Win Blue Soft got my computer too! D: please help

oops, looks like I was on my account when I did that. My account isn't affected by Win Blue Soft, it's only the other one. I'll be right back with the log from the infected account!

I ran malwarebytes on the infected account but it didn't make any difference. -.-

Malwarebytes' Anti-Malware 1.37
Database version: 2226
Windows 6.0.6001 Service Pack 1

6/10/2009 7:29:17 PM
mbam-log-2009-06-10 (19-29-17).txt

Scan type: Quick Scan
Objects scanned: 91114
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

win soft blue is still there....

Hello.

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV. (Symantec)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

erm, the first log accidently got deleted but I ran combofix again so here's the second one:
oh and it doesn't look like the virus is there anymore!! no more annoying "you've got a viruss!!" popups! : ) I've got a question though, our Norton is going to expire in 2 days and I don't have anything else installed the computer to protect it. do you have any recommendations for some good antivirus programs..?

ComboFix 09-06-11.06 - Nadine 06/13/2009 14:08.3 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.2.1033.18.2942.1895 [GMT -7:00]
Running from: c:\users\Nadine\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *disabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 21:09 . 2009-06-13 21:09 -------- d-----w- c:\users\sarah\AppData\Local\temp
2009-06-13 21:00 . 2009-06-13 21:10 -------- d-----w- c:\users\Nadine\AppData\Local\temp
2009-06-11 02:53 . 2009-06-11 02:53 -------- d-----w- c:\users\Nadine\AppData\Roaming\SYSTEMAX Software Development
2009-06-10 03:38 . 2008-10-06 17:53 15656 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2009-06-08 00:58 . 2009-06-08 00:58 -------- d-----w- c:\program files\Trend Micro
2009-06-07 22:04 . 2009-04-15 20:16 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.004\NAVENG.SYS
2009-06-07 22:04 . 2009-04-15 20:16 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.004\NAVEX15.SYS
2009-06-07 22:04 . 2009-04-15 20:16 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.004\EECTRL.SYS
2009-06-07 22:04 . 2009-04-15 20:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.004\ECMSVR32.DLL
2009-06-07 22:04 . 2009-04-15 20:16 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.004\CCERASER.DLL
2009-06-07 22:04 . 2009-04-15 20:16 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.004\NAVENG32.DLL
2009-06-07 22:04 . 2009-04-15 20:16 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.004\NAVEX32A.DLL
2009-06-07 22:04 . 2009-04-15 20:16 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090607.004\ERASER.SYS
2009-06-05 04:40 . 2009-04-15 20:16 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\NAVEX15.SYS
2009-06-05 04:40 . 2009-04-15 20:16 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\NAVEX32A.DLL
2009-06-05 04:40 . 2009-04-15 20:16 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\NAVENG.SYS
2009-06-05 04:40 . 2009-04-15 20:16 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\EECTRL.SYS
2009-06-05 04:40 . 2009-04-15 20:16 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\ECMSVR32.DLL
2009-06-05 04:40 . 2009-04-15 20:16 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\CCERASER.DLL
2009-06-05 04:40 . 2009-04-15 20:16 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\NAVENG32.DLL
2009-06-05 04:40 . 2009-04-15 20:16 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090604.021\ERASER.SYS
2009-06-04 03:20 . 2009-06-08 01:44 -------- d-----w- c:\users\Nadine\AppData\Local\Microsoft Games
2009-06-04 03:16 . 2009-06-04 03:16 -------- d-----w- c:\users\Nadine\AppData\Roaming\Malwarebytes
2009-06-04 02:26 . 2009-06-04 02:26 -------- d-----w- c:\users\sarah\AppData\Roaming\Malwarebytes
2009-06-04 02:26 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 02:26 . 2009-06-04 02:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 02:26 . 2009-06-04 02:26 -------- d-----w- c:\programdata\Malwarebytes
2009-06-04 02:26 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-30 04:28 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\Scxpx86.dll
2009-05-30 04:28 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSvix86.sys
2009-05-30 04:28 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\SymIDSCo.sys
2009-05-30 04:28 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSxpx86.dll
2009-05-30 04:28 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\SymIDSI.dll
2009-05-30 04:28 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDSviA64.sys
2009-05-30 04:28 . 2007-08-07 15:25 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090528.001\IDS9xx86.dll
2009-05-25 00:27 . 2009-06-13 21:05 -------- d-----w- c:\users\sarah\.rainlendar2
2009-05-25 00:27 . 2009-05-25 00:27 -------- d-----w- c:\program files\Rainlendar2
2009-05-24 23:59 . 2009-05-25 02:08 -------- d-----w- c:\users\sarah\AppData\Roaming\Winamp
2009-05-24 23:59 . 2009-05-25 00:01 -------- d-----w- c:\program files\Winamp
2009-05-24 22:12 . 2009-05-24 22:13 -------- d-----w- c:\users\sarah\AppData\Roaming\muvee Technologies
2009-05-22 04:43 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090519.005\Scxpx86.dll
2009-05-22 04:43 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090519.005\IDSvix86.sys
2009-05-22 04:43 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090519.005\SymIDSCo.sys
2009-05-22 04:43 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090519.005\IDSxpx86.dll
2009-05-22 04:43 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090519.005\SymIDSI.dll
2009-05-22 04:43 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090519.005\IDSviA64.sys
2009-05-22 04:43 . 2007-08-07 15:25 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20090519.005\IDS9xx86.dll
2009-05-18 23:12 . 2009-05-18 23:12 239865 ----a-w- c:\users\sarah\gunslingngeisha-sakuraimgpack.zip
2009-05-18 21:50 . 2009-05-18 21:50 -------- d-----w- c:\users\sarah\AppData\Roaming\SYSTEMAX Software Development
2009-05-18 21:50 . 2009-05-18 21:50 -------- d-----w- c:\programdata\SYSTEMAX Software Development

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 21:06 . 2008-06-18 15:29 -------- d-----w- c:\users\Nadine\AppData\Roaming\WTablet
2009-06-13 21:05 . 2008-06-18 00:37 -------- d-----w- c:\users\sarah\AppData\Roaming\WTablet
2009-06-13 17:04 . 2008-09-12 02:00 -------- d-----w- c:\programdata\Google Updater
2009-06-13 02:37 . 2008-04-08 01:56 316 ----a-w- c:\users\sarah\AppData\Roaming\wklnhst.dat
2009-06-10 03:43 . 2008-06-18 00:33 -------- d-----w- c:\program files\Tablet
2009-06-10 00:26 . 2009-05-09 00:15 -------- d-----w- c:\programdata\Viewpoint
2009-06-10 00:26 . 2007-12-06 18:33 -------- d-----w- c:\program files\Java
2009-06-04 14:28 . 2008-06-17 21:22 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-04 14:27 . 2008-10-02 02:34 -------- d-----w- c:\programdata\HP Product Assistant
2009-06-04 14:27 . 2007-12-06 18:34 -------- d-----w- c:\program files\Microsoft Works
2009-06-04 14:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-04 05:31 . 2008-08-22 04:32 -------- d-----w- c:\programdata\Microsoft Help
2009-06-04 00:01 . 2008-04-20 19:46 71872 ----a-w- c:\users\Nadine\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-25 03:29 . 2007-12-06 18:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-25 03:29 . 2008-06-14 02:30 -------- d-----w- c:\program files\Conduit
2009-05-24 22:41 . 2008-04-06 01:57 71872 ----a-w- c:\users\sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-24 22:15 . 2009-04-19 04:36 -------- d-----w- c:\program files\ConsoleClassix.com
2009-05-24 22:08 . 2008-06-17 20:58 -------- d-----w- c:\program files\Veoh Networks
2009-05-24 22:07 . 2009-04-19 17:15 -------- d-----w- c:\program files\StepMania
2009-05-24 22:05 . 2008-04-06 18:33 -------- d-----w- c:\program files\LimeWire
2009-05-09 20:19 . 2008-04-06 18:34 -------- d-----w- c:\users\sarah\AppData\Roaming\LimeWire
2009-05-09 00:17 . 2009-05-09 00:15 -------- d-----w- c:\programdata\AOL OCP
2009-05-09 00:16 . 2009-05-09 00:16 -------- d-----w- c:\users\sarah\AppData\Roaming\acccore
2009-05-09 00:16 . 2009-05-09 00:14 -------- d-----w- c:\program files\AIM6
2009-05-09 00:15 . 2009-05-09 00:15 -------- d-----w- c:\programdata\acccore
2009-05-09 00:15 . 2009-05-09 00:15 -------- d-----w- c:\programdata\AOL
2009-05-09 00:14 . 2009-05-09 00:14 -------- d-----w- c:\program files\Common Files\AOL
2009-04-25 03:06 . 2007-12-06 18:43 -------- d-----w- c:\programdata\Symantec
2009-04-15 20:16 . 2009-05-06 18:33 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG.SYS
2009-04-15 20:16 . 2009-05-06 18:33 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX15.SYS
2009-04-15 20:16 . 2009-05-06 18:33 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\EECTRL.SYS
2009-04-15 20:16 . 2009-05-06 18:33 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ECMSVR32.DLL
2009-04-15 20:16 . 2009-05-06 18:33 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\CCERASER.DLL
2009-04-15 20:16 . 2009-05-06 18:33 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG32.DLL
2009-04-15 20:16 . 2009-05-06 18:33 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX32A.DLL
2009-04-15 20:16 . 2009-05-06 18:33 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.SYS
2009-04-11 23:06 . 2009-04-11 23:06 483 ----a-w- c:\windows\eReg.dat
2009-04-11 15:47 . 2009-03-06 03:47 227 ----a-w- c:\windows\PowerReg.dat
2009-04-07 03:02 . 2009-04-07 03:02 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-06 02:23 . 2008-12-07 21:04 340953 ----a-w- c:\users\sarah\wmv-1-2676.zip
2009-03-19 23:32 . 2009-04-07 03:06 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 23:32 . 2009-03-19 23:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-06-04 04:40 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-06-04 04:40 24064 ----a-w- c:\windows\system32\amxread.dll
1999-07-07 00:00 . 1999-07-07 00:00 6 --sh--r- c:\windows\@@desktop.dat
2007-12-06 17:46 . 2007-12-06 17:41 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-04 1783136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-12 39408]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2008-06-10 54672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-07 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-07 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-25 4702208]

c:\users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{56003BC7-3DDA-47BB-B4E8-BDB7963A64D2}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{122AE162-43DB-4075-B2AD-894D3821DBFC}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{14C0E179-EA93-4B3D-A4DB-E844DADCC7DF}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{791F28B9-F3AC-44EE-9FDE-99ADC02706C3}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4257C6E7-9FD7-43F1-9217-65802D6D8D64}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{AB4E53F4-AC2A-42ED-8D9E-03A388668925}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0C5FB2D3-D9A2-48BF-868F-D69CAB56D03B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A8D86C0E-5E12-489E-9B9E-E5B5E595053A}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{C9CCB2B8-7648-4AB2-8789-84ACC0A9928B}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0EC50BD2-15B9-4D96-899F-992FD3497E8C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{80BDB808-255C-44BD-B811-5F6C72C40EDC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4CAD35FB-BD64-4A6B-9E18-E22A87FFE0E7}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{370C2A54-6338-4F51-B609-0D936ACAB107}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{243A282A-6BFB-4BCE-8919-4D1AB15ECF8A}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{42AB4590-E7EA-408E-8363-DC812B18587F}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{10A35FB6-71B5-4264-98F6-62F5FCA35FB1}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{CF6F2F68-3E0C-4C06-9DD4-B07C4784DA30}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{775775BB-E3C2-482D-8E86-D511BE18BE83}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{67F55EDC-8A44-403B-97DC-204BAC99664E}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{3AAF511B-B8B9-4180-B051-376DA20ECE1C}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{FC47DD7A-57BA-4F43-9773-8800A6BDDE2E}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{84A118A6-0337-481A-BA1D-2D0DD020867A}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{EA5DE8E4-78B5-4015-8911-F9FCC40E8F7B}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{4F689862-5462-4214-86B6-5B8937A8EF8B}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{19B40683-3E25-49CB-A8AF-FB260DCD129D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{C69111F1-2553-4FCE-8892-020ECA71DA16}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{B599BE38-6D5C-481B-BE80-9B63C66F5743}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{53F04B4F-1C7B-44E1-9342-83028B157B50}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{D4280AC8-DACC-460D-ABCF-19C9DEDEF522}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{9472FB11-A968-4B65-B32C-A6ED41CF8C2D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{6F7DAF62-CE7D-460D-91FC-64808E205E5E}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{1C1010DA-7448-40FC-9EC1-6CB4FA9624BC}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{40F8B060-1AE4-4374-922D-4992866B358D}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{A21903C4-9BF9-442B-A421-FF405DCB1FF8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{26ED806F-26F4-4B2A-8C6D-7BE9101E0DB7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{E51D7623-94AA-40D7-BD33-EDDD7D00262D}"= Disabled:UDP:c:\users\Nadine\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{4C334C8C-1A6A-4863-8DB0-2E7EBF67BA9C}"= Disabled:TCP:c:\users\Nadine\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{0C9D982F-5F46-4109-BB54-E05BB9F50CF4}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1F94F44D-C83B-46D5-98E2-1499684FC9C1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{D2631415-6757-493D-9532-EC0F80864A7B}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D838310E-E13A-44EF-9108-F924A2743760}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{19885278-23AF-4321-9048-D13AA7D6A2DA}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{26969480-85E8-48B1-954D-37A30C39C58E}"= TCP:c:\program files\AIM6\aim6.exe:AIM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090528.001\IDSvix86.sys [5/29/2009 9:28 PM 272432]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [11/17/2008 6:27 PM 149352]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [6/17/2008 5:34 PM 2749736]
R3 dfmirage;dfmirage;c:\windows\System32\drivers\dfmirage.sys [3/26/2008 12:31 PM 34128]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/6/2009 8:01 PM 101936]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 12:31 PM 41008]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\System32\drivers\wacmoumonitor.sys [6/9/2009 8:38 PM 15656]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [5/28/2007 11:55 PM 23888]
S3 XDva143;XDva143;c:\windows\System32\XDva143.sys [7/26/2008 10:49 PM 39808]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-12 00:01]

2009-05-19 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - sarah.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 11:19]

2009-06-13 c:\windows\Tasks\User_Feed_Synchronization-{47FF7EE2-3727-421C-8C35-F0DEBED05E88}.job
- c:\windows\system32\msfeedssync.exe [2008-07-28 07:33]

2009-06-13 c:\windows\Tasks\User_Feed_Synchronization-{CCD2C4F0-7327-43D0-B964-7D30389D04EF}.job
- c:\windows\system32\msfeedssync.exe [2008-07-28 07:33]

2009-06-13 c:\windows\Tasks\User_Feed_Synchronization-{EEFD4860-6165-43EC-94CC-6C4C34FFBFD4}.job
- c:\windows\system32\msfeedssync.exe [2008-07-28 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-13 14:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5028)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2009-06-13 14:11
ComboFix-quarantined-files.txt 2009-06-13 21:10

Pre-Run: 364,437,622,784 bytes free
Post-Run: 365,115,961,344 bytes free

268 --- E O F --- 2009-06-08 18:52

Hello.
Still having winblue problems?

Everything looks good. I would recommend using Avira free:

http://www.free-av.com/