Hello, I am very new to this forum. Hope it will be interesting.

my laptop is infected by b.exe virus, I use v3 ahnlab platinum addition as my antivirus, trojan remover and ad-aware professional. I think my antivirus removed b.exe. But ever since than, my internet is not working(broadband). I am connected to internet, but no data is received or sent,browser is showing "navigation cancelled" when I try to browse. Please help me, I am in serious problem, becauee I uuse internet verey much in my office.

Here is my hijackthis log. Help me

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:39:55, on 7/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe
C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe
C:\Program Files\AhnLab\V3IS2007\MSProxy.ahn
C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe
C:\Program Files\GTalk Idle\gidle.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Avro Keyboard\Avro Keyboard.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Documents and Settings\Sajid86\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Video Accelerator\VideoAccelerator.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Spyware Scanner\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [AhnLab Session Process] "C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [USBFW] C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe
O4 - HKLM\..\Run: [gidle] "C:\Program Files\GTalk Idle\gidle.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [Avro Keyboard] C:\Program Files\Avro Keyboard\Avro Keyboard.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sajid86\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\Video Accelerator\VideoAccelerator.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AntiCrash.lnk = C:\Program Files\AntiCrash\AntiCrash.exe
O4 - Startup: Battery Doubler.lnk = C:\Program Files\Battery Doubler\Battery Doubler.exe
O4 - Global Startup: Nokia Connectivity Framework Lite.lnk = C:\Nokia\Tools\Nokia_Connectivity_Framework\bin\NCFStart.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - E:\FlashCapture\fciext.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &WebCloner - {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\progra~2\sblsp.dll' missing
O16 - DPF: {02391F44-2767-4E6A-A484-9B47B506F3A4} (Vorbis Decoder) - https://portal.kaist.ac.kr/drenglish/drengl...nt/oggcodec.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.anandabazar.com/wfplayer/tdserver.cab
O16 - DPF: {042D97DD-E197-411A-8298-6EE85F1C1421} (mkdsfwCtrl Class) - http://ahnlabdownload.nefficient.co.kr/asp/cab/mkdsfw.cab
O16 - DPF: {0CBF6FB5-68EA-406D-882A-AB3B5984D988} (vpnDialer Control) - https://hotspot.pccwwifi.com/vpn/wlvpndialer.ocx
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} (INISAFEWeb6 V6 Class) - http://www.bccard.com/initech/plugin/INIS60.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://lovefm.miemasu.net:60002/kxhcm10.ocx
O16 - DPF: {2E68BEE5-A640-11D2-AEA4-00AA006E5B34} (HnwActiv Control) - http://webcais.kaist.ac.kr/hnwactive/hnwactiv_4_2_0_2.cab
O16 - DPF: {45091AA2-1574-4EC8-B520-4C27E29CF889} (GifFreezerCtrl Class) - http://www.gmarket.co.kr/challenge/neo_goo.../gifFreezer.cab
O16 - DPF: {475DF11A-2BC2-41A9-8A97-E989E023E517} (SetupComponent Class) - https://portal.kaist.ac.kr/workflow/ezIcd.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} (XecureCKKB Class) - http://pib.wooribank.com/com/XecureCK/CKKeyPro.cab
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.2) - http://download.myipq.com/cibrowser12.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - http://download.softforum.co.kr/Published/.../xw_install.cab
O16 - DPF: {7EBB0081-A146-4EF6-9593-E785587F618D} (NetLight 2.0 Navigation Module) - http://english.visitkorea.or.kr/enu/NetLig...NetLightCOM.CAB
O16 - DPF: {8E64F05B-76CF-40EA-AD6B-6741F02BDC46} (MagicInstaller Class) - http://igis.icu.ac.kr/aims/sso/setup/MagicClientAX.cab
O16 - DPF: {9595BB7D-DF24-4DBD-8142-D2E939383660} (GW_Alarm.alarm) - http://igis.icu.ac.kr/aims/active-x/alarm/GW_Alarm.CAB
O16 - DPF: {9BDDDE6D-132F-40B5-A507-2AF6514A83DE} (FileUploadAX Control) - http://kaist.ac.kr/nara/activeX/FileUploadAX.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://210.95.194.71/wg_webeye.cab
O16 - DPF: {A9FC42C5-C098-41A7-8101-E4B0391C096F} (Virtual-Net) - http://143.248.118.13:8005/vn/virtual-net.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D5A33312-756B-4953-A8D4-24411D666A38} (CaisPg Control) - https://portal.kaist.ac.kr/portal/sso/CaisPg.cab
O16 - DPF: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} (CongnamulMap4Asp Control) - http://asp.congnamul.com/AspActiveX/CongnamulMap4Asp_V23.cab
O16 - DPF: {E1AC9563-A1E3-45B8-A5CE-5C19E34EC6AC} (ComTop Class) - http://www.arirang.co.kr/AlwaysTop.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
O16 - DPF: {E986BA49-C761-4E8F-B1A8-7F3CBE402683} (KebiInstaller Control) - http://mail.kaist.ac.kr/nara/activeX/KebiInstaller.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: counterclaim - {e758745e-b8aa-47ac-a652-6307ff5f3ebf} - (no file)
O23 - Service: AhnLab Application Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe
O23 - Service: AhnLab Guarantee Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe
O23 - Service: AhnLab Information Service - AhnLab, Inc. - C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 15429 bytes


C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Default Pictures\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\Skype\Pictures\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\Categories\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Local Cache\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\Skype\Wallpapers\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : 44807EFA (105 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : 98781370 (127 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : 9FB286BF (120 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : CB0AACC9 (112 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : CBD3E4DE (95 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : D00F0074 (156 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : D1B5B4F1 (179 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : ECF54A0E (127 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : 44807EFA (105 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : 98781370 (127 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : 9FB286BF (120 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : CB0AACC9 (112 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : CBD3E4DE (95 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : D00F0074 (156 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : D1B5B4F1 (179 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\TEMP : ECF54A0E (127 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Application Data\Xplore\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Application Data\Opera\Opera\profile\images\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Application Data\uTorrent\0-Day.Apps.Pack.For.0727.torrent : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Desktop\Article.pdf : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Desktop\Cricket\Cricket - Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Desktop\Cricket\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Desktop\Semilog Graph.xls : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Favorites\Korea\Everland - Land of festival.url : favicon (3574 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Favorites\Korea\Socius In Daejeon.url : favicon (1406 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Favorites\Korea\US Colleges.url : favicon (3638 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Favorites\Links\Suggested Sites.url : favicon (25214 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Favorites\Miscellaneous\Administration.url : favicon (32606 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Local Settings\Application Data\Google\Google Talk\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Local Settings\Application Data\Google\Google Talk, Labs Edition\1.0.267.233\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Local Settings\Application Data\Google\GoogleEarth\icons\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Local Settings\Application Data\Google\GoogleEarth\images\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Local Settings\Application Data\Microsoft\WorldWideTelescope\Imagery\189432907\0\0\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Local Settings\Application Data\Microsoft\WorldWideTelescope\Imagery\189432907\1\1\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Local Settings\Application Data\Microsoft\WorldWideTelescope\Imagery\2057403361\0\0\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\Local Settings\Application Data\TouchStoneSoftware\UndeleteAds\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\My Documents\Internship Opportunities.xls : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\My Documents\Luba\HPIM0301.jpg : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\My Documents\Luba\HPIM0302.jpg : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\My Documents\Luba\HPIM0303.jpg : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\My Documents\Luba\HPIM0304.jpg : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\My Documents\Luba\HPIM0305.jpg : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\My Documents\Luba\HPIM0306.jpg : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\My Documents\M.Sc. BUET\Brochure.pdf : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\My Documents\M.Sc. BUET\M.Sc. Schedule.pdf : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\My Documents\M.Sc. BUET\M.Sc. Topics.pdf : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\My Documents\M.Sc. BUET\PG.pdf : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\My Documents\M.Sc. BUET\Prospectus.pdf : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\My Documents\My Pictures\Google Talk Received Images\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\My Documents\My Pictures\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\My Documents\My RoboForm Data\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\My Documents\Namaz Time.pdf : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\My Documents\Swine Flu - Do's & Don'ts.pdf : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Documents and Settings\Sajid86\My Documents\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Multimedia Files\Graphics\Web\Animations\Microsoft GIF Animator\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Atlas of World History\IMAGES\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Avant Browser\imgs\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Avant Browser\res\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Codec Pack - All In 1\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Common Files\Microsoft Shared\THEMES12\AFTRNOON\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\DivX\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\DJVU Control\Examples\Djvu Comparison Excerpt.djvu : SummaryInformation (88 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\DJVU Control\Examples\Djvu Comparison Excerpt.djvu : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Error Repair Professional\ErrorRepairProfessional.exe : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Folder Encryption\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Google Earth Pro\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Hwp Viewer\HwpViewer\Buttons\Default\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Internet Explorer\iexplore.exe : SummaryInformation (88 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Internet Explorer\iexplore.exe : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe : SummaryInformation (88 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Messenger\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Messenger Plus! Live\Skins\Aurora Live Messenger\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Microsoft Office\Office12\BITMAPS\DBWIZ\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Microsoft Office\Office12\BITMAPS\STYLES\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Mind Harmony\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\PhotoPerfect Express\InfoTip\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Windows Media Connect 2\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\WinPatrol\kbase\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Yahoo!\Messenger\Profiles\sajid.kaist\My Icons\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Yahoo!\Shared\Graphics\Indigo\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Yahoo!\Shared\Graphics\Maverick\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Program Files\Yahoo!\Shared\Graphics\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\WINDOWS\system32\DirectX\Dinput\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\WINDOWS\system32\ntvdm.exe : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\WINDOWS\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\WINDOWS\Web\printers\images\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\WINDOWS\Web\Wallpaper\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\WINDOWS\Windows-KB890830-V1.40.exe : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
D:\AIUB\2nd Semester\English\CV.ppt : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
D:\AIUB\2nd Semester\English\Final\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
D:\AIUB\2nd Semester\Physics\Ph2-Mod8.doc : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
D:\AIUB\3rd Semester\AC Lab\Exp-6.doc : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
D:\AIUB\3rd Semester\AC Lab\Exp-7.doc : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
D:\AIUB\3rd Semester\AC Lab\Exp-8.doc : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
D:\AIUB\3rd Semester\Math-3\Complex VariableF.doc : Zone.Identifier (26 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
D:\AIUB\3rd Semester\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
D:\Drivers\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
D:\Mobile Software\Wallpaper\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
D:\Picture\My Photo\Else.{21EC2020-3AEA-1069-A2DD-08002B30309D}\Brishty\Sajid + Brishty.exe : SummaryInformation (88 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
D:\Picture\My Photo\Else.{21EC2020-3AEA-1069-A2DD-08002B30309D}\Brishty\Sajid + Brishty.exe : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
D:\Picture\Others\Antarctica\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
D:\Picture\Wallpaper\A (229).db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
D:\Picture\Wallpaper\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
D:\Songs\Bangla-2\Thumbs.db : encryptable (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)





StartupList report, 7/13/2009, 16:15:19
StartupList version: 1.52.2
Started from : C:\Program Files\Spyware Scanner\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.18702)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe
C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe
C:\Program Files\AhnLab\V3IS2007\MSProxy.ahn
C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe
C:\Program Files\GTalk Idle\gidle.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Avro Keyboard\Avro Keyboard.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Documents and Settings\Sajid86\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Video Accelerator\VideoAccelerator.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Spyware Scanner\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Sajid86\Start Menu\Programs\Startup]
AntiCrash.lnk = C:\Program Files\AntiCrash\AntiCrash.exe
Battery Doubler.lnk = C:\Program Files\Battery Doubler\Battery Doubler.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Nokia Connectivity Framework Lite.lnk = C:\Nokia\Tools\Nokia_Connectivity_Framework\bin\NCFStart.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AHNSD = "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe"
AhnLab Session Process = "C:\PROGRA~1\COMMON~1\AhnLab\ACA\ACASP.exe"
ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
GrooveMonitor = "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
LanguageShortcut = "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002 = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
RTHDCPL = RTHDCPL.EXE
Alcmtr = ALCMTR.EXE
amd_dc_opt = "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
USBFW = C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe
gidle = "C:\Program Files\GTalk Idle\gidle.exe"
googletalk = C:\Program Files\Google\Google Talk\googletalk.exe /autostart
Ad-Watch = C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
RegistryMechanic = C:\Program Files\Registry Mechanic\RegMech.exe /H
Avro Keyboard = C:\Program Files\Avro Keyboard\Avro Keyboard.exe
Google Update = "C:\Documents and Settings\Sajid86\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
PC Suite Tray = "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
SpeedBitVideoAccelerator = C:\Program Files\Video Accelerator\VideoAccelerator.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\csfile\shell\open\command

(Default) = C:\WINDOWS\system32\msmug.exe "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\csfile\shell\open\command

(Default) = C:\WINDOWS\system32\msmug.exe "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\RainySs.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll - {724d43a9-0d85-11d4-9908-00400523e39a}
(no name) - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files\Free Download Manager\iefdm2.dll - {CC59E0F9-7E43-44FA-9FAA-8377850BF205}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Ad-Aware Update (Daily).job
GoogleUpdateTaskUserS-1-5-21-436374069-823518204-725345543-1003Core.job
GoogleUpdateTaskUserS-1-5-21-436374069-823518204-725345543-1003UA.job
Low Battery Alarm Program.job
MP Scheduled Scan.job
User_Feed_Synchronization-{21D19AFA-9FBA-4A83-876A-548006B73268}.job

--------------------------------------------------

Enumerating Download Program Files:

[Vorbis Decoder]
InProcServer32 = C:\WINDOWS\system32\OggDS.DLL
CODEBASE = https://portal.kaist.ac.kr/drenglish/drengl...nt/oggcodec.cab

[TDServer Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\tdserver.ocx
CODEBASE = http://www.anandabazar.com/wfplayer/tdserver.cab

[mkdsfwCtrl Class]
InProcServer32 = C:\PROGRA~1\AhnLab\ASP\Components\mkdsfw\mkdsfw.dll
CODEBASE = http://ahnlabdownload.nefficient.co.kr/asp/cab/mkdsfw.cab

[vpnDialer Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\WLVPND~1.OCX
CODEBASE = https://hotspot.pccwwifi.com/vpn/wlvpndialer.ocx

[Facebook Photo Uploader 5 Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx
CODEBASE = http://upload.facebook.com/controls/2008.1...toUploader5.cab

[Macromedia Authorware Web Player Control]
InProcServer32 = C:\WINDOWS\system32\macromed\authorwa\awswax.ocx
CODEBASE = http://fpdownload.macromedia.com/get/shock...are/awswaxd.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://download.microsoft.com/download/C/0...heckControl.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Adobe\Director\swdir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[INISAFEWeb6 V6 Class]
CODEBASE = http://www.bccard.com/initech/plugin/INIS60.cab

[KXHCM10 Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\kxhcm10.ocx
CODEBASE = http://lovefm.miemasu.net:60002/kxhcm10.ocx

[HnwActiv Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\hnwactiv.ocx
CODEBASE = http://webcais.kaist.ac.kr/hnwactive/hnwactiv_4_2_0_2.cab

[GifFreezerCtrl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\GIFFRE~1.DLL
CODEBASE = http://www.gmarket.co.kr/challenge/neo_goo.../gifFreezer.cab

[SetupComponent Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ezIcd.dll
CODEBASE = https://portal.kaist.ac.kr/workflow/ezIcd.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

[XecureCKKB Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\XecureCK.dll
CODEBASE = http://pib.wooribank.com/com/XecureCK/CKKeyPro.cab

[Innotive Cibrowser Control 1.2]
InProcServer32 = C:\WINDOWS\system32\CIBROW~1.OCX
CODEBASE = http://download.myipq.com/cibrowser12.cab

[{7E9FDB80-5316-11D4-B02C-00C04F0CD404}]
CODEBASE = http://download.softforum.co.kr/Published/.../xw_install.cab

[NetLight 2.0 Navigation Module]
InProcServer32 = C:\WINDOWS\system32\NETLIG~1.OCX
CODEBASE = http://english.visitkorea.or.kr/enu/NetLig...NetLightCOM.CAB

[Java Plug-in 1.6.0_14]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[MagicInstaller Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MagicInstaller.dll
CODEBASE = http://igis.icu.ac.kr/aims/sso/setup/MagicClientAX.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab

[GW_Alarm.alarm]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\GW_Alarm.ocx
CODEBASE = http://igis.icu.ac.kr/aims/active-x/alarm/GW_Alarm.CAB

[FileUploadAX Control]
InProcServer32 = C:\WINDOWS\system32\FILEUP~1.OCX
CODEBASE = http://kaist.ac.kr/nara/activeX/FileUploadAX.cab

[Web Camera Server Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\webeye.ocx
CODEBASE = http://210.95.194.71/wg_webeye.cab

[Virtual-Net]
InProcServer32 = C:\WINDOWS\system32\VirtNet.dll
CODEBASE = http://143.248.118.13:8005/vn/virtual-net.cab

[Java Plug-in 1.6.0_14]
InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[Java Plug-in 1.6.0_14]
InProcServer32 = C:\Program Files\Java\jre6\bin\npjpi160_14.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

[CaisPg Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CaisPg.ocx
CODEBASE = https://portal.kaist.ac.kr/portal/sso/CaisPg.cab

[CongnamulMap4Asp Control]
InProcServer32 = C:\WINDOWS\system32\CONGNA~1.OCX
CODEBASE = http://asp.congnamul.com/AspActiveX/CongnamulMap4Asp_V23.cab

[ComTop Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\AlwaysTop.dll
CODEBASE = http://www.arirang.co.kr/AlwaysTop.cab

[KvpIspCtlD Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\KVPISP~1.OCX
CODEBASE = https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab

[KebiInstaller Control]
InProcServer32 = C:\WINDOWS\system32\KEBIIN~1.OCX
CODEBASE = http://mail.kaist.ac.kr/nara/activeX/KebiInstaller.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll
Protocol #1: C:\PROGRA~2\sblsp.dll (file MISSING)
Protocol #2: C:\PROGRA~2\sblsp.dll (file MISSING)
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\mswsock.dll
Protocol #6: C:\WINDOWS\system32\rsvpsp.dll
Protocol #7: C:\WINDOWS\system32\rsvpsp.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: C:\WINDOWS\system32\mswsock.dll
Protocol #26: C:\PROGRA~2\sblsp.dll (file MISSING)

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Embedded Controller Driver: system32\DRIVERS\ACPIEC.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AEGIS Protocol (IEEE 802.1x) v3.4.3.0: system32\DRIVERS\AegisP.sys (autostart)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
AhnFlt2k: \??\C:\WINDOWS\system32\Drivers\AhnFlt2k.sys (manual start)
AhnLab Application Service: "C:\Program Files\Common Files\AhnLab\ACA\ACAAS.exe" (autostart)
AhnLab Guarantee Service: "C:\Program Files\Common Files\AhnLab\ACA\ACAEGMgr.exe" (autostart)
AhnLab Information Service: "C:\Program Files\Common Files\AhnLab\ACA\ACAIS.exe" (autostart)
AhnLab Task Scheduler: "C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe" (autostart)
AhnRec2k: \??\C:\WINDOWS\system32\Drivers\AhnRec2k.sys (manual start)
AhnRghNt: \??\C:\WINDOWS\system32\Drivers\AhnRghNt.sys (manual start)
AhnSZE: system32\drivers\AhnSZE.sys (manual start)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD Processor Driver: system32\DRIVERS\AmdK8.sys (system)
AMD Special Tools Driver: system32\DRIVERS\AmdTools.sys (manual start)
AMonHKnt: \??\C:\WINDOWS\system32\Drivers\AMonHKnt.sys (autostart)
AMonTDnt: \??\C:\WINDOWS\system32\Drivers\AMonTDnt.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ArfMonNt: \??\C:\Program Files\AhnLab\V3IS2007\ArfMonNt.sys (manual start)
1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
ASZFltNt: \??\C:\PROGRA~1\AhnLab\V3IS2007\ASZFltNt.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Bonjour Service: "C:\Program Files\Bonjour\mDNSResponder.exe" (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
CdmDrvNt: \??\C:\WINDOWS\system32\Drivers\CdmDrvNt.sys (manual start)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
cwmtdi: system32\drivers\cwmtdi.sys (disabled)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Windows Presentation Foundation Font Cache 3.0.0.0: C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
giveio: system32\giveio.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
hwinterface: System32\Drivers\hwinterface.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" (manual start)
Windows CardSpace: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
Service for Realtek HD Audio (WDM): system32\drivers\RtkHDAud.sys (manual start)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
ISFWEnt: \??\C:\Program Files\AhnLab\V3IS2007\ISFWEnt.sys (manual start)
ISIPSEnt: \??\C:\Program Files\AhnLab\V3IS2007\ISIPSEnt.sys (manual start)
ISPIBEnt: \??\C:\Program Files\AhnLab\V3IS2007\ISPIBEnt.sys (manual start)
ISPrxEnt: \??\C:\Program Files\AhnLab\V3IS2007\ISPrxEnt.sys (manual start)
ISTrkEnt: \??\C:\Program Files\AhnLab\V3IS2007\ISTrkEnt.sys (manual start)
Java Quick Starter: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" (autostart)
JRSKD24: \??\C:\WINDOWS\system32\JRSKD24.SYS (manual start)
JRSUKD24: \??\C:\WINDOWS\system32\JRSUKD24.SYS (manual start)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Lavasoft Ad-Aware Service: "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" (autostart)
Lbd: system32\DRIVERS\Lbd.sys (system)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Microsoft Office Groove Audit Service: "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" (manual start)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
msncache: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Net.Tcp Port Sharing Service: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Network Monitor Driver: system32\DRIVERS\NMnt.sys (manual start)
Nokia USB Phone Parent: system32\drivers\ccdcmb.sys (manual start)
Nokia USB Generic: system32\drivers\ccdcmbo.sys (manual start)
NPFWFLT: \??\C:\WINDOWS\system32\NPFWFLT.SYS (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
O2Micro Flash Memory: C:\WINDOWS\system32\o2flash.exe (autostart)
O2MDRDR: system32\DRIVERS\o2media.sys (system)
O2SDRDR: system32\DRIVERS\o2sd.sys (system)
Microsoft Office Diagnostics Service: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start)
OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
PCCS Mode Change Filter Driver: system32\DRIVERS\pccsmcfd.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
pcmstub: \??\C:\WINDOWS\system32\pcmstub.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: system32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rcfilter: System32\drivers\Rcfilter.sys (autostart)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Cyberlink RichVideo Service(CRVS): "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" (autostart)
RITFSD: System32\drivers\RITFSD.sys (system)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Ralink RT61 Wireless Driver: system32\DRIVERS\RT61.sys (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: system32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
sdbus: system32\DRIVERS\sdbus.sys (manual start)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ServiceLayer: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
smserial: system32\DRIVERS\smserial.sys (manual start)
speedfan: system32\speedfan.sys (system)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
sptd: System32\Drivers\sptd.sys (system)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{0C53DA59-70B8-4BD0-9F21-C73985553AB9} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
TeamViewer VPN Adapter: system32\DRIVERS\teamviewervpn.sys (manual start)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
upperdev: system32\DRIVERS\usbser_lowerflt.sys (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
USB Modem Driver: system32\drivers\usbser.sys (manual start)
UsbserFilt: system32\DRIVERS\usbser_lowerfltj.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Messenger Sharing Folders USN Journal Reader service: "C:\Program Files\Windows Live\Messenger\usnsvc.exe" (manual start)
v3engine: \??\C:\WINDOWS\system32\drivers\v3engine.sys (manual start)
V3Flt2K: \??\C:\PROGRA~1\AhnLab\V3IS2007\V3Flt2K.sys (manual start)
V3IFt2K: \??\C:\PROGRA~1\AhnLab\V3IS2007\V3IFt2K.sys (manual start)
Vcs support: \??\C:\WINDOWS\system32\Drivers\Vcs.sys (autostart)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Visual Studio Analyzer RPC bridge: C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe (manual start)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Kernel Mode Driver Frameworks service: System32\Drivers\wdf01000.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Defender: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Live Setup Service: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
WpdUsb: system32\DRIVERS\wpdusb.sys (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (system)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Sajid86\LOCALS~1\Temp\A~NSISu_.exe


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 45,632 bytes
Report generated in 0.344 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe


Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Click Yes to allow ComboFix to continue scanning for malware.
• When the tool is finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

Please post a status update on this.

Thanks

Please post a status update on this.

Thanks.

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.