WinBlueSoft got me too.

WinBlueSoft - it got me. Got me good. Your expertise on removal would be greatly appreciated.
I hope I post this correctly
OS XP sp3
Status: Nasty warning screen hijacked my desktop.
Most exe file do run including MalwareBytes which is up to date. I'm going to end up with a couple log files from this as it ran once before updating.
P2P programs will not uninstall.
Txt files will not open but I can move them via usb stick thus making log files available.

I will post HJT in a second post

Thank you. I've always had a very clean network and this not only has be surprised but incredibly upset, as I'm sure you can imagine.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:07 PM, on 6/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 1
O1 - Hosts: 65.75.216.6 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.54 www.winmx.com err.winmx.com
O1 - Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
O1 - Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com
O1 - Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com
O1 - Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O1 - Hosts: 65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
O1 - Hosts: 205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
O1 - Hosts: 65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net
O1 - Hosts: 65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net
O1 - Hosts: 82.43.229.238 test2.winmxgroup.net
O1 - Hosts: 205.238.40.1 test3.winmxgroup.net
O1 - Hosts: 205.238.40.2 test4.winmxgroup.net

O1 - Hosts: 65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net
O1 - Hosts: 65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net
O1 - Hosts: 82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net
O1 - Hosts: 205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net
O1 - Hosts: 205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WallpaperChanger] C:\Program Files\Wallpaper Master\Wallpaper.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: HDD temperature.lnk = C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: HDD temperature.lnk = C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HDD temperature.lnk = C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: blocker.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 15596 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
  O20 - AppInit_DLLs: blocker.dll
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Next,

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV. (WinPatrol/Norton)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Thank you. I got impatient and worked at this a bit this morning and seems I've gotten rid of it. I shall post the results from your suggestion as a matter of due diligence, in case I missed something

Via HJT I already fixed:
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O20 - AppInit_DLLs: blocker.dll

I was then able to run Revo Uninstaller and it appears to have taken care of it. I also ran RegClean. Everything appears normal but I'm curious to see if I missed anything.

uninstall_list.txt and log.txt to follow.

%s Plugin for Netscape by eSupport.com
5000 Series
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
AM-DeadLink
AOL Instant Messenger
AppCore
Applian FLV Player
Atomic Clock Sync
Audacity 1.2.4
Azureus
Backup
Belarc Advisor 6.1
BUFFALO INC. LinkStation Utility
CameraMate Real-Time Video Driver
ccCommon
CCleaner (remove only)
ClearType Tuning Control Panel Applet
Comcast High-Speed Internet Install Wizard
CPUID CPU-Z 1.51
CreateM3U (remove only)
Criline Search and Replace 3.3
Critical Update for Windows Media Player 11 (KB959772)
Drive Manager
Drive Manager
Easy CD Creator 5 Basic
Eusing Free Registry Cleaner
File Renamer - Basic
FormatFactory
FormatFactory 1.70
Fotosizer 1.22
Foxit PDF Editor
Foxit Reader
FoxyTunes for Firefox
Free&Easy Font Viewer 1.2
GearDrvs
G-Lock EasyMail 5
Google Earth
Guitar Pro 5.0
HDD Temperature
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
HmmXP 3 Theme Pack
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP My Display
HP PrecisionScan LTX
InterVideo WinDVD Recorder 5
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Pro 8
Java 2 Runtime Environment, SE v1.4.2_08
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Just Great Software EditPad Lite 6.4.3
Kana Reminder 1.5
Lexmark 1300 Series
LimeWire 4.18.8
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Maya Paint Effects Screen Saver
McAfee SiteAdvisor
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla (1.7.3)
Mozilla Firefox (2.0.0.17)
Mozilla Firefox (3.0.10)
Mozilla Thunderbird (2.0.0.21)
MSXML 6.0 Parser (KB933579)
Nero Suite
NetZero Internet
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
Norton Ghost
NVIDIA Drivers
OpenOffice.org 3.0
Opera 9.27
PayPal Plug-In
PC Alarm Clock
Picasa 2
Power Tab Editor 1.7
Power Tab Librarian
PowerQuest PartitionMagic 8.0 Demo
PrintFolders 2.21
QuickTime
REAPER
Revo Uninstaller 1.83
Rhapsody Player Engine
Screen Calipers
SDK
Second Copy 2000
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Sierra Utilities
Skype 2.5
Sonic DLA
SoundMAX
SPBBC 32bit
SpeedFan (remove only)
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
System Requirements Lab
TagScanner 4.9 build 492
TaxACT 2007
TaxACT 2008
TaxACT 2008 Connecticut
TaxACT Connecticut 2007
Telescope
Tidy Start Menu
Trillian
Uninstall Startup Inspector
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Veo Advanced Connect
Veo Digital Studio
Viewpoint Media Player
Vista/XP Virtual Desktops
VistaPrint Electronic Business Card
Wallpaper Master v2.16
WeatherBug
Winamp (remove only)
WinAVIVideoConverter
WinBackup
Windows Defender Signatures
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinFast Codec-TS SDK
WinFast De-interlace SDK
WinFast Multimedia Driver Installation
WinFast PVR2
WinFast TT-SB SDK
WinHTTrack Website Copier 3.40
WinPatrol 2008
WinRAR archiver
WinZip
X2CD (remove only)
xplorer² lite
Yahoo! Messenger

ComboFix 09-06-01.03 - Administrator 06/03/2009 10:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.994 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\MailSwitch.ocx
c:\windows\system32\Dvbpws.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 03:29 . 2009-06-03 03:29 -------- d-----w- c:\program files\Trend Micro
2009-06-03 02:16 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 02:16 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 02:16 . 2009-06-03 02:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 00:16 . 2009-06-03 00:16 -------- d-----w- c:\program files\WinBlueSoft Software
2009-05-31 19:01 . 2009-05-31 19:01 -------- d-----w- c:\program files\VS Revo Group
2009-05-31 17:35 . 2009-05-31 17:35 -------- d-----w- c:\program files\Toolbars
2009-05-28 19:19 . 2009-05-28 19:19 -------- d-----w- c:\program files\CPUID
2009-05-28 19:19 . 2009-03-27 05:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2009-05-28 13:03 . 2009-06-03 12:37 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-28 13:02 . 2009-05-28 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-28 13:01 . 2009-05-28 13:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-28 13:01 . 2009-05-28 13:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-05-28 12:55 . 2009-02-10 19:56 570368 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1qzle9da.newProfile\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}\plugins\npagent.dll
2009-05-28 12:55 . 2007-12-04 19:44 23600 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1qzle9da.newProfile\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}\TVicHW32.sys
2009-05-28 12:55 . 2007-12-04 19:44 21200 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1qzle9da.newProfile\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}\TVicHW64.sys
2009-05-22 19:13 . 2009-05-22 19:13 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-19 01:06 . 2009-05-19 01:06 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-05-13 17:01 . 2009-05-06 18:23 372736 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1qzle9da.newProfile\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 14:27 . 2004-11-14 05:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-03 14:07 . 2004-11-15 00:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\MailWasher
2009-06-03 14:05 . 2006-01-13 17:34 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-03 13:57 . 2009-03-21 18:37 -------- d-----w- c:\program files\Mozilla Firefox3
2009-06-03 04:00 . 2004-11-15 00:21 -------- d-----w- c:\program files\WinMX
2009-06-03 03:40 . 2006-10-15 00:27 -------- d-----w- c:\program files\BitTorrent
2009-06-02 20:23 . 2006-04-07 17:24 2957 ----a-w- c:\program files\i_view32.ini
2009-06-02 03:28 . 2009-01-02 17:52 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-02 01:48 . 2004-11-18 05:38 -------- d-----w- c:\program files\Paint Shop Pro 6
2009-06-01 03:16 . 2004-11-14 23:36 -------- d-----w- c:\program files\MailWasher
2009-05-31 19:19 . 2009-04-18 22:32 -------- d-----w- c:\program files\Criline Search and Replace
2009-05-31 19:09 . 2008-05-16 23:49 -------- d-----w- c:\program files\FASoft
2009-05-31 17:39 . 2006-04-07 17:24 -------- d-----w- c:\program files\Plugins
2009-05-31 17:35 . 2009-05-31 17:35 235802 ----a-w- c:\program files\i_view32.chm
2009-05-31 17:35 . 2006-04-07 17:24 765 ----a-w- c:\program files\i_languages.txt
2009-05-31 17:35 . 2006-04-07 17:24 69849 ----a-w- c:\program files\i_changes.txt
2009-05-31 17:35 . 2006-04-07 17:24 474112 ----a-w- c:\program files\i_view32.exe
2009-05-31 17:35 . 2006-04-07 17:24 29696 ----a-w- c:\program files\iv_uninstall.exe
2009-05-31 17:35 . 2006-04-07 17:24 2373 ----a-w- c:\program files\i_about.txt
2009-05-31 17:35 . 2006-04-07 17:24 14668 ----a-w- c:\program files\i_options.txt
2009-05-31 17:35 . 2006-04-07 17:24 12042 ----a-w- c:\program files\i_plugins.txt
2009-05-29 04:03 . 2008-02-11 14:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\wsInspector
2009-05-29 04:01 . 2008-01-04 15:11 -------- d-----w- c:\program files\Fotosizer
2009-05-28 13:01 . 2006-02-24 02:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-24 13:57 . 2004-11-15 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-22 19:14 . 2004-11-17 18:52 -------- d-----w- c:\program files\Java
2009-05-19 01:18 . 2009-04-26 17:38 -------- d-----w- c:\program files\SpeedFan
2009-05-18 20:40 . 2004-11-16 19:33 1080 ----a-w- c:\windows\AUTOLNCH.REG
2009-05-11 01:04 . 2009-05-11 01:04 -------- d-----w- c:\documents and settings\Guest\Application Data\Symantec
2009-05-11 01:04 . 2009-05-11 01:04 -------- d-----w- c:\documents and settings\Guest\Application Data\InterVideo
2009-05-05 15:34 . 2008-11-05 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\WholeSecurity
2009-04-30 01:43 . 2009-04-26 18:09 -------- d-----w- c:\program files\McAfee
2009-04-26 18:13 . 2009-04-26 18:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-04-26 18:13 . 2009-04-26 18:13 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-04-26 18:13 . 2009-04-26 18:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\SiteAdvisor
2009-04-26 18:10 . 2009-04-26 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-04-26 18:10 . 2009-04-26 18:10 -------- d-----w- c:\program files\Common Files\McAfee
2009-04-26 18:09 . 2009-04-26 18:09 5955448 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1qzle9da.newProfile\saSetup64.exe
2009-04-26 18:09 . 2009-04-26 18:09 5955448 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1qzle9da.newProfile\temp.exe
2009-04-26 18:09 . 2009-04-26 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-04-15 18:28 . 2008-11-24 00:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\WeatherBug
2009-04-09 13:06 . 2008-11-14 03:11 -------- d-----w- c:\program files\Norton 360
2009-04-09 01:25 . 2005-09-24 23:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Azureus
2009-04-09 00:36 . 2005-11-22 00:25 -------- d-----w- c:\program files\Azureus
2009-04-01 02:46 . 2008-02-24 02:07 9584 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll
2009-03-22 18:44 . 2009-03-22 18:44 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-16 03:53 . 2004-11-14 05:31 210120 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-09 09:19 . 2008-12-20 16:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-11-14 05:20 284160 ----a-w- c:\windows\system32\pdh.dll
2006-11-15 00:46 . 2006-11-15 00:46 336 ----a-w- c:\program files\temp995.bat
2006-04-07 17:24 . 2006-04-07 17:24 661 ----a-w- c:\program files\i_view32.exe.manifest
2006-04-07 17:24 . 2006-04-07 17:24 5811 ----a-w- c:\program files\i_view32.cnt
2006-04-07 17:24 . 2006-04-07 17:24 206436 ----a-w- c:\program files\i_view32.hlp
2009-04-01 02:47 . 2008-11-14 03:13 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-08-29 21:14 . 2005-04-20 22:53 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-08-29 21:14 . 2005-04-20 22:53 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-08-29 21:14 . 2007-10-18 00:35 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-08-29 21:14 . 2007-10-18 00:35 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-08-29 21:14 . 2005-04-20 22:53 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2004-08-04 07:56 . 2005-03-25 23:04 73728 --sh--w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2007-04-02 23:11 . 2007-04-02 23:09 56 --sh--r- c:\windows\system32\0E77981ED6.sys
2007-04-02 23:11 . 2007-04-02 22:55 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WallpaperChanger"="c:\program files\Wallpaper Master\Wallpaper.exe" [2005-11-08 321536]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-05-07 2037088]
"FastTVSync"="c:\program files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" [2004-03-11 245760]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
HDD temperature.lnk - c:\program files\PalickSoft\HDD Temperature\HDDTemperature.exe [2004-11-24 657920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Stickies.lnk]
backup=c:\windows\pss\Stickies.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk]
backup=c:\windows\pss\InterVideo Scheduler server.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Java\\jre1.5.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\W32X86\\3\\lxdctime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\W32X86\\3\\lxdcpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\W32X86\\3\\lxdcjswx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 HDDTService;HDD Temperature;c:\program files\PalickSoft\HDD Temperature\HDDTSvc.exe [11/24/2004 3:10 PM 384512]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/26/2009 2:10 PM 210216]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/26/2009 7:48 PM 101936]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [5/28/2009 3:19 PM 12672]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [11/21/2004 8:19 PM 899980]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-05-31 c:\windows\Tasks\Malwarebytes' Anti-Malware.job
- c:\progra~1\MALWAR~1\mbam.exe [2009-06-03 17:20]

2009-05-24 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-21 21:09]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Settings,ProxyServer = 1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1qzle9da.newProfile\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1qzle9da.newProfile\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}\plugins\npagent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 10:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HDDTService]
"ImagePath"="c:\program files\PalickSoft\HDD Temperature\HDDTSvc.exe /startedbyscm:916B11C7-40E287F3-HDDTService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1844237615-682003330-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1409082233-1844237615-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3DBD720F-38DD-5D8D-92E4-64D8ECA5A2F3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jagimjnoencpeekeiojj"=hex:6a,61,6b,6c,64,63,6a,6d,68,63,6b,66,63,6f,62,6b,6b,
69,68,6b,00,17
"iaaioamdjheddaemje"=hex:6a,61,6b,6c,64,63,6a,6d,68,63,6b,66,63,6f,62,6b,6b,69,
68,6b,00,17
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1160)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(712)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdccoms.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-06-03 10:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-03 14:35

Pre-Run: 39,046,180,864 bytes free
Post-Run: 39,928,664,064 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

265 --- E O F --- 2009-05-14 12:27

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Azureus
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_08
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
LimeWire 4.18.8
Viewpoint Media Player

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Folder::
c:\program files\BitTorrent
c:\program files\WinMX
c:\Program Files\Azureus
c:\Program Files\LimeWire

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"c:\\Program Files\\Azureus\\Azureus.exe"=-

DDS::
uStart Page = about:blank

Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1qzle9da.newProfile\
FF - prefs.js: browser.startup.homepage - about:blank

RegNull::
[HKEY_USERS\S-1-5-21-1409082233-1844237615-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3DBD720F-38DD-5D8D-92E4-64D8ECA5A2F3}*]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Sorry about the P2P. They're gone now bt apparently WinBlue is not - there is still a folder with an .exe in C:\Program Files. Here is the requested log:

ComboFix 09-06-01.03 - Administrator 06/03/2009 11:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1037 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Azureus
c:\program files\Azureus\Azureus.exe.manifest
c:\program files\Azureus\AzureusUpdater.exe
c:\program files\Azureus\msvcr71.dll
c:\program files\Azureus\plugins\azplugins\azplugins_1.5.1.jar
c:\program files\Azureus\plugins\azplugins\azplugins_1.5.jar
c:\program files\Azureus\plugins\azplugins\azplugins_1.8.8.jar
c:\program files\Azureus\plugins\azplugins\azplugins_2.0.jar
c:\program files\Azureus\plugins\azplugins\azplugins_2.1.4.jar
c:\program files\Azureus\plugins\azupdater\azupdater_1.8.3.zip
c:\program files\Azureus\plugins\azupdater\azupdater_1.8.8.zip
c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.6.3.jar
c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.3.jar
c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.8.jar
c:\program files\Azureus\plugins\azupdater\Azureus2_2.3.0.6_P2.pax
c:\program files\Azureus\plugins\azupdater\plugin.properties
c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.3
c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.8
c:\program files\Azureus\plugins\azupdater\Updater.jar
c:\program files\Azureus\plugins\azupdater\Updater.jar.bak
c:\program files\Azureus\swt-awt-win32-3139.dll
c:\program files\Azureus\swt-gdip-win32-3139.dll
c:\program files\Azureus\swt-win32-3139.dll
c:\program files\Azureus\Uninstall.exe
c:\program files\BitTorrent
c:\program files\BitTorrent\addrmap.dat
c:\program files\BitTorrent\plugin.inf
c:\program files\LimeWire
c:\program files\LimeWire\Thumbs.db
c:\program files\WinMX
c:\program files\WinMX\wpnpchannelcmds.txt

.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 03:29 . 2009-06-03 03:29 -------- d-----w- c:\program files\Trend Micro
2009-06-03 02:16 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 02:16 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 02:16 . 2009-06-03 02:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 00:16 . 2009-06-03 00:16 -------- d-----w- c:\program files\WinBlueSoft Software
2009-05-31 19:01 . 2009-05-31 19:01 -------- d-----w- c:\program files\VS Revo Group
2009-05-31 17:35 . 2009-05-31 17:35 -------- d-----w- c:\program files\Toolbars
2009-05-28 19:19 . 2009-05-28 19:19 -------- d-----w- c:\program files\CPUID
2009-05-28 19:19 . 2009-03-27 05:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2009-05-28 13:03 . 2009-06-03 12:37 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-28 13:02 . 2009-05-28 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-28 13:01 . 2009-05-28 13:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-28 13:01 . 2009-05-28 13:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-05-28 12:55 . 2009-02-10 19:56 570368 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1qzle9da.newProfile\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}\plugins\npagent.dll
2009-05-28 12:55 . 2007-12-04 19:44 23600 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1qzle9da.newProfile\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}\TVicHW32.sys
2009-05-28 12:55 . 2007-12-04 19:44 21200 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1qzle9da.newProfile\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}\TVicHW64.sys
2009-05-22 19:13 . 2009-05-22 19:13 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-19 01:06 . 2009-05-19 01:06 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-05-13 17:01 . 2009-05-06 18:23 372736 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1qzle9da.newProfile\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 15:29 . 2004-11-14 05:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-03 15:09 . 2004-11-17 18:52 -------- d-----w- c:\program files\Java
2009-06-03 14:48 . 2004-11-15 00:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\MailWasher
2009-06-03 14:38 . 2009-03-21 18:37 -------- d-----w- c:\program files\Mozilla Firefox3
2009-06-03 14:05 . 2006-01-13 17:34 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-02 20:23 . 2006-04-07 17:24 2957 ----a-w- c:\program files\i_view32.ini
2009-06-02 03:28 . 2009-01-02 17:52 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-02 01:48 . 2004-11-18 05:38 -------- d-----w- c:\program files\Paint Shop Pro 6
2009-06-01 03:16 . 2004-11-14 23:36 -------- d-----w- c:\program files\MailWasher
2009-05-31 19:19 . 2009-04-18 22:32 -------- d-----w- c:\program files\Criline Search and Replace
2009-05-31 19:09 . 2008-05-16 23:49 -------- d-----w- c:\program files\FASoft
2009-05-31 17:39 . 2006-04-07 17:24 -------- d-----w- c:\program files\Plugins
2009-05-31 17:35 . 2009-05-31 17:35 235802 ----a-w- c:\program files\i_view32.chm
2009-05-31 17:35 . 2006-04-07 17:24 765 ----a-w- c:\program files\i_languages.txt
2009-05-31 17:35 . 2006-04-07 17:24 69849 ----a-w- c:\program files\i_changes.txt
2009-05-31 17:35 . 2006-04-07 17:24 474112 ----a-w- c:\program files\i_view32.exe
2009-05-31 17:35 . 2006-04-07 17:24 29696 ----a-w- c:\program files\iv_uninstall.exe
2009-05-31 17:35 . 2006-04-07 17:24 2373 ----a-w- c:\program files\i_about.txt
2009-05-31 17:35 . 2006-04-07 17:24 14668 ----a-w- c:\program files\i_options.txt
2009-05-31 17:35 . 2006-04-07 17:24 12042 ----a-w- c:\program files\i_plugins.txt
2009-05-29 04:03 . 2008-02-11 14:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\wsInspector
2009-05-29 04:01 . 2008-01-04 15:11 -------- d-----w- c:\program files\Fotosizer
2009-05-28 13:01 . 2006-02-24 02:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-24 13:57 . 2004-11-15 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-19 01:18 . 2009-04-26 17:38 -------- d-----w- c:\program files\SpeedFan
2009-05-18 20:40 . 2004-11-16 19:33 1080 ----a-w- c:\windows\AUTOLNCH.REG
2009-05-11 01:04 . 2009-05-11 01:04 -------- d-----w- c:\documents and settings\Guest\Application Data\Symantec
2009-05-11 01:04 . 2009-05-11 01:04 -------- d-----w- c:\documents and settings\Guest\Application Data\InterVideo
2009-05-05 15:34 . 2008-11-05 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\WholeSecurity
2009-04-30 01:43 . 2009-04-26 18:09 -------- d-----w- c:\program files\McAfee
2009-04-26 18:13 . 2009-04-26 18:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-04-26 18:13 . 2009-04-26 18:13 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-04-26 18:13 . 2009-04-26 18:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\SiteAdvisor
2009-04-26 18:10 . 2009-04-26 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-04-26 18:10 . 2009-04-26 18:10 -------- d-----w- c:\program files\Common Files\McAfee
2009-04-26 18:09 . 2009-04-26 18:09 5955448 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1qzle9da.newProfile\saSetup64.exe
2009-04-26 18:09 . 2009-04-26 18:09 5955448 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1qzle9da.newProfile\temp.exe
2009-04-26 18:09 . 2009-04-26 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-04-15 18:28 . 2008-11-24 00:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\WeatherBug
2009-04-09 13:06 . 2008-11-14 03:11 -------- d-----w- c:\program files\Norton 360
2009-04-09 01:25 . 2005-09-24 23:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Azureus
2009-04-01 02:46 . 2008-02-24 02:07 9584 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll
2009-03-22 18:44 . 2009-03-22 18:44 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-16 03:53 . 2004-11-14 05:31 210120 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-09 09:19 . 2008-12-20 16:14 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-11-14 05:20 284160 ----a-w- c:\windows\system32\pdh.dll
2006-11-15 00:46 . 2006-11-15 00:46 336 ----a-w- c:\program files\temp995.bat
2006-04-07 17:24 . 2006-04-07 17:24 661 ----a-w- c:\program files\i_view32.exe.manifest
2006-04-07 17:24 . 2006-04-07 17:24 5811 ----a-w- c:\program files\i_view32.cnt
2006-04-07 17:24 . 2006-04-07 17:24 206436 ----a-w- c:\program files\i_view32.hlp
2009-04-01 02:47 . 2008-11-14 03:13 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-08-29 21:14 . 2005-04-20 22:53 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-08-29 21:14 . 2005-04-20 22:53 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-08-29 21:14 . 2007-10-18 00:35 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-08-29 21:14 . 2007-10-18 00:35 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-08-29 21:14 . 2005-04-20 22:53 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2004-08-04 07:56 . 2005-03-25 23:04 73728 --sh--w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2007-04-02 23:11 . 2007-04-02 23:09 56 --sh--r- c:\windows\system32\0E77981ED6.sys
2007-04-02 23:11 . 2007-04-02 22:55 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-03_14.30.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-03 15:29 . 2009-06-03 15:29 16384 c:\windows\Temp\Perflib_Perfdata_a0.dat
+ 2009-06-03 15:29 . 2009-06-03 15:29 16384 c:\windows\Temp\Perflib_Perfdata_7e8.dat
+ 2009-06-03 15:14 . 2009-06-03 15:14 16384 c:\windows\Temp\Perflib_Perfdata_7e0.dat
+ 2009-06-03 15:29 . 2009-06-03 15:29 16384 c:\windows\Temp\Perflib_Perfdata_33c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WallpaperChanger"="c:\program files\Wallpaper Master\Wallpaper.exe" [2005-11-08 321536]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-05-07 2037088]
"FastTVSync"="c:\program files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" [2004-03-11 245760]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
HDD temperature.lnk - c:\program files\PalickSoft\HDD Temperature\HDDTemperature.exe [2004-11-24 657920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Stickies.lnk]
backup=c:\windows\pss\Stickies.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo Scheduler server.lnk]
backup=c:\windows\pss\InterVideo Scheduler server.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\W32X86\\3\\lxdctime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\W32X86\\3\\lxdcpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\W32X86\\3\\lxdcjswx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 HDDTService;HDD Temperature;c:\program files\PalickSoft\HDD Temperature\HDDTSvc.exe [11/24/2004 3:10 PM 384512]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/26/2009 2:10 PM 210216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/26/2009 7:48 PM 101936]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [5/28/2009 3:19 PM 12672]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [11/21/2004 8:19 PM 899980]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-05-31 c:\windows\Tasks\Malwarebytes' Anti-Malware.job
- c:\progra~1\MALWAR~1\mbam.exe [2009-06-03 17:20]

2009-05-24 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-21 21:09]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1qzle9da.newProfile\
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1qzle9da.newProfile\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}\plugins\npagent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 11:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HDDTService]
"ImagePath"="c:\program files\PalickSoft\HDD Temperature\HDDTSvc.exe /startedbyscm:916B11C7-40E287F3-HDDTService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1844237615-682003330-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1140)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3164)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdccoms.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-06-03 11:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-03 15:36
ComboFix2.txt 2009-06-03 14:35

Pre-Run: 40,110,292,992 bytes free
Post-Run: 40,069,627,904 bytes free

274 --- E O F --- 2009-05-14 12:27

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Thank you so much. Seems to be ok and certainly cleaner. I'll post back if I encounter any further issues.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.