Hi! My laptop was infected with this BDS small.iuj a long time ago, as detected by the free version of Avira. Unaware of things, I chose the "remove this file" option and everything went abnormal ie. no start buttons and desktop icons only wallpaper. I already reformatted my os and installed several anti-virus software to no avail. I badly need your help in solving this problem since my work is highly dependent on a working and virus-free laptop. Having this is really a hassle. Appreciate your detailed procedure in removing this thing.

I followed the "read before posting your log" link and below is the Malwarebytes' Anti-Malware log, for your reference. Ill post the MySystem-Search log next. I hope I was able to follow the steps right, Im not as geek as you are. Thanks in advance!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4252

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6/29/2010 4:09:08 PM
mbam-log-2010-06-29 (16-09-08).txt

Scan type: Quick scan
Objects scanned: 119096
Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msnsc (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\msnsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Hi again. Posting next is MySystem-Search log. Sorry if I have to send it as attachment since the log is too big. Kindly inform me if you werent able to receive the file. Ill greatly appreciate your speedy reply. Thanks much.

Re-posting mss log. Sorry for the hassle.

Hello, and welcome to The Ultimate Geek TaskForce!

Please note the following information about the malware forum:

• Only Trained Advisors, Moderators and Administrators are allowed to give advice on removing malware from your computer.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  
• If you have already asked for help somewhere, please post the link to the topic you were helped.
  
• We try our best to reply quickly, but for any reason we do not reply in two days, do this:
  
  Reply to this topic with the word BUMP.
  
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

---

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  :filefind
explorer.exe

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

Hi Sir. Im sorry but I have to start over since I had to reformat my laptop. So, Im reposting the logs for malware removal and MySystem-Search. I assume after doing this I can proceed with the SystemLook step (as stated above) so Im posting the log as well. Thank you!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

7/2/2010 2:14:29 PM
mbam-log-2010-07-02 (14-14-29).txt

Scan type: Quick scan
Objects scanned: 110171
Time elapsed: 2 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msnsc (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\msnsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Hi again. Here's the MySystem-Search log as attachment.

Here's the SystemLook log.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 14:32 on 02/07/2010 by Nica (Administrator - Elevation successful)

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS\explorer.exe --a--- 1075200 bytes [01:46 13/01/2006] [01:46 13/01/2006] 2DEACA71A7FD77205F59D48D76B2F565

-=End Of File=-

Explorer.exe looks to be infected.

Download this file and save it to your Desktop, and do NOT run it.

===========

Download ComboFix to your Desktop, but do not run it, yet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the quotebox below into it:
  

  killall::
  
  FCopy::
  C:\documents and settings\Nica\desktop\explorer.exe | C:\windows\explorer.exe
  
  reboot::
  

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

Hi! Here's the ComboFix log.

ComboFix 10-07-04.04 - Nica 07/06/2010 12:49:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1977.1546 [GMT 1:00]
Running from: c:\documents and settings\Nica\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nica\Desktop\CFScript.txt
.
ADS - explorer.exe: deleted 26 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\oem583.inf

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
.
--------------- FCopy ---------------

c:\documents and settings\Nica\desktop\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-06-06 to 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-06 09:07 . 2008-09-26 17:01 621056 ----a-r- c:\windows\system32\drivers\mod7700.sys
2010-07-06 09:07 . 2008-09-26 17:01 113664 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
2010-07-06 09:07 . 2008-09-26 17:01 101376 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2010-07-06 09:07 . 2008-09-26 17:00 24448 ----a-r- c:\windows\system32\drivers\ewdcsc.sys
2010-07-06 09:06 . 2010-07-06 09:08 -------- d-----w- c:\program files\Globe Broadband
2010-07-05 23:34 . 2008-01-19 00:19 430080 ----a-w- c:\documents and settings\Nica\Application Data\U3\0000167C87738E85\00d8b13f-73f2-4127-9573-5b07b5a28b5f\Exec\RunVEDll.dll
2010-07-05 23:34 . 2008-01-19 00:19 335872 ----a-w- c:\documents and settings\Nica\Application Data\U3\0000167C87738E85\00d8b13f-73f2-4127-9573-5b07b5a28b5f\Exec\VirtRegInject.dll
2010-07-05 23:34 . 2008-01-19 00:19 73728 ----a-w- c:\documents and settings\Nica\Application Data\U3\0000167C87738E85\00d8b13f-73f2-4127-9573-5b07b5a28b5f\Exec\DisplaySettingSaver.exe
2010-07-05 23:34 . 2008-01-19 00:19 413696 ----a-w- c:\documents and settings\Nica\Application Data\U3\0000167C87738E85\00d8b13f-73f2-4127-9573-5b07b5a28b5f\Exec\mMagicVinesAgent.exe
2010-07-05 23:34 . 2008-01-04 02:50 499712 ----a-w- c:\documents and settings\Nica\Application Data\U3\0000167C87738E85\00d8b13f-73f2-4127-9573-5b07b5a28b5f\Exec\msvcp71.dll
2010-07-05 23:34 . 2008-01-04 02:50 4096 ----a-w- c:\documents and settings\Nica\Application Data\U3\0000167C87738E85\00d8b13f-73f2-4127-9573-5b07b5a28b5f\Exec\detoured.dll
2010-07-05 23:34 . 2008-01-04 02:50 348160 ----a-w- c:\documents and settings\Nica\Application Data\U3\0000167C87738E85\00d8b13f-73f2-4127-9573-5b07b5a28b5f\Exec\msvcr71.dll
2010-07-05 23:34 . 2008-01-04 02:50 118784 ----a-w- c:\documents and settings\Nica\Application Data\U3\0000167C87738E85\00d8b13f-73f2-4127-9573-5b07b5a28b5f\Exec\BugFinder.dll
2010-07-05 23:33 . 2006-12-11 09:20 180224 ----a-w- c:\documents and settings\Nica\Application Data\U3\0000167C87738E85\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\U3AppWrapper.exe
2010-07-05 23:33 . 2006-12-11 09:20 983829 ----a-w- c:\documents and settings\Nica\Application Data\U3\0000167C87738E85\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\master.exe
2010-07-05 23:33 . 2006-12-11 09:20 72192 ----a-w- c:\documents and settings\Nica\Application Data\U3\0000167C87738E85\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKLIST.EXE
2010-07-05 23:33 . 2006-12-11 09:20 72192 ----a-w- c:\documents and settings\Nica\Application Data\U3\0000167C87738E85\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKKILL.EXE
2010-07-05 23:33 . 2006-12-11 09:20 325 ----a-w- c:\documents and settings\Nica\Application Data\U3\0000167C87738E85\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\stopApp.bat
2010-07-05 23:33 . 2006-12-11 09:20 15 ----a-w- c:\documents and settings\Nica\Application Data\U3\0000167C87738E85\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\run_me.bat
2010-07-05 23:33 . 2006-12-11 09:20 40960 ----a-w- c:\documents and settings\Nica\Application Data\U3\0000167C87738E85\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\appstop.exe
2010-07-05 23:33 . 2006-12-07 09:45 3096576 ---ha-w- c:\documents and settings\Nica\Application Data\U3\temp\Launchpad Removal.exe
2010-07-05 23:33 . 2010-07-05 23:33 -------- d-----w- c:\documents and settings\Nica\Application Data\U3
2010-07-05 08:50 . 2010-07-05 08:50 -------- d-----w- c:\program files\MSXML 4.0
2010-07-05 08:49 . 2010-07-05 08:56 -------- d-----w- c:\windows\system32\DllCache
2010-07-02 15:45 . 2010-07-02 15:45 -------- d-----w- c:\program files\Lexmark_HostCD
2010-07-02 15:45 . 2006-02-02 18:16 348160 ----a-w- c:\windows\system32\lexlog.dll
2010-07-02 15:44 . 2010-07-02 15:44 39856 ----a-w- c:\documents and settings\Nica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-02 13:10 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-02 13:10 . 2010-07-02 13:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-02 13:10 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-02 10:24 . 2010-07-02 15:55 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-07-02 10:01 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-02 10:01 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-07-02 10:00 . 2009-12-31 15:06 352640 ------w- c:\windows\system32\dllcache\srv.sys
2010-07-02 09:56 . 2010-02-24 12:48 457216 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-02 09:52 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-07-02 09:35 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-07-02 09:32 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-07-02 09:21 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-07-02 09:17 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-07-02 09:12 . 2008-10-15 16:53 339456 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-07-02 09:11 . 2009-07-31 04:57 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-07-02 09:09 . 2010-07-02 09:09 0 ----a-w- c:\windows\nsreg.dat
2010-07-02 09:09 . 2010-07-02 09:09 -------- d-----w- c:\documents and settings\Nica\Local Settings\Application Data\Mozilla
2010-07-02 09:08 . 2010-07-02 09:08 -------- d-----w- c:\documents and settings\Nica\Application Data\Malwarebytes
2010-07-02 09:08 . 2010-07-02 09:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-02 09:05 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-07-02 09:03 . 2010-07-06 09:18 -------- d--h--w- c:\windows\$hf_mig$
2010-07-02 08:53 . 2010-07-02 08:53 -------- d-----w- c:\documents and settings\Nica\Application Data\stickies
2010-07-02 08:51 . 2010-07-02 08:51 -------- d-----w- c:\documents and settings\Nica\Local Settings\Application Data\Yahoo
2010-07-02 08:51 . 2010-07-06 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-07-02 08:51 . 2010-07-02 08:51 -------- d-----w- c:\documents and settings\Nica\Application Data\Yahoo!
2010-07-02 08:50 . 2010-07-02 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-02 08:50 . 2010-07-02 08:51 -------- d-----w- c:\program files\Yahoo!
2010-07-02 08:50 . 2009-05-26 18:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-07-02 08:49 . 2010-07-02 08:49 -------- d-s---w- c:\documents and settings\Nica\UserData
2010-07-02 08:48 . 2006-01-06 14:52 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-07-02 08:48 . 2006-01-06 14:52 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-07-02 08:48 . 2010-07-05 23:21 -------- d-----w- c:\documents and settings\Nica\Local Settings\Application Data\Adobe
2010-07-02 08:45 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-02 08:41 . 2010-07-02 08:41 -------- d-----w- c:\program files\VideoLAN
2010-07-02 08:40 . 2010-07-02 08:40 -------- d-----w- c:\documents and settings\Nica\Application Data\hpqLog
2010-07-02 08:40 . 2006-01-06 14:53 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-07-02 08:40 . 2009-03-19 10:40 9216 ----a-w- c:\windows\system32\drivers\CPQBttn.sys
2010-07-02 08:40 . 2007-06-18 16:12 16768 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2010-07-02 08:40 . 2006-11-02 06:09 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2010-07-02 08:40 . 2008-09-08 13:31 1885488 ----a-w- c:\windows\system32\BttnCmns.dll
2010-07-02 08:40 . 2008-09-08 13:31 1885488 ----a-w- c:\windows\system32\BttnCmn.dll
2010-07-02 08:39 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-07-02 08:39 . 2010-07-02 08:39 -------- d-----w- c:\program files\Synaptics
2010-07-02 08:39 . 2009-02-06 10:33 205232 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-07-02 08:39 . 2009-02-06 10:32 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-07-02 08:39 . 2009-02-06 10:32 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-07-02 08:39 . 2009-02-06 10:32 206120 ----a-w- c:\windows\system32\SynCtrl.dll
2010-07-02 08:39 . 2009-02-06 10:32 169256 ----a-w- c:\windows\system32\SynCOM.dll
2010-07-02 08:39 . 2008-07-08 10:55 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-07-02 08:38 . 2008-03-28 09:46 54824 ------w- c:\windows\system32\agrsmdel.exe
2010-07-02 08:38 . 2007-12-11 11:41 14336 ------w- c:\windows\system32\agrsco64.dll
2010-07-02 08:38 . 2010-07-02 08:38 -------- d-----w- c:\windows\Options
2010-07-02 08:37 . 2010-07-02 08:37 -------- d-----w- c:\program files\Marvell
2010-07-02 08:37 . 2010-07-02 08:37 -------- d-----w- c:\program files\Analog Devices
2010-07-02 08:37 . 2007-11-12 12:27 49152 ----a-w- c:\windows\system32\DSndUp.exe
2010-07-02 08:37 . 2005-05-04 08:20 53248 ------w- c:\windows\system32\wdmioctl.dll
2010-07-02 08:37 . 2001-09-11 14:20 1285632 ------w- c:\windows\system32\SMMedia.dll
2010-07-02 08:36 . 2010-07-02 09:23 1294200 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2010-07-02 08:36 . 2010-07-02 08:36 -------- d-----w- c:\program files\Broadcom
2010-07-02 08:36 . 2010-07-02 08:36 87328 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-07-02 08:36 . 2010-07-02 08:36 -------- d-----w- c:\documents and settings\Nica\Application Data\InstallShield
2010-07-02 08:36 . 2006-01-06 14:53 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-07-02 08:36 . 2006-01-06 14:53 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-07-02 08:36 . 2006-01-06 14:53 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-07-02 08:36 . 2006-01-06 14:53 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-07-02 08:36 . 2006-01-06 14:53 142464 ----a-w- c:\windows\system32\drivers\aec.sys
2010-07-02 08:36 . 2006-01-06 14:53 171776 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-07-02 08:36 . 2006-01-06 14:53 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-07-02 08:34 . 2008-07-09 07:38 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-07-02 08:34 . 2010-07-02 08:40 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-02 08:34 . 2010-07-02 08:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-02 08:34 . 2010-07-02 08:34 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-02 08:32 . 2010-07-02 08:39 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-02 08:32 . 2008-02-22 12:06 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-07-02 08:32 . 2010-07-02 08:32 -------- d-----w- c:\program files\Intel
2010-07-02 08:32 . 2010-07-02 08:32 -------- d-----w- C:\Intel
2010-07-02 08:32 . 2010-07-02 17:16 -------- d-----w- C:\swsetup

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 09:49 . 2006-01-13 01:46 1033216 ----a-w- c:\windows\explorer.exe
2010-07-02 08:40 . 2010-07-02 08:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2010-07-02 08:39 . 2010-07-02 08:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-07-02 08:39 . 2010-07-02 08:39 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-07-01 22:21 . 2010-07-01 22:21 -------- d-----w- c:\program files\Microsoft.NET
2010-07-01 22:20 . 2010-07-01 22:20 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-07-01 22:17 . 2010-07-01 22:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-01 22:16 . 2010-07-01 22:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-01 22:01 . 2010-07-01 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-01 22:01 . 2010-07-01 22:01 -------- d-----w- c:\program files\QuickTime Alternative
2010-07-01 22:01 . 2010-07-01 22:01 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-07-01 22:01 . 2010-07-01 22:01 2293 ----a-w- c:\windows\mozver.dat
2010-07-01 21:59 . 2010-07-01 21:59 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-01 21:57 . 2010-07-01 21:57 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-01 21:56 . 2010-07-01 21:56 -------- d-----w- c:\program files\Unlocker
2010-07-01 21:53 . 2010-07-01 21:53 -------- d-----w- c:\program files\MSN Messenger
2010-05-02 07:09 . 2006-01-13 01:58 1859968 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51 . 2006-01-13 01:10 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 15:20 . 2006-01-13 01:26 668672 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 15:20 . 2006-01-13 01:55 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-07-01 22:01 . 2010-07-01 22:01 60516 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2010-07-01 22:01 . 2010-07-01 22:01 49246 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2010-07-01 22:01 . 2010-07-01 22:01 165990 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-27 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-27 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-27 141848]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-04-23 206392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 10:14 AM 24064]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/2/2010 9:40 AM 239160]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [7/2/2010 9:35 AM 108032]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {9655202B-6129-4FDC-96B4-E046560E2116} = 202.126.40.5 222.127.143.5
FF - ProfilePath - c:\documents and settings\Nica\Application Data\Mozilla\Firefox\Profiles\0nit3trh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-07-06 12:54:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-06 11:54

Pre-Run: 99,297,185,792 bytes free
Post-Run: 99,312,775,168 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D0DB7B2DB80B66A279FADB311F5656CF

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in
  
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\*.exe /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.sys
  %systemroot%\system32\drivers\*.dll
  %systemroot%\system32\drivers\*.ini
  %systemroot%\system32\drivers\*.exe
  %SYSTEMDRIVE%\*.*
  %PROGRAMFILES%\*.
  %appdata%\*.*
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  disk.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  usbstor.sys
  /md5stop
  CREATERESTOREPOINT
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

Have to attach the file since its too big. Thanks.

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

Hi! Sorry for the late reply. Is there other way of proceeding with the steps without doing the online scan? Im having a hard time downloading the database thou I believe Im already using a high-speed broadband. Please advice me on this. Appreciate your soonest reply. Thanks

Scan with Malwarebytes' Anti-Malware

Please open Malwarebytes' Anti-Malware, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Hi! Here's the log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4434

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8/16/2010 11:55:38 AM
mbam-log-2010-08-16 (11-55-38).txt

Scan type: Quick scan
Objects scanned: 130750
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)