WinBlueSoft - Infection

Hello.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
krdpdre

File::
c:\windows\system32\2z4439py5.dll
c:\windows\18557notza-vi9usc.bin

Folder::
c:\program files\BitComet

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9879:TCP"=-
"9879:UDP"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

As requested,

PART 1

ComboFix 09-06-01.03 - RICHARD 04/06/2009 19:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.768.274 [GMT 1:00]
Running from: c:\documents and settings\RICHARD\My Documents\Combo-Fix.exe
Command switches used :: c:\documents and settings\RICHARD\Desktop\CFScript.txt
AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
* Created a new restore point

FILE ::
"c:\windows\18557notza-vi9usc.bin"
"c:\windows\system32\2z4439py5.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BitComet
c:\program files\BitComet\archive\026b734a6c09566b099c585a137ee5cca05804bf.torrent
c:\program files\BitComet\archive\0803c71c797899c8017202b78b58e8f145f5b5fa.torrent
c:\program files\BitComet\archive\08193886f9255d5327e9c134031b648ad1b052a3.torrent
c:\program files\BitComet\archive\08690f9225f3abc8911d5b130b5e5ad726575c35.torrent
c:\program files\BitComet\archive\1d75186d1cda9b0ad5de0b7c827eccac2e5ffbbf.torrent
c:\program files\BitComet\archive\2043305eb4cd1b607b1425a13a61ec08475c24e7.torrent
c:\program files\BitComet\archive\20980706e94939927a477f5e57848ff44ab06323.torrent
c:\program files\BitComet\archive\254e07b841c619d3f6e3c7c8de0f5de70f338f41.torrent
c:\program files\BitComet\archive\37ee80c96c5e4129644639c37a08c7d87a5602a4.torrent
c:\program files\BitComet\archive\3b8855f925b3c50954dd45e42ce8d1f2f5ff77cc.torrent
c:\program files\BitComet\archive\3cff8a9386ddea42fdca6713c5be21f31e133fa6.torrent
c:\program files\BitComet\archive\44fe0c4baf37c8aee14531f17b2ae2c6d44ff1e7.torrent
c:\program files\BitComet\archive\49f205efeb5c47101abd8661a7d4b9b4e9814ed6.torrent
c:\program files\BitComet\archive\4a723824b6c918f35dcf5051b681f5073e665f7c.torrent
c:\program files\BitComet\archive\5992d15d6971a2a760046f097a95b198ac75c89d.torrent
c:\program files\BitComet\archive\5ddeb6d8733afc6c694708bc0de8ac5fa3b10463.torrent
c:\program files\BitComet\archive\6294ce1faff71917dd61ca5d17c24ad6504b89e7.torrent
c:\program files\BitComet\archive\694a78b3e29243e14cbe8fc7a3ea88d6749d4fab.torrent
c:\program files\BitComet\archive\717352e6f7e4bf8e50238ef63dea35e74dfb414c.torrent
c:\program files\BitComet\archive\74da1a9e9808d6eb7f074eae8030da420555f4a5.torrent
c:\program files\BitComet\archive\77fddf3cb521ebeafdffd2b7041f6c005a3d30ba.torrent
c:\program files\BitComet\archive\8877049e7b5ba7ae8991c1b1c2d4d661d48f276f.torrent
c:\program files\BitComet\archive\8e8b948991492b63adcb243d3e234c22e3c06d2b.torrent
c:\program files\BitComet\archive\9804a30e8bc82e35e138b978c08b94f78bb76ea1.torrent
c:\program files\BitComet\archive\9af4aa7155d078421b8a0ee9012605ad06b656f9.torrent
c:\program files\BitComet\archive\a296ec281b02cd90d67fc6b09fc762dbf8846781.torrent
c:\program files\BitComet\archive\a3a950dca92fcf5ea5600a8828fb37f028eae062.torrent
c:\program files\BitComet\archive\b1b2a1f823c6713521a30a014de22c58ff712f3b.torrent
c:\program files\BitComet\archive\b2e475d3589f25a7058b5b706c4ff77a8386a1c2.torrent
c:\program files\BitComet\archive\bab9be2bd97305590f55426bd056577c5ebec66a.torrent
c:\program files\BitComet\archive\bb8e7dcea1ede29b3d481a324e23c56fb00b4711.torrent
c:\program files\BitComet\archive\bc0dc903887c84003f7dba88d1301e43a16e6374.torrent
c:\program files\BitComet\archive\c1704497052819cec29094d14fa962cec31e95f5.torrent
c:\program files\BitComet\archive\ccca3d95e6f6bbc59e49f974d8e4b9b91b095ecc.torrent
c:\program files\BitComet\archive\d13b27f5f3926de81f3dae28b1ba2ef152607489.torrent
c:\program files\BitComet\archive\db7d80cc8f7fac96ce0ee5fc75fe7c5b2f9b3090.torrent
c:\program files\BitComet\archive\e11af9d1cdf60edc55547cfaf238146c39e8f19c.torrent
c:\program files\BitComet\archive\e53437a9859d83300fcb171101c827a7283bdf0b.torrent
c:\program files\BitComet\archive\e9ae325afd64c46307999a415e528dbc328316b4.torrent
c:\program files\BitComet\archive\ed44d05e6e61b8f7e4ae5bd022e00e742f6fa48c.torrent
c:\program files\BitComet\archive\f9ff909298d7af5ea4c9614d8ec3f57599786226.torrent
c:\program files\BitComet\archive\fb80c966e12c437500c1a212c77cb7f95c5dadc8.torrent
c:\program files\BitComet\BitComet.xml
c:\program files\BitComet\Downloads.xml
c:\program files\BitComet\Downloads.xml.bak
c:\program files\BitComet\rules\dhtnodes.dat
c:\program files\BitComet\rules\ipfilter.dat
c:\program files\BitComet\share\my_shares.xml
c:\program files\BitComet\tools\CRASH.DMP
c:\program files\BitComet\tools\CRASHLOG.DAT
c:\program files\BitComet\tools\CRASHLOG.TXT
c:\program files\BitComet\Torrents\[Suze Randall] - The Young & The Raunchy - (Jana Cova, Cytherea, Taylor Rain).avi.torrent
c:\program files\BitComet\Torrents\Angels And Demons 2009 Cam(A Commission-Kvcd by JRNAD).torrent
c:\program files\BitComet\Torrents\Angels And Demons 2009 Cam(A Commission-Kvcd by JRNAD).xml
c:\program files\BitComet\Torrents\Barely.Legal.18th.Birthday.3.XXX.DVDRip.XviD-NYMPHO.torrent
c:\program files\BitComet\Torrents\Barely.Legal.18th.Birthday.3.XXX.DVDRip.XviD-NYMPHO[0].torrent
c:\program files\BitComet\Torrents\BitComet_1.12_setup.exe.torrent
c:\program files\BitComet\Torrents\BitComet_1.12_setup.exe.xml
c:\program files\BitComet\Torrents\Broken.Flowers[2005].DVDRIP.Mentality.avi.torrent
c:\program files\BitComet\Torrents\Broken.Flowers[2005].DVDRIP.Mentality.avi.xml
c:\program files\BitComet\Torrents\Coraline - (2009) DvDrip-XviD-BeStDivX.torrent
c:\program files\BitComet\Torrents\Coraline.2009.DVDRip.XviD-ARROW-MFDss.torrent
c:\program files\BitComet\Torrents\Coraline.2009.DVDRip.XviD-ARROW-MFDss.xml
c:\program files\BitComet\Torrents\Coraline.CAM.XviD-nsiervi.torrent
c:\program files\BitComet\Torrents\Coraline_NTSC_PS2DVD-STRiKE.torrent
c:\program files\BitComet\Torrents\Cum Swapping Girlfriends.torrent
c:\program files\BitComet\Torrents\Cum Swapping Girlfriends.xml
c:\program files\BitComet\Torrents\Drag me to Hell[2009][DvdScreener].wmv.torrent
c:\program files\BitComet\Torrents\Drag me to Hell[2009][DvdScreener].wmv.xml
c:\program files\BitComet\Torrents\Duplicity (2009) TS DivXNL-Team.torrent
c:\program files\BitComet\Torrents\Duplicity.2009.Eng.Telesync.XviD-LTT.torrent
c:\program files\BitComet\Torrents\Duplicity.2009.Eng.Telesync.XviD-LTT.xml
c:\program files\BitComet\Torrents\FairUse4WM+Commander.rar.torrent
c:\program files\BitComet\Torrents\Fringe Season1 (XviD asd) EnglishV+NapisyPL - www.com.torrent
c:\program files\BitComet\Torrents\Fringe Season1 (XviD asd) EnglishV+NapisyPL - www.com.xml
c:\program files\BitComet\Torrents\Frost Nixon 2009 DVDRip-FTR.torrent
c:\program files\BitComet\Torrents\Frost Nixon 2009 DVDRip-FTR.xml
c:\program files\BitComet\Torrents\Frost Nixon[2008]DvDrip[Eng]-FXG.torrent
c:\program files\BitComet\Torrents\Frozen.River.2008.LiMiTED.DVDRip.XviD-iFN.torrent
c:\program files\BitComet\Torrents\Gomorrah.2008.DVDRip.XviD.AC3-iAPULA.[www.usabit.com].torrent
c:\program files\BitComet\Torrents\Gomorrah.2008.DVDRip.XviD.AC3-iAPULA.[www.usabit.com].xml
c:\program files\BitComet\Torrents\I.Love.You,.Man!2009.torrent
c:\program files\BitComet\Torrents\I.Love.You,.Man!2009.xml
c:\program files\BitComet\Torrents\Lesbian.Triangles.13.[English].XXX.DVDRiP.XviD-[WwW.TorrentesX.CoM].torrent
c:\program files\BitComet\Torrents\license.exe.xml
c:\program files\BitComet\Torrents\Madagascar-Escape.2.Africa[2008]DvDrip-aXXo.torrent
c:\program files\BitComet\Torrents\Madagascar-Escape.2.Africa[2008]DvDrip-aXXo.xml
c:\program files\BitComet\Torrents\Milk.DVDRip.XviD-DiAMOND[SpaEstrenos].torrent
c:\program files\BitComet\Torrents\Milk.DVDRip.XviD-DiAMOND[SpaEstrenos].xml
c:\program files\BitComet\Torrents\Monsters.vs.Aliens.torrent
c:\program files\BitComet\Torrents\Monsters.vs.Aliens.xml
c:\program files\BitComet\Torrents\mpcstar_3.8_setup.exe.torrent
c:\program files\BitComet\Torrents\mpcstar_3.8_setup.exe.xml
c:\program files\BitComet\Torrents\P2.torrent
c:\program files\BitComet\Torrents\Private British MILFs XXX [DVDRip][English][www.zonatorrent.com].torrent
c:\program files\BitComet\Torrents\Private British MILFs XXX [DVDRip][English][www.zonatorrent.com][0].torrent
c:\program files\BitComet\Torrents\Revolutionary Road[2008]DvDrip[Eng]-FXG.torrent
c:\program files\BitComet\Torrents\Revolutionary Road[2008]DvDrip[Eng]-FXG.xml
c:\program files\BitComet\Torrents\Slumdog.Millionaire.DVDSCR.XViD-GENUiNE.torrent
c:\program files\BitComet\Torrents\State.of.Play!.2009.torrent
c:\program files\BitComet\Torrents\State.of.Play!.2009.xml
c:\program files\BitComet\Torrents\State.of.Play.2009.CAM.DivX-LTT.torrent
c:\program files\BitComet\Torrents\State.of.Play.2009.CAM.DivX-LTT.xml
c:\program files\BitComet\Torrents\The Chronicles of Narnia - DVDRIP.XVID.AC3.DragonRipper624.torrent
c:\program files\BitComet\Torrents\The Chronicles of Narnia - DVDRIP.XVID.AC3.DragonRipper624.xml
c:\program files\BitComet\Torrents\The Chronicles of Narnia_The Lion, the Witch and the Wardrobe 2005 H264 DVDRip 5.1ch (Extended Edition).torrent
c:\program files\BitComet\Torrents\The International[2009]DvDrip[Eng]-FXG.torrent
c:\program files\BitComet\Torrents\The International[2009]DvDrip[Eng]-FXG.xml
c:\program files\BitComet\Torrents\The Wrestler.2009.DVDSCR VOSTFR Xvid -Guiks.Trackersurfer.avi.torrent
c:\program files\BitComet\Torrents\The.Chronicles.Of.Narnia-The.Lion.the.Witch.and.the.Wardrobe[2005]DvDrip[Eng]-aXXo.torrent
c:\program files\BitComet\Torrents\The.Chronicles.Of.Narnia.The.Lion.The.Witch.And.The.Wardrobe.DVDRip.XviD.SweSub-Pitbull.avi.torrent
c:\program files\BitComet\Torrents\The.Chronicles.Of.Narnia.The.Lion.The.Witch.And.The.Wardrobe.DVDRip.XviD.SweSub-Pitbull.avi.xml
c:\program files\BitComet\Torrents\The.Wrestler[2008]DvDrip-MAX.torrent
c:\program files\BitComet\Torrents\The.Wrestler[2008]DvDrip-MAX.xml
c:\program files\BitComet\Torrents\UP.DvDRiP(2009).torrent
c:\program files\BitComet\Torrents\UP.DvDRiP(2009).xml
c:\program files\BitComet\Torrents\X-Men.Origins.Wolverine.2009.WORKPRINT.XviD-NoGRP.torrent
c:\program files\BitComet\Torrents\X-Men.Origins.Wolverine.2009.WORKPRINT.XviD-NoGRP.xml
c:\windows\18557notza-vi9usc.bin
c:\windows\system32\2z4439py5.dll

PART 2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KRDPDRE
-------\Service_krdpdre


((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-03 22:15 . 2009-06-03 22:15 361472 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\OneCare Protection\LocalCopy\{995E55E8-E724-4913-5D35-F2FDBFD1C3FE}-tempo-setup2.exe
2009-06-03 22:15 . 2009-06-03 22:15 361472 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\OneCare Protection\LocalCopy\{F267AA9E-64C6-7D0F-5356-FBDE2CC7A2CD}-tempo-setup2.exe
2009-06-03 17:44 . 2009-06-04 18:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-03 17:07 . 2009-06-03 17:07 -------- d-----w- c:\program files\Trend Micro
2009-06-03 16:52 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 16:52 . 2009-06-03 16:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 16:52 . 2009-06-03 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-03 16:52 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 16:41 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-03 16:40 . 2009-03-06 15:45 130424 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-03 16:40 . 2008-12-18 11:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-03 16:40 . 2009-06-03 16:41 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-03 16:40 . 2008-12-10 11:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-03 16:40 . 2009-06-03 17:44 -------- d-----w- c:\program files\Spyware Doctor
2009-06-03 16:40 . 2009-06-03 16:40 -------- d-----w- c:\documents and settings\RICHARD\Application Data\PC Tools
2009-06-03 16:40 . 2009-06-03 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-02 23:41 . 2009-06-02 23:41 -------- d-----w- c:\program files\PlayAllDVD
2009-06-02 23:37 . 2009-06-02 23:37 -------- d-----w- c:\program files\WinBlueSoft Software
2009-06-02 18:20 . 2009-06-02 18:20 -------- d-----w- c:\documents and settings\RICHARD\Application Data\UseNeXT
2009-06-02 18:20 . 2009-06-02 18:20 -------- d-----w- c:\program files\UseNeXT
2009-06-01 23:06 . 2009-06-01 23:07 -------- d-----w- c:\documents and settings\RICHARD\Application Data\TigerPlayer
2009-06-01 23:05 . 2009-06-01 23:05 -------- d-----w- c:\program files\MpcStar
2009-05-31 21:42 . 2009-05-31 21:42 390664 ----a-w- c:\documents and settings\RICHARD\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-29 03:35 . 2008-11-05 09:14 1048576 ----a-w- c:\documents and settings\RICHARD\Application Data\Mozilla\Firefox\Profiles\c5kqd84s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash\components\IBitCometExtension.dll
2009-05-27 16:37 . 2009-05-27 16:37 -------- d-----w- c:\program files\DivxFree
2009-05-23 12:04 . 2009-05-23 12:04 -------- d-----w- c:\program files\UltraVideo
2009-05-20 14:44 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-05-20 14:44 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-05-20 14:44 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-05-20 14:44 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-05-20 14:44 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-05-20 14:44 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-05-20 14:44 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-20 14:44 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-05-20 14:44 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-05-20 14:42 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-05-20 14:42 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-05-20 14:40 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-05-20 14:40 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-05-20 14:40 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-05-20 14:40 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 18:09 . 2007-09-16 16:44 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-06-03 17:57 . 2007-07-17 17:52 -------- d-----w- c:\program files\Java
2009-05-27 22:38 . 2006-09-23 16:57 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-26 22:52 . 2008-09-23 18:24 -------- d-----w- c:\program files\Nokia
2009-05-25 19:20 . 2006-09-13 17:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2003-12-19 19:36 . 2006-09-23 17:05 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-03_22.42.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-04 18:25 . 2009-06-04 18:25 16384 c:\windows\Temp\Perflib_Perfdata_d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-03-22 63864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-01 185896]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-08-11 18944]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-10-15 1818624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-9-23 155648]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [23/09/2006 18:09 9344]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [03/06/2009 17:40 130424]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [22/03/2009 10:59 24936]
R2 sfmgr;CaReTaKeR-CT NetMgr 1.2.1;c:\sfmgr\sfmgr.exe [15/03/2007 13:16 171008]
S3 ni_avs;ni_avs;c:\windows\system32\Drivers\ni_avs.sys --> c:\windows\system32\Drivers\ni_avs.sys [?]
S3 ni_usb;ni_usb;c:\windows\system32\Drivers\ni_usb.sys --> c:\windows\system32\Drivers\ni_usb.sys [?]
S3 USB22LDR;M-Audio USB MIDISPORT 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [03/04/2008 20:45 20936]
.
Contents of the 'Scheduled Tasks' folder

2009-06-04 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\RICHARD\Application Data\Mozilla\Firefox\Profiles\c5kqd84s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\RICHARD\Application Data\Mozilla\Firefox\Profiles\c5kqd84s.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 19:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-725345543-910916986-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3c,9c,6c,23,db,93,6c,2e,e2,51,78,77,2a,83,44,ea,ac,a2,8d,7a,5c,d2,9b,
d3,4c,fe,7c,18,bb,af,e8,59,c4,98,ca,57,50,a5,ea,eb,97,d2,f8,b2,09,8c,85,b4,\
"??"=hex:d5,b6,d8,0c,d2,ce,a5,b1,06,09,a9,bf,cb,2d,2a,b8
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3344)
c:\windows\system32\ctagent.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\windows\system32\DVDRAMSV.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-06-04 19:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-04 18:28
ComboFix2.txt 2009-06-03 22:45

Pre-Run: 1,525,243,904 bytes free
Post-Run: 1,425,149,952 bytes free

327 --- E O F --- 2009-05-21 18:25

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Hi,

I have done as you have requested and I now have access to my computer & drives again, thank you, really appreciate your time doing this.

Two things:

1. I still have the WinBluSoft Warning as my wallpaper

2. I am getting error messages when I try to open the MalwareBytes software? Run time error (0) & run time error (440)....

Am I malware, virus free or are the other steps I need to take?

Lastly, I thought Windows Live Onecare was powerful enough to stop intrusions like this?

Once again thanks for helping out.

Hello.
The Desktp background just needs changing back to default, it's just a setting that wasn't removed.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

• MalwareBytes Anti-Malware
  

Then reboot!

After reboot, download the MBAM Cleaner from here.

Allow it to work and it will want to reboot again, allow it to.

Then try installing MBAM again.

Hey Belahzur,

My PC is now back to (if not better given what has been removed malware-wise) it's previous state.

Thank you very much.

I will be making a donation to you guys for all your help.

Cheers