Okay! So far so good . . .
Per your instructions:
I've disconnected the infected machine from the Internet.
Here are the logs you requested. I noticed that combofix also created a quarantine log so I attached it also.
John
------------
SDFix: Version 1.79
Run by David - Thu 04/26/2007 - 14:42:13.08
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
NDnet1
Runtime
ImagePath:
\??\C:\WINDOWS\System32\ksys.sys
\??\C:\WINDOWS\System32\drivers\runtime.sys
NDnet1 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\system32\7_exception.nls - Deleted
C:\WINDOWS\system32\ksys.sys - Deleted
C:\WINDOWS\system32\rpcc.exe - Deleted
C:\WINDOWS\system32\RunOnce2.t__ - Deleted
C:\WINDOWS\system32\RunOnce2.tm_ - Deleted
Removing Temp Files
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
Remaining Files:
---------------
C:\WINDOWS\system32\ksys.sys Found
C:\WINDOWS\system32\rpcc.exe Found
C:\WINDOWS\system32\RunOnce2.t__ Found
C:\WINDOWS\system32\RunOnce2.tm_ Found
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes:
C:\Program Files\InterActual\InterActual Player\iti8.tmp
C:\WINDOWS\LastGood.Tmp\INF\dxbda.inf
C:\WINDOWS\LastGood.Tmp\INF\dxbda.PNF
C:\WINDOWS\LastGood.Tmp\INF\dxdllreg.inf
C:\WINDOWS\LastGood.Tmp\INF\dxdllreg.PNF
C:\WINDOWS\LastGood.Tmp\INF\dxxp.inf
C:\WINDOWS\LastGood.Tmp\INF\dxxp.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem0.inf
C:\WINDOWS\LastGood.Tmp\INF\oem0.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem1.inf
C:\WINDOWS\LastGood.Tmp\INF\oem1.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem10.inf
C:\WINDOWS\LastGood.Tmp\INF\oem10.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem11.inf
C:\WINDOWS\LastGood.Tmp\INF\oem11.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem12.inf
C:\WINDOWS\LastGood.Tmp\INF\oem12.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem13.inf
C:\WINDOWS\LastGood.Tmp\INF\oem13.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem14.inf
C:\WINDOWS\LastGood.Tmp\INF\oem14.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem15.inf
C:\WINDOWS\LastGood.Tmp\INF\oem15.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem16.inf
C:\WINDOWS\LastGood.Tmp\INF\oem16.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem17.inf
C:\WINDOWS\LastGood.Tmp\INF\oem17.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem18.inf
C:\WINDOWS\LastGood.Tmp\INF\oem18.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem19.inf
C:\WINDOWS\LastGood.Tmp\INF\oem19.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem2.inf
C:\WINDOWS\LastGood.Tmp\INF\oem2.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem3.inf
C:\WINDOWS\LastGood.Tmp\INF\oem3.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem4.inf
C:\WINDOWS\LastGood.Tmp\INF\oem4.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem5.inf
C:\WINDOWS\LastGood.Tmp\INF\oem5.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem6.inf
C:\WINDOWS\LastGood.Tmp\INF\oem6.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem7.inf
C:\WINDOWS\LastGood.Tmp\INF\oem7.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem8.inf
C:\WINDOWS\LastGood.Tmp\INF\oem8.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem9.inf
C:\WINDOWS\LastGood.Tmp\INF\oem9.PNF
Finished
--------------------
Combofix log
"David" - 07-04-26 14:54:47 Service Pack 1
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\David\Desktop\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\6_exception.nls
C:\WINDOWS\system32\888111253.exe
C:\WINDOWS\system32\winupd_KB12931930.exe
C:\WINDOWS\system32\winupd_KB89914297.exe
C:\WINDOWS\system32\ksys.sys
C:\WINDOWS\system32\rpcc.exe
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\NDnet1
-------\Runtime
-------\LEGACY_NDNET1
-------\LEGACY_RUNTIME
((((((((((((((((((((((((((((((( Files Created from 2007-03-26 to 2007-04-26 ))))))))))))))))))))))))))))))))))
2007-04-26 14:52 24,064 --a------ C:\WINDOWS\system32\winupd_KB65919063.exe
2007-04-26 14:47 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-26 14:46 7,296 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
2007-04-26 14:46 11,776 --a------ C:\WINDOWS\system32\winupd_KB58620628.exe
2007-04-26 14:33 20,061 --a------ C:\WINDOWS\system32\winupd_KB69412836.exe
2007-04-26 14:27 20,061 --a------ C:\WINDOWS\system32\winupd_KB08494134.exe
2007-04-26 14:22 20,061 --a------ C:\WINDOWS\system32\winupd_KB26431806.exe
2007-04-26 14:10 20,061 --a------ C:\WINDOWS\system32\winupd_KB56829756.exe
2007-04-26 14:05 20,061 --a------ C:\WINDOWS\system32\winupd_KB59303473.exe
2007-04-26 13:59 20,061 --a------ C:\WINDOWS\system32\winupd_KB70645686.exe
2007-04-26 13:53 20,061 --a------ C:\WINDOWS\system32\winupd_KB08471726.exe
2007-04-26 13:36 20,061 --a------ C:\WINDOWS\system32\winupd_KB90069443.exe
2007-04-26 13:31 20,061 --a------ C:\WINDOWS\system32\winupd_KB90004561.exe
2007-04-26 13:19 20,061 --a------ C:\WINDOWS\system32\winupd_KB44318973.exe
2007-04-26 13:14 20,061 --a------ C:\WINDOWS\system32\winupd_KB78434668.exe
2007-04-26 13:08 20,061 --a------ C:\WINDOWS\system32\winupd_KB85131081.exe
2007-04-26 13:02 20,061 --a------ C:\WINDOWS\system32\winupd_KB17264537.exe
2007-04-26 12:57 20,061 --a------ C:\WINDOWS\system32\winupd_KB89378022.exe
2007-04-26 12:51 20,061 --a------ C:\WINDOWS\system32\winupd_KB77786317.exe
2007-04-26 12:39 20,061 --a------ C:\WINDOWS\system32\winupd_KB98221393.exe
2007-04-26 12:34 20,061 --a------ C:\WINDOWS\system32\winupd_KB81204801.exe
2007-04-26 12:28 20,061 --a------ C:\WINDOWS\system32\winupd_KB72117528.exe
2007-04-26 12:22 20,061 --a------ C:\WINDOWS\system32\winupd_KB18003240.exe
2007-04-26 12:16 20,061 --a------ C:\WINDOWS\system32\winupd_KB11901888.exe
2007-04-26 12:11 20,061 --a------ C:\WINDOWS\system32\winupd_KB92021998.exe
2007-04-26 12:05 20,061 --a------ C:\WINDOWS\system32\winupd_KB40754700.exe
2007-04-26 11:53 20,061 --a------ C:\WINDOWS\system32\winupd_KB56869449.exe
2007-04-26 11:47 20,061 --a------ C:\WINDOWS\system32\winupd_KB94184285.exe
2007-04-26 09:49 2,637 --a------ C:\WINDOWS\system32\winupd_KB04080293.exe
2007-04-26 09:40 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-26 09:17 974,914 --a------ C:\WINDOWS\system32\RC48E140.DLL
2007-04-26 09:17 77,824 --a------ C:\WINDOWS\system32\RCPRINT.dll
2007-04-26 09:17 69,632 --a------ C:\WINDOWS\system32\TIFmtA.dll
2007-04-26 09:17 61,440 --a------ C:\WINDOWS\system32\TrackID.dll
2007-04-26 09:17 61,440 --a------ C:\WINDOWS\system32\rdrvlog.dll
2007-04-26 09:17 57,344 --a------ C:\WINDOWS\system32\rdrvinf.dll
2007-04-26 09:17 53,248 --a------ C:\WINDOWS\system32\RICDB32.dll
2007-04-26 09:17 49,152 --a------ C:\WINDOWS\system32\TIBase64.dll
2007-04-26 09:17 37,376 --a------ C:\WINDOWS\system32\MFRICRES.dll
2007-04-26 09:17 32,768 --a------ C:\WINDOWS\system32\rc4mon.dll
2007-04-26 09:17 32,768 --a------ C:\WINDOWS\system32\RC00C140.dll
2007-04-26 09:17 27,136 --a------ C:\WINDOWS\system32\RCINST.dll
2007-04-26 09:17 262,364 --a------ C:\WINDOWS\system32\rpcsecl.dll
2007-04-26 09:17 221,184 --a------ C:\WINDOWS\system32\RICJC32.dll
2007-04-26 09:17 167,936 --a------ C:\WINDOWS\system32\JCUI.exe
2007-04-26 09:17 126,976 --a------ C:\WINDOWS\system32\Rc4manNT.dll
2007-04-26 09:17 1,236,992 --a------ C:\WINDOWS\system32\MP450dat.dll
2007-04-26 09:17 <DIR> d--h----- C:\_rpcs
2007-04-25 14:55 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-25 14:55 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-25 14:55 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-25 14:55 2,552 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-25 12:00 <DIR> d-------- C:\Program Files\Hijack This
2007-04-08 20:58 <DIR> d-------- C:\DOCUME~1\David\APPLIC~1\MSN6
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-26 14:47 -------- d--h----- C:\Program Files\windowsupdate
2007-03-23 09:59 -------- d-------- C:\DOCUME~1\David\APPLIC~1\winantivirus pro 2007
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ATIModeChange"="Ati2mdxx.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"888111253.exe"="C:\\WINDOWS\\System32\\888111253.exe"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"CPQDFWAG"="C:\\WINDOWS\\Cpqdiag\\CpqDfwAg.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^D-Link REG Utility.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\D-Link REG Utility.lnk"
"backup"="C:\\WINDOWS\\pss\\D-Link REG Utility.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\D-Link\\AIRPLU~1\\Reg.exe "
"item"="D-Link REG Utility"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkAdmin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CHKADMIN"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Compaq\\COMPAQ~1\\CHKADMIN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb07"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdaterUI"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Dispatcher v2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fppdis2a"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fppdis2a.exe\" /source=HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DrgToDsc"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EngUtil"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SHSTAT"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ip6FwHlp"=dword:00000003
"cpqWebDmi"=dword:00000002
"CPQALERT"=dword:00000002
"awhost32"=dword:00000003
"Ati HotKey Poller"=dword:00000002
"ACS"=dword:00000002
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-04-26 15:03:16
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????I??p?????????? ?deB???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-26 15:03:43 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-26 15:03
------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:04:16 PM, on 4/26/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\Hijack This\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [888111253.exe] C:\WINDOWS\System32\888111253.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) -
http://scpwka.ops.placeware.com/etc/...uicksilver.cab
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSIEUpdater_2 (Microsoft IE Updater_2) - Unknown owner - C:\Documents and Settings\ie_updater.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SP Software Installer - Unknown owner - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe (file missing)
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe