Could you please help wit the removal of Winibluesoft?

Hello.
You ran CF normally, not using my custom script I made for you.

Re-read this post:
http://www.geekpolice.net/virus-spyware-malware-removal-f11/could-you-please-help-wit-the-removal-of-winibluesoft-t9545.htm#60070

Sorry missed that last part. Here is the new log. Thanks again.

ComboFix 09-05-20.09 - Administrator 05/19/2009 3:19.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1580 [GMT -10:00]
Running from: c:\documents and settings\Administrator\My Documents\Combo-Fix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
c:\windows\system32\74da9zeal5.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\74da9zeal5.bin
c:\windows\system32\rmoc3260.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.

2009-05-18 15:03 . 2009-05-18 15:03 -------- d-----w c:\program files\MSXML 4.0
2009-05-18 05:22 . 2009-05-18 05:22 -------- d-----w c:\program files\MSSOAP
2009-05-18 05:21 . 2009-04-06 23:32 1563008 ----a-w c:\windows\WRSetup.dll
2009-05-18 05:21 . 2009-05-18 05:21 164 ----a-w c:\windows\install.dat
2009-05-17 06:42 . 2009-05-17 06:42 -------- d-----r c:\program files\Norton Support
2009-05-17 05:40 . 2009-05-17 05:40 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-05-17 05:29 . 2009-05-17 05:29 -------- d-----w c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-05-17 05:29 . 2009-05-17 05:29 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2009-05-17 05:28 . 2009-05-17 05:28 36400 ----a-r c:\windows\system32\drivers\SymIM.sys
2009-05-17 05:28 . 2009-05-17 05:28 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-05-17 05:28 . 2009-05-17 05:28 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-17 05:28 . 2009-05-17 05:35 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-17 05:28 . 2009-05-17 05:28 -------- d-----w c:\program files\Symantec
2009-05-17 05:28 . 2009-05-17 05:28 -------- d-----w c:\windows\system32\drivers\N360
2009-05-17 05:28 . 2009-05-17 05:28 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-17 05:28 . 2009-05-17 05:28 -------- d-----w c:\program files\Norton 360
2009-05-17 05:28 . 2009-05-17 05:28 -------- d-----w c:\program files\Windows Sidebar
2009-05-17 05:28 . 2009-05-17 05:29 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-05-17 05:28 . 2009-05-17 05:28 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-17 05:28 . 2009-05-17 05:28 -------- d-----w c:\program files\NortonInstaller
2009-05-13 10:08 . 2009-05-13 10:08 1152 ----a-w c:\windows\system32\windrv.sys
2009-05-13 10:07 . 2009-05-17 05:33 -------- d-----w c:\documents and settings\Administrator\Application Data\GetRightToGo
2009-05-13 09:36 . 2009-05-13 10:40 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-13 08:14 . 2009-05-13 08:14 -------- d-----w c:\documents and settings\LocalService\Application Data\Webroot
2009-05-13 08:14 . 2009-04-03 00:30 23152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2009-05-13 08:14 . 2009-04-03 00:30 176752 ----a-w c:\windows\system32\drivers\ssidrv.sys
2009-05-13 08:14 . 2006-07-08 02:41 14848 ----a-w c:\windows\system32\drivers\sskbfd.sys
2009-05-13 08:14 . 2009-05-13 08:14 -------- d-----w c:\documents and settings\Administrator\Application Data\Webroot
2009-05-13 08:14 . 2009-05-13 08:14 -------- d-----w c:\program files\Webroot
2009-05-13 08:12 . 2009-05-18 05:25 -------- d-----w c:\documents and settings\All Users\Application Data\Webroot
2009-05-12 08:06 . 2009-05-12 08:06 -------- d-----w c:\documents and settings\Administrator\Application Data\Publish Providers
2009-05-12 08:06 . 2009-05-12 09:18 -------- d-----w c:\documents and settings\Administrator\Application Data\Sony
2009-05-12 08:05 . 2009-05-12 08:05 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Sony
2009-05-12 07:56 . 2009-05-12 07:56 -------- d-----w c:\program files\Vstplugins
2009-05-12 07:56 . 2009-05-12 07:56 -------- d-----w c:\documents and settings\All Users\Application Data\Sony
2009-05-12 07:55 . 2009-05-12 08:04 -------- d-----w c:\program files\Sony Setup
2009-05-02 23:03 . 2009-05-02 23:03 -------- d-----w C:\RUNDOWN
2009-04-30 02:32 . 2009-04-30 02:32 -------- d-----w C:\Wolverine
2009-04-30 00:57 . 2009-04-30 00:57 103872 ----a-w c:\windows\system32\drivers\AnyDVD.sys
2009-04-29 07:48 . 2009-04-29 07:56 -------- d-----w c:\program files\MediaCoder
2009-04-29 07:47 . 2009-04-29 07:47 -------- d-----w c:\documents and settings\Administrator\Application Data\Yahoo!
2009-04-29 07:47 . 2009-05-05 07:28 -------- d-----w c:\program files\Yahoo!
2009-04-29 07:34 . 2009-04-29 07:34 -------- d-----w c:\documents and settings\Administrator\Application Data\ABCMedia
2009-04-29 06:47 . 2009-04-16 23:06 3768 ----a-w c:\windows\system32\drivers\MusCVideo.sys
2009-04-29 06:47 . 2009-04-16 23:06 23096 ----a-w c:\windows\system32\drivers\MusCAudio.sys
2009-04-28 07:44 . 2009-04-28 07:44 -------- d-----w C:\RATATOUILLE
2009-04-27 06:51 . 2009-04-27 06:51 -------- d-----w C:\Hancock
2009-04-27 06:36 . 2009-04-27 06:36 -------- d-----w c:\documents and settings\Administrator\Application Data\AVS4YOU
2009-04-27 06:36 . 2009-04-27 06:36 -------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-04-27 06:36 . 2009-04-27 06:36 -------- d-----w c:\program files\Common Files\AVSMedia
2009-04-27 06:35 . 2009-01-29 06:49 974848 ----a-w c:\windows\system32\mfc70.dll
2009-04-27 06:35 . 2009-01-29 06:49 487424 ----a-w c:\windows\system32\msvcp70.dll
2009-04-27 06:35 . 2009-01-29 06:49 1700352 ----a-w c:\windows\system32\GdiPlus.dll
2009-04-27 06:35 . 2009-01-29 06:49 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-04-27 06:35 . 2009-04-27 06:36 -------- d-----w c:\program files\AVS4YOU

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 05:28 . 2009-05-17 05:28 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-05-17 05:28 . 2009-05-17 05:28 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-17 05:25 . 2009-04-08 05:38 -------- d-----w c:\program files\Safari
2009-05-13 08:25 . 2009-01-02 06:43 -------- d-----w c:\program files\CompuServe 2000
2009-05-12 08:04 . 2008-11-07 06:27 -------- d-----w c:\program files\Sony
2009-04-08 05:43 . 2009-04-08 05:43 -------- d-----w c:\program files\iTunes
2009-04-08 05:43 . 2009-04-08 05:43 -------- d-----w c:\program files\iPod
2009-04-08 05:43 . 2008-11-22 21:49 -------- d-----w c:\program files\Common Files\Apple
2009-04-08 05:42 . 2009-04-08 05:42 -------- d-----w c:\program files\QuickTime
2009-04-03 00:30 . 2009-04-03 00:30 29808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2009-04-01 21:12 . 2009-04-01 21:12 -------- d-----w c:\program files\Utherverse Digital Inc
2009-03-27 01:23 . 2009-04-08 05:41 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-27 01:23 . 2008-11-22 21:49 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-24 19:07 . 2009-03-24 19:07 -------- d-----w c:\program files\SlySoft
2009-03-24 18:43 . 2009-03-24 18:41 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-03-24 13:09 . 2008-11-07 05:38 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-24 08:33 . 2009-03-24 08:33 -------- d-----w c:\program files\DVD Shrink
2009-03-24 07:49 . 2009-03-24 07:49 -------- d-----w c:\program files\DVD Decrypter
2009-03-24 07:38 . 2009-03-24 07:38 -------- d-----w c:\program files\ABC 3GP Converter
2009-03-17 00:18 . 2009-04-01 21:16 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-03-17 00:18 . 2009-04-01 21:16 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-03-17 00:18 . 2009-04-01 21:16 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-03-17 00:18 . 2009-04-01 21:16 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-03-10 01:27 . 2009-04-01 21:16 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-03-10 01:27 . 2009-04-01 21:16 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-03-10 01:27 . 2009-04-01 21:16 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-03-06 14:22 . 2002-09-03 19:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2002-09-03 20:03 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2008-11-04 08:04 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-18_05.00.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-01 02:45 . 2008-10-01 02:45 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2009-05-18 05:22 . 2009-05-18 05:22 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2009-05-19 13:26 . 2009-05-19 13:26 16384 c:\windows\Temp\Perflib_Perfdata_5c8.dat
+ 2009-04-03 00:30 . 2009-04-03 00:30 31088 c:\windows\system32\wrLZMA.dll
+ 2009-04-03 00:29 . 2009-04-03 00:29 16240 c:\windows\system32\SsiEfr.exe
+ 2003-04-19 02:29 . 2003-04-19 02:29 82432 c:\windows\system32\msxml4r.dll
+ 2008-11-04 04:31 . 2009-05-18 05:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-04 04:31 . 2008-11-18 07:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-04 04:31 . 2008-11-18 07:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-04 04:31 . 2009-05-18 05:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-04 04:31 . 2009-05-18 05:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-04 04:31 . 2008-11-18 07:34 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-02 23:34 . 2009-04-28 07:27 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-12-02 23:34 . 2009-05-18 15:05 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-12-02 23:34 . 2009-05-18 15:05 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-12-02 23:34 . 2009-04-28 07:27 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-12-02 23:34 . 2009-05-18 15:05 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-12-02 23:34 . 2009-04-28 07:27 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-12-02 23:34 . 2009-05-18 15:05 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-12-02 23:34 . 2009-04-28 07:27 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-05-18 15:03 . 2009-05-18 15:03 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2009-05-18 05:22 . 2009-05-18 05:22 10134 c:\windows\Installer\{3F5B6210-0903-4DC6-8034-8F488AA3A782}\ARPPRODUCTICON.exe
+ 2009-05-18 05:23 . 2009-05-18 05:23 10134 c:\windows\Installer\{32343DB6-9A52-40C9-87E4-5E7C79791C87}\ARPPRODUCTICON.exe
+ 2007-03-23 05:05 . 2007-03-23 05:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
- 2008-12-02 23:34 . 2009-04-28 07:27 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-12-02 23:34 . 2009-05-18 15:05 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-04 07:33 . 2009-05-19 13:24 227319 c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-05-18 05:23 . 2009-04-06 23:26 511328 c:\windows\system32\capicom.dll
+ 2008-12-02 23:34 . 2009-05-18 15:05 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-12-02 23:34 . 2009-04-28 07:27 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-12-02 23:34 . 2009-04-28 07:27 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-12-02 23:34 . 2009-05-18 15:05 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-12-02 23:34 . 2009-05-18 15:05 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-12-02 23:34 . 2009-04-28 07:27 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-12-02 23:34 . 2009-04-28 07:27 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-12-02 23:34 . 2009-05-18 15:05 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-12-02 23:34 . 2009-04-28 07:27 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-12-02 23:34 . 2009-05-18 15:05 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-10-01 02:42 . 2008-10-01 02:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2009-05-18 05:22 . 2009-05-18 05:22 1233920 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2008-10-01 02:43 . 2008-10-01 02:43 1286152 c:\windows\system32\msxml4.dll
+ 2008-11-11 01:46 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
.

Part 2

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-02 61440]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2009-01-02 26112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-03 342312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-27 177472]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CompuServe 2000 Tray Icon.lnk - c:\program files\CompuServe 2000\cstray.exe [2009-1-1 36935]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\LaunchPad.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\EverQuest2.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/2/2009 14:30 29808]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SymEFA.sys [5/16/2009 19:28 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [5/16/2009 19:28 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\cchpx86.sys [5/16/2009 19:28 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSXpx86.sys [5/18/2009 04:06 276344]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [5/16/2009 19:28 115560]
R2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [1/1/2009 20:44 64512]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [5/17/2009 19:23 1181040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/16/2009 19:45 101936]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [4/28/2009 20:47 23096]
S3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [4/28/2009 20:47 3768]
.
Contents of the 'Scheduled Tasks' folder

2009-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 22:34]

2009-05-19 c:\windows\Tasks\RegCure Program Check.job
- d:\program files\RegCure\RegCure.exe [2007-06-25 18:08]

2009-05-12 c:\windows\Tasks\RegCure.job
- d:\program files\RegCure\RegCure.exe [2007-06-25 18:08]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 03:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1592)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3916)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Linksys Wireless-G Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G Wireless Network Monitor\WMP54GS.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-19 3:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-19 13:31
ComboFix2.txt 2009-05-18 14:32
ComboFix3.txt 2009-05-18 05:04

Pre-Run: 65,769,054,208 bytes free
Post-Run: 65,756,807,168 bytes free

253 --- E O F --- 2009-05-18 15:05

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Combo fix was uninstalled. My Nortons 360 still detects something (trojan) but is unable to fix it. But the winibluesoft seems to be gone. Thanks a bunch for your patience and expertise. I am definitely making a donation =)

Hello.
Where did Norton find it?