I'm another victim of winblue

c:\documents and settings\Candi Drop\Application Data\Azureus\tracker.config
c:\documents and settings\Candi Drop\Application Data\Azureus\tracker.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\unsentdata.config
c:\documents and settings\Candi Drop\Application Data\Azureus\unsentdata.config.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\update.log
c:\documents and settings\Candi Drop\Application Data\Azureus\update.properties
c:\documents and settings\Candi Drop\Application Data\Azureus\v3.Friends.dat
c:\documents and settings\Candi Drop\Application Data\Azureus\v3.Friends.dat.bak
c:\documents and settings\Candi Drop\Application Data\Azureus\VuzeActivities.config
c:\documents and settings\Candi Drop\Application Data\Azureus\VuzeActivities.config.bak
c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot
c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot\Log\2009 Jun 03 - 08_08_57 PM_375.log
c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot\rs.dat
c:\documents and settings\Candi Drop\Application Data\MalwareRemovalBot\Settings\ScanResults.pie
c:\windows\SAE0A6F7D.tmp
c:\windows\system32\tempo-setup2.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.

2009-06-03 21:38 . 2009-06-03 21:38 -------- d-----w- c:\program files\Trend Micro
2009-06-03 21:03 . 2009-06-03 21:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-24 23:02 . 2009-05-24 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-05-24 02:11 . 2009-05-24 02:11 -------- d-----w- c:\windows\system32\wbem\Repository
2009-05-23 23:39 . 2009-05-23 23:39 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVU Previewer
2009-05-23 23:34 . 2009-05-23 23:37 15890416 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\SetupImvu_previewer.exe
2009-05-23 23:32 . 2009-05-23 23:32 -------- d-----w- c:\program files\ImvuTools2
2009-05-23 19:20 . 2009-05-25 21:46 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVU
2009-05-23 19:20 . 2009-05-23 19:20 80967 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\Uninstall.exe
2009-05-23 19:19 . 2009-05-23 23:34 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\IMVUClient
2009-05-23 19:04 . 2009-05-23 19:04 -------- d-----w- c:\documents and settings\Candi Drop\Local Settings\Application Data\Mozilla
2009-05-07 21:59 . 2009-05-07 21:59 95584 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\IMVUupdater.exe
2009-05-07 21:59 . 2009-05-07 21:59 49920 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\IMVUClient.exe
2009-05-07 21:59 . 2009-05-07 21:59 19200 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\imvuqualityagent.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 01:32 . 2009-02-07 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-04 01:31 . 2006-10-21 16:27 -------- d-----w- c:\program files\Viewpoint
2009-06-04 01:30 . 2009-02-07 16:09 712736 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-04 01:30 . 2009-02-07 16:09 3516 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-04 01:30 . 2009-02-07 16:09 3046432 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-04 01:30 . 2009-02-07 16:09 25928 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-04 01:18 . 2006-10-21 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-01 21:47 . 2007-01-30 19:58 2842 ----a-w- c:\documents and settings\Candi Drop\Application Data\wklnhst.dat
2009-05-26 01:48 . 2009-03-07 20:12 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\gtk-2.0
2009-05-23 00:39 . 2008-02-15 23:59 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\Move Networks
2009-05-20 20:27 . 2009-02-07 16:10 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-20 20:27 . 2009-02-07 16:10 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-03 02:20 . 2009-05-02 16:59 -------- d-----w- c:\documents and settings\Candi Drop\Application Data\DivX
2009-05-02 16:58 . 2009-05-02 16:57 -------- d-----w- c:\program files\DivX
2009-05-02 16:57 . 2009-05-02 16:57 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-04-23 22:52 . 2009-04-23 22:52 38400 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\MemoryHook.dll
2009-04-23 22:52 . 2009-04-23 22:52 288768 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\cal3d.dll
2009-04-23 22:52 . 2009-04-23 22:52 185856 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\boost_python.dll
2009-04-23 22:52 . 2009-04-23 22:52 256000 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\audiere.dll
2009-04-23 22:51 . 2009-04-23 22:51 28672 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\CallStack.dll
2009-04-22 17:28 . 2009-04-22 17:28 9433600 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\xul.dll
2009-04-16 00:31 . 2009-02-13 02:56 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-16 00:31 . 2006-10-21 16:16 -------- d-----w- c:\program files\Java
2009-04-16 00:30 . 2009-04-16 00:30 152576 ----a-w- c:\documents and settings\Candi Drop\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-16 00:21 . 2006-12-21 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-04-15 20:25 . 2009-05-02 16:58 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-04-15 20:25 . 2009-05-02 16:58 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-04-15 20:25 . 2009-05-02 16:58 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-04-15 20:25 . 2009-05-02 16:58 129784 ------w- c:\windows\system32\pxafs.dll
2009-04-15 20:25 . 2009-05-02 16:58 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-04-15 20:25 . 2005-04-25 07:03 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-04-06 16:04 . 2009-04-06 16:04 271929 ----a-w- c:\documents and settings\Candi Drop\Application Data\IMVUClient\pixomatic.dll
2009-03-19 14:43 . 2009-03-19 14:43 34062 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\Uninst.exe
2009-03-18 21:55 . 2009-04-16 00:21 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe
2009-03-09 17:29 . 2009-03-09 17:29 97144 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-03-09 17:29 . 2009-03-09 17:29 1010552 ----a-w- c:\documents and settings\Candi Drop\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll
2009-03-06 14:22 . 2005-08-16 09:18 284160 ----a-w- c:\windows\system32\pdh.dll
2006-10-30 19:58 . 2006-10-26 14:10 88 -csh--r- c:\windows\system32\7CEC145601.sys
2006-10-30 19:58 . 2006-10-26 14:10 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-04_00.58.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-04 01:31 . 2009-06-04 01:31 16384 c:\windows\Temp\Perflib_Perfdata_388.dat
+ 2009-06-04 01:31 . 2009-06-04 01:31 16384 c:\windows\Temp\Perflib_Perfdata_32c.dat
- 2009-06-02 22:18 . 2009-06-02 22:18 16384 c:\windows\Temp\Perflib_Perfdata_28c.dat
+ 2009-06-04 01:31 . 2009-06-04 01:31 16384 c:\windows\Temp\Perflib_Perfdata_28c.dat
+ 2006-10-26 01:33 . 2009-06-04 01:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-10-26 01:33 . 2009-06-04 00:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-10-26 01:33 . 2009-06-04 00:36 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-10-26 01:33 . 2009-06-04 01:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-10-26 01:33 . 2009-06-04 00:36 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-10-26 01:33 . 2009-06-04 01:31 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-07 206088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-16 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-21 24576]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 7:29 PM 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 8:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 7:06 PM 24592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://imvu.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.myspace.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Candi Drop\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Candi Drop\Application Data\Mozilla\Firefox\Profiles\nh0i1hm4.default\
FF - prefs.js: browser.startup.homepage - hxxp://imvu.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 21:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2760)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\McrdSvc.exe
c:\program files\Windows Media Connect 2\wmccds.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-06-04 21:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-04 01:38
ComboFix2.txt 2009-06-04 01:04

Pre-Run: 21,894,123,520 bytes free
Post-Run: 21,910,466,560 bytes free

299 --- E O F --- 2009-06-03 23:54

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

ok i got it..... everything seems to be running great... plus the viewpoint thing was great idea... i didn't know what it was for and wasn't sure if i should remove it or not. so thanks for the heads up on that... I'm trying to get rid of some of the things i don't need. lol thankyou agian. you guys are very good at this.... i'll have to slide you guys a little something sometime.