINDOWS\system32\WindowsLogon.manifest
11/10/2005 7:35:56 AM RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
10/5/2005 8:33:38 PM S 12849 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat
10/5/2005 3:17:40 AM S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
12/2/2005 5:22:44 PM H 8192 C:\WINDOWS\system32\config\default.LOG
12/2/2005 5:23:00 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
12/2/2005 5:22:52 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
12/2/2005 5:26:28 PM H 73728 C:\WINDOWS\system32\config\software.LOG
12/2/2005 5:22:54 PM H 921600 C:\WINDOWS\system32\config\system.LOG
11/9/2005 11:14:48 PM H 1024 C:\WINDOWS\system32\config\TempKey.LOG
11/9/2005 11:14:48 PM H 1024 C:\WINDOWS\system32\config\userdiff.LOG
11/30/2005 3:17:24 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
11/9/2005 11:16:34 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini
11/25/2005 3:22:16 PM S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
11/25/2005 3:22:16 PM S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
11/9/2005 11:16:34 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini
11/10/2005 7:43:04 AM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini
11/10/2005 7:43:04 AM HS 113 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini
11/10/2005 7:43:04 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini
11/10/2005 7:43:04 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
11/10/2005 7:43:04 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\23GNE3AT\desktop.ini
11/10/2005 7:43:04 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OB8LKDG5\desktop.ini
11/10/2005 7:43:04 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\U3KT896H\desktop.ini
11/10/2005 7:43:04 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Y3YJ4LSN\desktop.ini
11/10/2005 7:36:04 AM HS 181 C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini
11/9/2005 11:16:34 PM HS 62 C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini
11/10/2005 7:37:00 AM HS 148 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini
11/10/2005 7:37:00 AM HS 482 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini
11/10/2005 7:37:00 AM HS 348 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini
11/10/2005 7:37:00 AM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini
11/10/2005 7:37:00 AM HS 84 C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
11/29/2005 10:39:02 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\41786dfc-88d1-43e4-a277-2a9c5c0d3e42
11/29/2005 10:39:02 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
11/10/2005 7:43:10 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\4255fd73-d732-47c5-b8f2-27273fc1a33a
11/10/2005 7:43:10 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
12/2/2005 5:21:50 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:00:00 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Iomega Corporation 9/24/2002 4:44:10 PM 151552 C:\WINDOWS\SYSTEM32\ADPanel.cpl
Realtek Semiconductor Corp. 4/6/2005 12:58:48 PM 294912 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/4/2004 2:00:00 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/26/1997 53520 C:\WINDOWS\SYSTEM32\MLCFG32.CPL
Microsoft Corporation 8/4/2004 2:00:00 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 12/2/2004 5:21:00 AM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Realtek Semiconductor Corp. 3/17/2005 5:43:34 AM 262144 C:\WINDOWS\SYSTEM32\RTSndMgr.CPL
Silicon Image 4/25/2005 2:30:26 PM R 78336 C:\WINDOWS\SYSTEM32\SilSupp.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/4/2004 2:00:00 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
11/27/2005 1:37:00 PM 910 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
11/10/2005 7:37:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
11/26/2005 5:01:30 AM 857 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
11/27/2005 1:10:58 PM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
11/9/2005 11:16:34 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
11/10/2005 7:37:00 AM HS 84 C:\Documents and Settings\user\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
11/9/2005 11:16:34 PM HS 62 C:\Documents and Settings\user\Application Data\desktop.ini
11/29/2005 6:50:48 PM 0 C:\Documents and Settings\user\Application Data\Install.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\iRivEncrypt
{10020E84-840F-474A-9B5C-B043F0EBFC65} = C:\Program Files\iRiver\HSeries\iRivEncrypt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZpCtxMenu
{6946AA04-2B53-11d4-9504-00D0B70779F8} = C:\Program Files\Netzip Classic\ZpCtxMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\Internet Security 14\Tmdshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\iRivEncrypt
{10020E84-840F-474A-9B5C-B043F0EBFC65} = C:\Program Files\iRiver\HSeries\iRivEncrypt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ZpCtxMenu
{6946AA04-2B53-11d4-9504-00D0B70779F8} = C:\Program Files\Netzip Classic\ZpCtxMenu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\Internet Security 14\Tmdshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZpCtxMenu
{6946AA04-2B53-11d4-9504-00D0B70779F8} = C:\Program Files\Netzip Classic\ZpCtxMenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C24F68F-330D-3834-5594-F52CB787AE93}
Class = C:\WINDOWS\system32\ipwm32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E519B7D-60F7-36E0-6009-671EAD1F7C44}
Class = C:\WINDOWS\sdksr.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{849E652D-E279-49D1-44C6-6C7123362280}
Class = C:\WINDOWS\d3sr32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
RTHDCPL RTHDCPL.EXE
Alcmtr ALCMTR.EXE
RemoteControl "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
InCD C:\Program Files\Ahead\InCD\InCD.exe
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
nMTaskBarService nMtsk.exe
pccguide.exe "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
ADUserMon C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
Iomega Drive Icons C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
Deskup C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
iHP-100 C:\Program Files\iRiver\HSeries\iHPDetect.exe
ipxk.exe C:\WINDOWS\SYSTEM32\IPXK.EXE
B5.tmp C:\DOCUME~1\user\LOCALS~1\Temp\B5.tmp.exe
B7.tmp C:\DOCUME~1\user\LOCALS~1\Temp\B7.tmp.exe
B5.tmp.exe C:\DOCUME~1\user\LOCALS~1\Temp\B5.tmp.exe
B7.tmp.exe C:\DOCUME~1\user\LOCALS~1\Temp\B7.tmp.exe
netgf.exe C:\WINDOWS\NETGF.EXE
MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Network Service
Windows Internet Protocol

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12/2/2005 5:34:23 PM



REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"nMTaskBarService"="nMtsk.exe"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 14\\pccguide.exe\""
"ADUserMon"="C:\\Program Files\\Iomega\\AutoDisk\\ADUserMon.exe"
"Iomega Drive Icons"="C:\\Program Files\\Iomega\\DriveIcons\\ImgIcon.exe"
"Deskup"="C:\\Program Files\\Iomega\\DriveIcons\\deskup.exe /IMGSTART"
"iHP-100"="C:\\Program Files\\iRiver\\HSeries\\iHPDetect.exe"
"ipxk.exe"="C:\\WINDOWS\\SYSTEM32\\IPXK.EXE"
"B5.tmp"="C:\\DOCUME~1\\user\\LOCALS~1\\Temp\\B5.tmp.exe"
"B7.tmp"="C:\\DOCUME~1\\user\\LOCALS~1\\Temp\\B7.tmp.exe"
"B5.tmp.exe"="C:\\DOCUME~1\\user\\LOCALS~1\\Temp\\B5.tmp.exe"
"B7.tmp.exe"="C:\\DOCUME~1\\user\\LOCALS~1\\Temp\\B7.tmp.exe"
"netgf.exe"="C:\\WINDOWS\\NETGF.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- iRivEncrypt
{10020E84-840F-474A-9B5C-B043F0EBFC65}
C:\Program Files\iRiver\HSeries\iRivEncrypt.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- ZpCtxMenu
{6946AA04-2B53-11d4-9504-00D0B70779F8}
C:\Program Files\Netzip Classic\ZpCtxMenu.dll

Subkey --- {48F45200-91E6-11CE-8A4F-0080C81A28D4}

C:\Program Files\Trend Micro\Internet Security 14\Tmdshell.dll

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Acrobat Assistant.lnk
desktop.ini
DSLMON.lnk
Microsoft Office.lnk
==============================
C:\Documents and Settings\user\Start Menu\Programs\Startup

Acrobat Assistant.lnk
desktop.ini
DSLMON.lnk
Microsoft Office.lnk
desktop.ini
==============================
C:\WINDOWS\system32 cpl files


access.cpl Microsoft Corporation
ADPanel.cpl Iomega Corporation
ALSNDMGR.CPL Realtek Semiconductor Corp.
appwiz.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
main.cpl Microsoft Corporation
MLCFG32.CPL Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nvtuicpl.cpl NVIDIA Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
RTSndMgr.CPL Realtek Semiconductor Corp.
SilSupp.cpl Silicon Image
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation


Logfile of HijackThis v1.99.1
Scan saved at 5:38:30 PM, on 12/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\nMtsk.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\iRiver\HSeries\iHPDetect.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\SAGEM\OTEnet-SAGEM Fast 840\dslmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\elcad.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\elcad.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\elcad.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\elcad.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\elcad.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\elcad.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\elcad.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {5C24F68F-330D-3834-5594-F52CB787AE93} - C:\WINDOWS\system32\ipwm32.dll (file missing)
O2 - BHO: Class - {7E519B7D-60F7-36E0-6009-671EAD1F7C44} - C:\WINDOWS\sdksr.dll (file missing)
O2 - BHO: Class - {849E652D-E279-49D1-44C6-6C7123362280} - C:\WINDOWS\d3sr32.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\HSeries\iHPDetect.exe
O4 - HKLM\..\Run: [ipxk.exe] C:\WINDOWS\SYSTEM32\IPXK.EXE
O4 - HKLM\..\Run: [B5.tmp] C:\DOCUME~1\user\LOCALS~1\Temp\B5.tmp.exe
O4 - HKLM\..\Run: [B7.tmp] C:\DOCUME~1\user\LOCALS~1\Temp\B7.tmp.exe
O4 - HKLM\..\Run: [B5.tmp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\B5.tmp.exe
O4 - HKLM\..\Run: [B7.tmp.exe] C:\DOCUME~1\user\LOCALS~1\Temp\B7.tmp.exe
O4 - HKLM\..\Run: [netgf.exe] C:\WINDOWS\NETGF.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\OTEnet-SAGEM Fast 840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133080125656
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
Emmanuel2005 is offline