I hate Winbluesoft! Please help!

Yet another Winbluesoft victim here...

I've downloaded HijackThis but I can't get it to run. I've tried in both normal and safe mode and it will not open in either.

Any help would be very much appreciated.

Ewok

I was able to run combofix...

Here's the log:

ComboFix 09-06-08.03 - Adrienne 06/09/2009 8:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1644 [GMT -4:00]
Running from: c:\documents and settings\Adrienne\Desktop\Combo-Fix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10003not9a5zirus6c2.bin
c:\windows\104db9ckdoz549.exe
c:\windows\10512sp5m9otzbc.cpl
c:\windows\113z05ot-a-virus93f.exe
c:\windows\11594s9y5z5.exe
c:\windows\1209595rmzf9.bin
c:\windows\12396hacktoo54c5z.dll
c:\windows\125zspa9se2071.dll
c:\windows\13319s5amzot6a.cpl
c:\windows\13499hackzo5l11f.exe
c:\windows\135z8tro9356.cpl
c:\windows\14169w95z3d1.bin
c:\windows\14412ha5ktzol5a59.exe
c:\windows\14554hacktzo9125.ocx
c:\windows\148225pambot9zf.ocx
c:\windows\14a1sp9waze350.ocx
c:\windows\14zethrea589119.ocx
c:\windows\1511s5ywarez940.ocx
c:\windows\15279trzj510.cpl
c:\windows\1529addware913z.ocx
c:\windows\152z39py610.ocx
c:\windows\152zvir979.dll
c:\windows\15471hackto592z9.ocx
c:\windows\15542zot-a9virus4e4.exe
c:\windows\15590hackt9oz5c5.exe
c:\windows\15599s5ambot2ez.bin
c:\windows\15695s5zmbot14e.bin
c:\windows\1584zspy9d9.exe
c:\windows\1596ztr9j550.exe
c:\windows\159fstza92415.cpl
c:\windows\15a4doznl9ader2472.dll
c:\windows\15cbzhreat94347.exe
c:\windows\160spamb5z697.exe
c:\windows\16507not-a-vi9us2dz.dll
c:\windows\165zsp9r5e247.dll
c:\windows\169955rojz3b.ocx
c:\windows\16ezthi9f835.cpl
c:\windows\16z89troj695.exe
c:\windows\1707do9zload5r1272.dll
c:\windows\17750vir5955z.dll
c:\windows\17z75hacktool3e49.exe
c:\windows\18053notz5-virus629.bin
c:\windows\185e9teaz1560.ocx
c:\windows\18602no9-a-vir5s3f6z.ocx
c:\windows\18614w59m9z.exe
c:\windows\18892vir5s4zf.cpl
c:\windows\19059spambotz90.cpl
c:\windows\1907t5reat1z219.ocx
c:\windows\19081vi5zs3e5.cpl
c:\windows\1925zackdoor9935.ocx
c:\windows\1931t9iez5689.cpl
c:\windows\19329spamzot355.bin
c:\windows\19545spy1z05.bin
c:\windows\1963ztr59196.exe
c:\windows\19674vi9u5dz.ocx
c:\windows\196zstea92858.bin
c:\windows\19759zirus305.exe
c:\windows\19854s9z36d.exe
c:\windows\19972tro51z5.cpl
c:\windows\19b7downl9adez5139.bin
c:\windows\19z9spyware115.bin
c:\windows\19zdthre9t16850.ocx
c:\windows\19zespar9e6965.ocx
c:\windows\1a8bs9y5are286z.cpl
c:\windows\1ae3downloz5er9067.ocx
c:\windows\1b48thief5z89.ocx
c:\windows\1bb59tezl355.dll
c:\windows\1bc9vir57z7.cpl
c:\windows\1c8zspyw5re9689.bin
c:\windows\1czbvir4559.dll
c:\windows\1d49sparsez1815.cpl
c:\windows\1d4fad9wa5e217z.bin
c:\windows\1f5zteal9345.bin
c:\windows\1z090tro541f.ocx
c:\windows\1z799virus17b5.bin
c:\windows\1zf5ste953145.dll
c:\windows\2094not-a-virzs2475.bin
c:\windows\20967zpambo51239.exe
c:\windows\20998hacktool4zd5.cpl
c:\windows\2158s9eal1854z.cpl
c:\windows\21665spyz9a.exe
c:\windows\22251s9azbot2d5.dll
c:\windows\2231zt95j2b2.cpl
c:\windows\22487viru5za9.ocx
c:\windows\2270z5py3d09.bin
c:\windows\22859zot-5-virus5f7.dll
c:\windows\2355s9ambotez.ocx
c:\windows\246z0sp529f.dll
c:\windows\2491threaz18055.bin
c:\windows\24952hacktzol155.dll
c:\windows\24e6ste5l2957z.ocx
c:\windows\2501zspambo95f0.bin
c:\windows\250estea92795z.exe
c:\windows\25190wzrm56f9.ocx
c:\windows\25249hacktool2z7.bin
c:\windows\25279s9amb5t71z.cpl
c:\windows\25adszarse9030.exe
c:\windows\26158hac59ozl339.cpl
c:\windows\26573troz329.exe
c:\windows\26bb9hiez935.cpl
c:\windows\26fd9teal5929z.exe
c:\windows\274dt5zea96138.bin
c:\windows\27652vz9us3e4.bin
c:\windows\27756noz9a-virus400.cpl
c:\windows\27910vi9uz51.cpl
c:\windows\28520not-z-vir9s2e5.dll
c:\windows\28695trojz98.ocx
c:\windows\28743h9cktoo579dz.cpl
c:\windows\28975ozm431.exe
c:\windows\29065wzr5462.exe
c:\windows\29139w9r5zbb.ocx
c:\windows\29154hzc9tool6875.bin
c:\windows\291s9eal3500z.bin
c:\windows\29206trojz53.bin
c:\windows\29419otza-vi5us3d5.exe
c:\windows\29435viruz32c.dll
c:\windows\29453t5oj69z.exe
c:\windows\29530w9rm7za5.bin
c:\windows\29575spy3zd.ocx
c:\windows\2958vir198z.cpl
c:\windows\29651hacktool64z.cpl
c:\windows\296tro5z83.dll
c:\windows\29715haczt5ol629.dll
c:\windows\298999pambot7z25.cpl
c:\windows\2999spyz9r5770.bin
c:\windows\2999thi5f241z.ocx
c:\windows\29c6sparsz5476.exe
c:\windows\29z75ddware306.cpl
c:\windows\2a3zspyw5re9018.cpl
c:\windows\2ab85owzloader2379.exe
c:\windows\2af9addwaze1532.dll
c:\windows\2azcth9eat29555.cpl
c:\windows\2bb4sp9rse2854z.bin
c:\windows\2bd5downloazer15649.cpl
c:\windows\2c5cszyware239.cpl
c:\windows\2d8ethreat19z165.ocx
c:\windows\2z1949pambot7d15.bin
c:\windows\2z2fthi9f1945.bin
c:\windows\2z852wo9m3885.cpl
c:\windows\2z9869p56e8.bin
c:\windows\2zeest59l504.exe
c:\windows\308z95acktool340.dll
c:\windows\30907troz455.dll
c:\windows\31ezad9ware1445.ocx
c:\windows\3209s59mbot4fz.ocx
c:\windows\325249iru5bz.ocx
c:\windows\3259noz5a-virus7069.ocx
c:\windows\32z55worm5e79.cpl
c:\windows\3454st9al88z.exe
c:\windows\351ct95ef1623z.ocx
c:\windows\35z7th9ef1711.bin
c:\windows\369dvir15z5.ocx
c:\windows\3745downzoader3019.dll
c:\windows\3790w5z945e.dll
c:\windows\37zthi5f9768.dll
c:\windows\3855dowzloader1976.ocx
c:\windows\3863zi99695.bin
c:\windows\386ad95arz2505.bin
c:\windows\38759ddwaze3179.cpl
c:\windows\387f5hr9at6z88.exe
c:\windows\388bs5ywzre10249.bin
c:\windows\3969t9zj45f.cpl
c:\windows\3a39t5izf895.dll
c:\windows\3aceba9kdo5z2983.ocx
c:\windows\3b81v95z507.bin
c:\windows\3d50zownloader1290.ocx
c:\windows\3d95vir183z.ocx
c:\windows\3d9fdozn5oad9r594.exe
c:\windows\3ec0baczdoor2951.dll
c:\windows\3f92viz509.bin
c:\windows\3z01downlo5de9777.bin
c:\windows\3z027vir9s225.dll
c:\windows\3z28downl5ade92381.bin
c:\windows\3z756not-9-virus35b.exe
c:\windows\40289pywzre2145.ocx
c:\windows\40465ackzool5639.exe
c:\windows\4055hac5tzo9607.cpl
c:\windows\40a5s9zware1025.bin
c:\windows\4101do9nloz5er3018.dll
c:\windows\4104tzief25959.dll
c:\windows\4233vz9us7c5.ocx
c:\windows\423espy5aze17979.cpl
c:\windows\42easzy9are20955.ocx
c:\windows\43845hzeat90740.exe
c:\windows\460zs5yware1069.exe
c:\windows\4653vizus911.bin
c:\windows\465zs9arse919.dll
c:\windows\46z3worm9d65.exe
c:\windows\4896backdoor22z5.exe
c:\windows\48acdownl5ader19z4.bin
c:\windows\4921downl9zd5r345.ocx
c:\windows\49ezsteal5405.bin
c:\windows\49zbthreat105255.exe
c:\windows\4a5d9ownlzader288.dll
c:\windows\4c7downloa5er9z43.dll
c:\windows\4ec79pyzare1554.dll
c:\windows\4f2z9hre5t9614.dll
c:\windows\4f4e5pzrs9337.ocx
c:\windows\4z359parse9125.exe
c:\windows\5007z9py615.dll
c:\windows\5060zspy7a9.cpl
c:\windows\50zevir24569.ocx
c:\windows\51196troz38a.dll
c:\windows\519z5dd9are1369.ocx
c:\windows\519zspye5.bin
c:\windows\5205spyw5ze149.bin
c:\windows\5238down9oaderz269.dll
c:\windows\52508sp9mboz10d.bin
c:\windows\5250ba9kdoor26z0.ocx
c:\windows\5256s95ware3z71.ocx
c:\windows\5275h9cktool5zc.ocx
c:\windows\52easpar952280z.bin
c:\windows\533bszyware1957.cpl
c:\windows\535379pz66b.exe
c:\windows\53f2zpa9se1159.cpl
c:\windows\53fczir591.exe
c:\windows\541edownlozder3951.dll
c:\windows\54365zru9640.dll
c:\windows\5454n9t-a-vzrus161.dll
c:\windows\54599trzj160.exe
c:\windows\546429zcktool511.cpl
c:\windows\54779spy38z.bin
c:\windows\5545spy529z.dll
c:\windows\55595spy2z8.bin
c:\windows\555abackdoor99z.ocx
c:\windows\5588azdware57229.bin
c:\windows\558cth5zat93291.dll
c:\windows\5638troz95.ocx
c:\windows\5678haz9tool695.cpl
c:\windows\5692spz5se2795.ocx
c:\windows\56979spy5a1z.bin
c:\windows\56b9threzt19559.ocx
c:\windows\57482tzo967e.dll
c:\windows\5774h5cktoz96a3.cpl
c:\windows\580adow9l5adez3086.exe
c:\windows\582959pz45d.exe
c:\windows\58z19ir2275.cpl
c:\windows\58z9spambo589.exe
c:\windows\591vir951z.dll
c:\windows\592dd9wzlo5der1117.cpl
c:\windows\59549zorm444.ocx
c:\windows\5989sparsz1413.bin
c:\windows\599bvz51821.bin
c:\windows\59b5zparse2579.bin
c:\windows\59d1zt9al3154.bin
c:\windows\59f1addzare5099.bin
c:\windows\59zpa5se11939.exe
c:\windows\5a8czparse977.bin
c:\windows\5a98do9nlzader2647.exe
c:\windows\5c8aspywarez649.bin
c:\windows\5d11do5nloader39z4.exe
c:\windows\5d4fthi592314z.bin
c:\windows\5d55szea9947.dll
c:\windows\5e09vzr1122.cpl
c:\windows\5efes9zal2413.dll
c:\windows\5f6d5zyw9re1670.dll
c:\windows\5f6stza95206.exe
c:\windows\5faz9h5ef1976.cpl
c:\windows\5z78t59ef2755.cpl
c:\windows\5z9fspyware56799.exe
c:\windows\6171b5czdoor1933.dll
c:\windows\6188h9cktool500z.exe
c:\windows\62649hief1z65.ocx
c:\windows\6452zhief22249.bin
c:\windows\6457a9dwaze3072.dll
c:\windows\64b3thre5t3z973.exe
c:\windows\64zathreat95935.bin
c:\windows\6585dowzload9r1525.cpl
c:\windows\6599vizus7529.ocx
c:\windows\65f9s5arse11z2.cpl
c:\windows\65z6thief9575.exe
c:\windows\66c9azd5are11949.cpl
c:\windows\692zwor526e.cpl
c:\windows\69575ddwaze943.cpl
c:\windows\695bt5reat9715z.cpl
c:\windows\6969a5dwaze29449.ocx
c:\windows\697dvir395z.bin
c:\windows\6z56threat15992.cpl
c:\windows\7003ha9kzoolf95.exe
c:\windows\7104zac5do9r127.bin
c:\windows\71e5dz9nloader873.cpl
c:\windows\7200s5eaz9128.exe
c:\windows\7216t5ze9506.cpl
c:\windows\725tzief79.dll
c:\windows\7276steal9z315.cpl
c:\windows\744zthie51794.ocx
c:\windows\7564backd9or1z59.bin
c:\windows\7589tzoj4595.cpl
c:\windows\75bath9ez784.cpl
c:\windows\75bez5r899.cpl
c:\windows\7634s5z9se741.cpl
c:\windows\7839trz56f1.cpl
c:\windows\7855s9am5ot7ze.cpl
c:\windows\7859zteal1964.bin
c:\windows\7891zpyw9re3580.exe
c:\windows\78f3zi5599.bin
c:\windows\7995vir2z90.dll
c:\windows\79azste9l5040.ocx
c:\windows\79f0szeal39995.dll
c:\windows\7c29back5ooz539.cpl
c:\windows\7cd6spy9aze2759.dll
c:\windows\7e69sp5zare2009.cpl
c:\windows\7e72a95zare1816.exe
c:\windows\7e7d9ackdoo5205z.exe
c:\windows\7z6bthief9559.dll
c:\windows\85315pambztcc9.cpl

c:\windows\85z8vir9s46e.exe
c:\windows\85z9irus2e.exe
c:\windows\8609spambzt65b.ocx
c:\windows\8850spambo5z369.bin
c:\windows\88575rzj2fa9.exe
c:\windows\90095pamzot787.bin
c:\windows\90495roj4zc.ocx
c:\windows\90bad5w9re289z.dll
c:\windows\90e9zyware5214.exe
c:\windows\9117hzckt9o57a.ocx
c:\windows\912ebazkd5or1469.bin
c:\windows\9187z5irus710.ocx
c:\windows\919zn5t-a-virus7ec.cpl
c:\windows\92375pamboz4c7.cpl
c:\windows\92722tz5j72e.ocx
c:\windows\9298zorm295.exe
c:\windows\93336wo5mza7.ocx
c:\windows\93630hacztool695.ocx
c:\windows\93aadzwa9e26755.exe
c:\windows\93d55pywarz2645.cpl
c:\windows\93f3vi5z49.exe
c:\windows\93z9hackt5ol4fc.dll
c:\windows\9468vzrus554.cpl
c:\windows\95043spamboz7a9.ocx
c:\windows\9516not-a-v5zus86.exe
c:\windows\95530zacktool413.cpl
c:\windows\95z65sp52b5.dll
c:\windows\9709hac5tzol7ab.cpl
c:\windows\9715vir5sz92.bin
c:\windows\97586virzs155.ocx
c:\windows\9759virusz9.bin
c:\windows\978sparse1685z.dll
c:\windows\982z5ack9ool3e5.cpl
c:\windows\9953vir1z44.exe
c:\windows\99z1v5rus905.exe
c:\windows\9a56spazse125.ocx
c:\windows\9c97b5ckdozr1070.ocx
c:\windows\9cezs5eal1463.cpl
c:\windows\9d40v5z943.cpl
c:\windows\9dzbsteal14745.exe
c:\windows\9eefs5ywzre196.cpl
c:\windows\9f3dbackdz5r672.ocx
c:\windows\9fd3zp5ware1414.ocx
c:\windows\b9eszarse1957.bin
c:\windows\c1zs9arse2245.ocx
c:\windows\c8b5ckzoo9354.dll
c:\windows\d19zt5al2820.cpl
c:\windows\d4d5ownzoa9er3243.cpl
c:\windows\defthreat2z519.cpl
c:\windows\dz7spar5e2929.bin
c:\windows\f0zad9war52559.ocx
c:\windows\IE4 Error Log.txt
c:\windows\system32\1014th5ef99z0.ocx
c:\windows\system32\10549spambot4z1.exe
c:\windows\system32\10950v5rzs799.cpl
c:\windows\system32\10bespywar52952z.bin
c:\windows\system32\11419hac9zool1c5.ocx
c:\windows\system32\1190d9wnl5ader2391z.bin
c:\windows\system32\11z69spambot9935.dll
c:\windows\system32\12699worm5az5.dll
c:\windows\system32\133879a5ktool6z5.cpl
c:\windows\system32\13589zroj692.ocx
c:\windows\system32\13658wor5z9.bin
c:\windows\system32\13955troj5z8.ocx
c:\windows\system32\140z5vir9s24.exe
c:\windows\system32\14685spy595z.ocx
c:\windows\system32\14794not-a-vi5uz44b.dll
c:\windows\system32\14932not-95zirusb7.ocx
c:\windows\system32\14999s5yz0f.cpl
c:\windows\system32\149z5virus653.exe
c:\windows\system32\14b2szyware15985.ocx
c:\windows\system32\14caaddwar529z4.exe
c:\windows\system32\15024hackz9ol99.exe
c:\windows\system32\15354sp5mb9t5z5.cpl
c:\windows\system32\153zt5oj3d9.ocx
c:\windows\system32\1557downloader197z.dll
c:\windows\system32\155z9troj405.ocx
c:\windows\system32\15795not-a-5irzs227.ocx
c:\windows\system32\1579s59zse2446.dll
c:\windows\system32\158545ot-a-vzrus269.dll
c:\windows\system32\159f5ackdoorz32.ocx
c:\windows\system32\15fabz9kdoo5829.ocx
c:\windows\system32\1607nzt-a-v9ru5748.exe
c:\windows\system32\1615295azbot5cf.ocx
c:\windows\system32\16199nzt-a-virus527.exe
c:\windows\system32\1650zackdoor2958.bin
c:\windows\system32\169205rojcz.bin
c:\windows\system32\17690hazkt5ol183.ocx
c:\windows\system32\17e5threatz399.exe
c:\windows\system32\18127spamz59360.cpl
c:\windows\system32\18a9zie553.bin
c:\windows\system32\18z05s5ambo9315.cpl
c:\windows\system32\19170vizus5b9.dll
c:\windows\system32\19347not-z-virus5e5.ocx
c:\windows\system32\19456t9oj74z.cpl
c:\windows\system32\19499viruz77e5.ocx
c:\windows\system32\19597spzm5o95db.bin
c:\windows\system32\195z1hac9to5l2a2.exe
c:\windows\system32\19636w5rmz269.ocx
c:\windows\system32\19645wormz66.ocx
c:\windows\system32\19744not-azvirus295.dll
c:\windows\system32\1981thief2z53.bin
c:\windows\system32\199665izus596.cpl
c:\windows\system32\19z5steal535.dll
c:\windows\system32\1a37thr9atz235.bin
c:\windows\system32\1ae5vir54z09.ocx
c:\windows\system32\1f9v5r12z5.ocx
c:\windows\system32\1z103troj6f59.cpl
c:\windows\system32\1zffvi5459.bin
c:\windows\system32\2035tzoj96c.ocx
c:\windows\system32\2047z9py5e4.bin
c:\windows\system32\20561sp9mbot558z.bin
c:\windows\system32\20945w5rm5z1.bin
c:\windows\system32\209z7s5y613.dll
c:\windows\system32\22108notza-9iru5774.dll
c:\windows\system32\22423spam5otz9.exe
c:\windows\system32\22447spa5zot4b9.exe
c:\windows\system32\22531z5t-a-v9rus749.ocx
c:\windows\system32\2254zhacktool2a95.dll
c:\windows\system32\229trz54259.ocx
c:\windows\system32\229z5troj12d.cpl
c:\windows\system32\22z1s9ywar51276.dll
c:\windows\system32\2338h9cktoolz59.exe
c:\windows\system32\23698spaz5ot499.cpl
c:\windows\system32\2380sp9rze9485.ocx
c:\windows\system32\23z5spyware14409.dll
c:\windows\system32\24006sp529z.exe
c:\windows\system32\24509notza-virus6b7.exe
c:\windows\system32\24529pyw5re8z1.exe
c:\windows\system32\2521thi9z1789.ocx
c:\windows\system32\2522bazk9oor577.ocx
c:\windows\system32\25582zirus289.dll
c:\windows\system32\25595ackzoor9719.exe
c:\windows\system32\25769hazkt5ol143.ocx
c:\windows\system32\25854h9cktoo57az.dll
c:\windows\system32\25889zot-a-virus1b6.exe
c:\windows\system32\2591a5dzare2349.exe
c:\windows\system32\25977w9r52z9.bin
c:\windows\system32\2597addw5re4z8.ocx
c:\windows\system32\25c8back5oor29z4.dll
c:\windows\system32\260z9worm5935.exe
c:\windows\system32\261z9n9t-a-virus7a85.cpl
c:\windows\system32\262939pambot52cz.dll
c:\windows\system32\26451zp9mbot773.cpl
c:\windows\system32\2651st5z92490.bin
c:\windows\system32\266z0spam9ot425.exe
c:\windows\system32\266z19ot-a-vi5us5a4.bin
c:\windows\system32\26990worz94c5.cpl
c:\windows\system32\27416trz9265.cpl
c:\windows\system32\27629spa9bo52az.ocx
c:\windows\system32\27699not-a-zirus135.exe
c:\windows\system32\276z5w95m387.bin
c:\windows\system32\27789z59us40d.ocx
c:\windows\system32\27a1addw5r9145z.bin
c:\windows\system32\28053hzckt9ol6df.cpl
c:\windows\system32\285549orm3z55.bin
c:\windows\system32\287949pam5ot454z.dll
c:\windows\system32\28947hackto5z764.dll
c:\windows\system32\29011no5za-virus5ca.cpl
c:\windows\system32\29195not-a-z59us1a7.cpl
c:\windows\system32\2919ba9zd5or675.bin
c:\windows\system32\29520troj5ez.ocx
c:\windows\system32\2992595zj320.ocx
c:\windows\system32\2997vi519z3.exe
c:\windows\system32\2997zhack5ool258.dll
c:\windows\system32\29d7s5a9ze670.exe
c:\windows\system32\2a7back9zo52795.bin
c:\windows\system32\2b21s5a9se2355z.cpl
c:\windows\system32\2bf9th5efz600.dll
c:\windows\system32\2d10s9ywarez755.cpl
c:\windows\system32\2z23vi59156.dll
c:\windows\system32\2z318vi95s9b.bin
c:\windows\system32\2z522troj9845.cpl
c:\windows\system32\2z5475pambot192.ocx
c:\windows\system32\2z614wo9m65c.exe
c:\windows\system32\2z7375ir9s512.exe
c:\windows\system32\2zf0vir2539.ocx
c:\windows\system32\30249sp51z1.bin
c:\windows\system32\30394zo5m25c.dll
c:\windows\system32\3051ztro9be.cpl
c:\windows\system32\30554worm59z.bin
c:\windows\system32\30z2s59rse2217.exe
c:\windows\system32\3110spzr5e1936.cpl
c:\windows\system32\31290v9rzs44b5.exe
c:\windows\system32\315z7ha5ktool9ac.cpl
c:\windows\system32\31a4backzoor3597.dll
c:\windows\system32\32271n9t-z5virus5dc.ocx
c:\windows\system32\32902sp56z.exe
c:\windows\system32\3369sp9mb5tdz.bin
c:\windows\system32\3369thrzat194589.dll
c:\windows\system32\33d195r9z8.ocx
c:\windows\system32\342zvir9s7f5.bin
c:\windows\system32\34dcvz59193.exe
c:\windows\system32\3507spambotzf9.exe
c:\windows\system32\3567threatz9976.cpl
c:\windows\system32\365thizf17249.cpl
c:\windows\system32\374zthief2952.bin
c:\windows\system32\381e9pzware2595.dll
c:\windows\system32\3874tzie5799.ocx
c:\windows\system32\395z5r1020.bin
c:\windows\system32\39c3do59loazer3256.ocx
c:\windows\system32\39efstz5l9751.bin
c:\windows\system32\3d24d9znload5r1997.ocx
c:\windows\system32\3dd25ac9zoor1037.cpl
c:\windows\system32\3ee9zhreat35870.bin
c:\windows\system32\3fe3tzi5f30859.cpl
c:\windows\system32\3fz8t59ef850.ocx
c:\windows\system32\3z49addware2253.cpl
c:\windows\system32\419dthrzat51749.exe
c:\windows\system32\4239viz5s1a2.cpl
c:\windows\system32\44eaadz9are17995.exe
c:\windows\system32\4524zhr9at18994.bin
c:\windows\system32\455dadd9arz610.cpl
c:\windows\system32\455zthie92113.ocx
c:\windows\system32\4574sp5mbz92f.exe
c:\windows\system32\45c55ownzoader1369.ocx
c:\windows\system32\469dthie5677z.ocx
c:\windows\system32\473559ezl987.bin
c:\windows\system32\479av5r3z.bin
c:\windows\system32\47z9spy5are2615.dll
c:\windows\system32\4941viru975z.ocx
c:\windows\system32\4942thizf99695.bin
c:\windows\system32\49465ackdz9r450.dll
c:\windows\system32\4994zacktoo561.cpl
c:\windows\system32\49c6spyw5ze9406.ocx
c:\windows\system32\4daf9i51493z.dll
c:\windows\system32\4e50zddwar9790.dll
c:\windows\system32\4f9fdow5loaderz116.cpl
c:\windows\system32\4fe4threz958373.dll
c:\windows\system32\4z29t5ief1384.exe
c:\windows\system32\501s9yware32z9.bin
c:\windows\system32\50769zrus122.bin
c:\windows\system32\50cda9dw5re98z.dll
c:\windows\system32\50z9downloader25189.exe
c:\windows\system32\51380n9t-a-zirus224.bin
c:\windows\system32\51929virus5f0z.ocx
c:\windows\system32\52229spamz9t90.dll
c:\windows\system32\52z9spa5se297.exe
c:\windows\system32\5320bazkdo5r9006.dll
c:\windows\system32\5359zpyef.exe
c:\windows\system32\5395zpy3e3.dll
c:\windows\system32\54005acktool3zb9.cpl
c:\windows\system32\5411vi95z15.ocx
c:\windows\system32\5429ztea51958.exe
c:\windows\system32\5480zpambo5790.cpl
c:\windows\system32\549zv9r1145.cpl
c:\windows\system32\54a9vir5z59.ocx
c:\windows\system32\55084spzm9ot35a.ocx
c:\windows\system32\5554t5r9atz5989.dll
c:\windows\system32\560th9eat2127z.dll
c:\windows\system32\56971worm77z.bin
c:\windows\system32\569f5ir930z.bin
c:\windows\system32\57129spamzot4f9.exe
c:\windows\system32\5717virus9z5.exe
c:\windows\system32\5739bac9dozr576.exe
c:\windows\system32\5755tr9z2e.exe
c:\windows\system32\579ddownloa9er219z.ocx
c:\windows\system32\581aspa9sez781.exe
c:\windows\system32\58391s9y23z.ocx
c:\windows\system32\5879spzware592.cpl
c:\windows\system32\58b7s5eal965z.cpl

c:\windows\system32\58bespyw9z5734.ocx
c:\windows\system32\58z8threat198599.cpl
c:\windows\system32\59168szy52a9.bin
c:\windows\system32\59444virus699z.ocx
c:\windows\system32\595zdownlo5der9994.ocx
c:\windows\system32\59a1t59ef7z1.cpl
c:\windows\system32\59adbackdo9r18z55.bin
c:\windows\system32\59dsz5rse319.exe
c:\windows\system32\59z0hacktool1d5.cpl
c:\windows\system32\5a69v5r32z0.cpl
c:\windows\system32\5a7dt5i9f2z86.exe
c:\windows\system32\5b95spazse1295.cpl
c:\windows\system32\5bf9zhief94005.cpl
c:\windows\system32\5c18tzi9f876.ocx
c:\windows\system32\5d4th9eat51z99.ocx
c:\windows\system32\5d59threat1333z.bin
c:\windows\system32\5d5zsp9rse365.dll
c:\windows\system32\5d69thi9f57z.ocx
c:\windows\system32\5da09hreaz8511.exe
c:\windows\system32\5dc5ddwarz23919.cpl
c:\windows\system32\5e4dv59z55.bin
c:\windows\system32\5ee1t9ief2z45.cpl
c:\windows\system32\5f0fdown5oadzr96.exe
c:\windows\system32\5f97szyware1352.cpl
c:\windows\system32\5fb6zhreat3469.bin
c:\windows\system32\5fsparse2987z.bin
c:\windows\system32\5z0caddware2859.dll
c:\windows\system32\5z234tr9j752.dll
c:\windows\system32\5z398s9y736.cpl
c:\windows\system32\5z40addwar929725.bin
c:\windows\system32\5z59thr5at18982.exe
c:\windows\system32\5z6s9arse2275.ocx
c:\windows\system32\6010downl5ader1z19.ocx
c:\windows\system32\6039a5dwaze536.exe
c:\windows\system32\6047spywar5z494.dll
c:\windows\system32\6085s9zware3118.ocx
c:\windows\system32\6105roj195z.ocx
c:\windows\system32\613z9parse2757.bin
c:\windows\system32\616sp59se26z.exe
c:\windows\system32\6362zt5a92542.ocx
c:\windows\system32\64ez95dware1555.exe
c:\windows\system32\6575addzare3209.bin
c:\windows\system32\65z8tro959b.dll
c:\windows\system32\6617spywaze9425.dll
c:\windows\system32\6632spyz9re1575.ocx
c:\windows\system32\663noz5a-virus629.ocx
c:\windows\system32\6696vir229z5.exe
c:\windows\system32\66z6t9reat57325.bin
c:\windows\system32\675n9t-a-virus5z3.bin
c:\windows\system32\6859wzrm1c5.dll
c:\windows\system32\6885a9dwarz1833.ocx
c:\windows\system32\6934th5ez2263.cpl
c:\windows\system32\6955thrzat5964.bin
c:\windows\system32\69935tzal198.dll
c:\windows\system32\6a9zsteal5229.dll
c:\windows\system32\6b119irz705.cpl
c:\windows\system32\6d4zdo5nloader9622.ocx
c:\windows\system32\6decspars9459z.ocx
c:\windows\system32\6dzfad59are479.bin
c:\windows\system32\6e20thz5f699.ocx
c:\windows\system32\6ef6backdo9rz54.dll
c:\windows\system32\6f91backdzo53222.exe
c:\windows\system32\703zownlo5d9r3245.bin
c:\windows\system32\709zspy5d5.cpl
c:\windows\system32\70c0spy59rez764.exe
c:\windows\system32\7199w5rm2z8.ocx
c:\windows\system32\728espyw59z2019.ocx
c:\windows\system32\746zthre5t22394.dll
c:\windows\system32\74a9threat5166z.exe
c:\windows\system32\74z4threat59985.exe
c:\windows\system32\75b1viz9125.exe
c:\windows\system32\7659sz590.exe
c:\windows\system32\76c2do9nloazer1175.exe
c:\windows\system32\7884hackto5zd39.cpl
c:\windows\system32\795bdownlzader5613.cpl
c:\windows\system32\7993spamzo550e.exe
c:\windows\system32\79z8spars5589.ocx
c:\windows\system32\7a53spa9sez069.bin
c:\windows\system32\7af0vi919z85.exe
c:\windows\system32\7d52stza91809.cpl
c:\windows\system32\7dd85dzware10579.ocx
c:\windows\system32\7f1e9oznloader17615.exe
c:\windows\system32\7f85z9eal1534.bin
c:\windows\system32\7fa5vzr17239.dll
c:\windows\system32\7z259hief2161.bin
c:\windows\system32\7z50vi91889.ocx
c:\windows\system32\7z60backd5or1974.ocx
c:\windows\system32\7zfdspar9e2503.dll
c:\windows\system32\8240not-9-vz5us5ba.exe
c:\windows\system32\84339ot-a-5irus6z5.exe
c:\windows\system32\8a25tez9378.bin
c:\windows\system32\9010spy5zre244.cpl
c:\windows\system32\90861zacktool44b5.bin
c:\windows\system32\90950zorm547.dll
c:\windows\system32\9205znot-a-virus13c.dll
c:\windows\system32\9252wozmb0.ocx
c:\windows\system32\9265zhreat22599.bin
c:\windows\system32\93259orz2e3.ocx
c:\windows\system32\9458tzoj33.ocx
c:\windows\system32\950cbazkdoor13.bin
c:\windows\system32\9559thzef2217.exe
c:\windows\system32\9579not-a-virzs1ce.cpl
c:\windows\system32\95f7thief1z70.exe
c:\windows\system32\95z4hac5to9l34b.bin
c:\windows\system32\969steal858z.bin
c:\windows\system32\98a6spywaze5408.bin
c:\windows\system32\99355trzj17a.bin
c:\windows\system32\99595roz5a5.dll
c:\windows\system32\9989virz590.cpl
c:\windows\system32\999fzownloade5246.ocx
c:\windows\system32\99cbackd5or2957z.exe
c:\windows\system32\9z454worm163.bin
c:\windows\system32\ab9zh9eat13565.ocx
c:\windows\system32\b97t5reatz3915.dll
c:\windows\system32\c59bzckdoo91657.exe
c:\windows\system32\c5spywzr9784.dll
c:\windows\system32\cd85hr9atz0552.ocx
c:\windows\system32\drivers\gxvxcspuypieooiwmecfmmurqxbqjolibdovr.sys
c:\windows\system32\dz9a9dware1659.ocx
c:\windows\system32\e56s9ywarez92.cpl
c:\windows\system32\ea29parze5621.dll
c:\windows\system32\ez35ownloader9513.dll
c:\windows\system32\fe9dow5loader9345z.bin
c:\windows\system32\gxvxcevlmumedfhqixeuthwhunrbwusrvgbjr.dll
c:\windows\system32\gxvxcfldyvpigwypltoblrnkjhtkfodukpuyh.dll
c:\windows\system32\setup2.exe
c:\windows\system32\z0805t9oj4d5.exe
c:\windows\system32\z16969orm457.ocx
c:\windows\system32\z22a9parse965.dll
c:\windows\system32\z26799p57dc.bin
c:\windows\system32\z292steal5352.exe
c:\windows\system32\z2c9backdoo52197.cpl
c:\windows\system32\z3f5downl9ad5r286.cpl
c:\windows\system32\z3fthrea593031.ocx
c:\windows\system32\z45csteal1592.exe
c:\windows\system32\z550spy96b.ocx
c:\windows\system32\z57edownlo5der1091.bin
c:\windows\system32\z60759rm4df.dll
c:\windows\system32\z6d5s9yware1275.ocx
c:\windows\system32\z9a5addware502.cpl
c:\windows\system32\zb86th9eat30695.cpl
c:\windows\system32\zbc1thief94825.bin
c:\windows\system32\zee79ownloader2505.dll
c:\windows\system32\zfba5kdo9r1837.ocx
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\TEMP\logishrd\LVPrcInj02.dll
c:\windows\z0045not-a-viru93d15.cpl
c:\windows\z168th5ea91473.bin
c:\windows\z1896s9y357.ocx
c:\windows\z20855py2859.ocx
c:\windows\z249s5y7bc.bin
c:\windows\z286worm945.bin
c:\windows\z2f5v9r1993.cpl
c:\windows\z3595virus7b5.cpl
c:\windows\z3909vi5us681.dll
c:\windows\z4676tro530c9.dll
c:\windows\z51cste5l1499.exe
c:\windows\z51dsp5rse2991.exe
c:\windows\z5379virus29.exe
c:\windows\z543addware1950.exe
c:\windows\z5586spy1925.bin
c:\windows\z559spambot5865.bin
c:\windows\z55evir299.dll
c:\windows\z5794not-a-viru94525.cpl
c:\windows\z588no9-a-virusee.exe
c:\windows\z589pa5bot551.dll
c:\windows\z5923troj78c.ocx
c:\windows\z640ha95tool7de.dll
c:\windows\z659vir9445.exe
c:\windows\z69cste5l286.dll
c:\windows\z80thief24695.ocx
c:\windows\z9094wor52889.bin
c:\windows\z9151spy588.dll
c:\windows\z923worm159.dll
c:\windows\z94athi5f919.bin
c:\windows\z9d5thief568.bin
c:\windows\zd95steal1955.ocx
c:\windows\zf559pyware1467.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-09 12:33 . 2009-06-09 12:33 79360 ----a-w- c:\windows\system32\drivers\MSIVXserv.sys
2009-06-08 23:12 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 23:12 . 2009-06-08 23:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 23:12 . 2009-06-08 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-08 23:12 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 21:55 . 2009-06-08 22:25 -------- d-----w- c:\program files\Trend Micro
2009-06-08 14:02 . 2009-06-08 14:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-08 12:58 . 2009-06-08 13:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-22 00:45 . 2009-05-22 00:45 -------- d-----w- c:\program files\iPod
2009-05-22 00:45 . 2009-05-22 00:45 -------- d-----w- c:\program files\iTunes
2009-05-22 00:45 . 2009-05-22 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-22 00:43 . 2009-05-22 00:43 -------- d-----w- c:\program files\Bonjour
2009-05-22 00:42 . 2009-05-22 00:43 -------- d-----w- c:\program files\QuickTime
2009-05-22 00:39 . 2009-03-26 19:23 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-22 00:37 . 2009-05-22 00:37 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-15 12:31 . 2009-05-15 12:31 -------- d-----w- c:\program files\Citrix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 13:06 . 2008-03-18 22:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-09 13:06 . 2008-08-02 19:26 -------- d-----w- c:\program files\DNA
2009-06-09 13:06 . 2008-08-02 19:26 -------- d-----w- c:\documents and settings\Adrienne\Application Data\DNA
2009-06-09 13:05 . 2008-10-29 00:01 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-06-09 13:05 . 2008-10-29 00:01 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-06-08 02:50 . 2008-10-24 13:10 -------- d-----w- c:\documents and settings\Adrienne\Application Data\Skype
2009-06-07 20:00 . 2008-10-27 23:00 -------- d-----w- c:\documents and settings\Adrienne\Application Data\skypePM
2009-05-22 13:43 . 2008-06-17 00:26 -------- d-----w- c:\documents and settings\Adrienne\Application Data\LimeWire
2009-05-22 12:49 . 2008-06-17 00:26 -------- d-----w- c:\program files\LimeWire
2009-05-22 02:25 . 2008-04-10 12:43 -------- d-----w- c:\documents and settings\Adrienne\Application Data\Juniper Networks
2009-05-22 02:25 . 2008-04-10 12:43 36939 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Setup\uninstall.exe
2009-05-22 02:25 . 2008-04-16 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2009-05-22 00:59 . 2008-06-24 12:54 26016 ----a-w- c:\documents and settings\Adrienne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-22 00:45 . 2008-07-24 04:27 -------- d-----w- c:\program files\Common Files\Apple
2009-04-25 16:48 . 2009-04-25 16:34 -------- d-----w- c:\program files\QuickTax 2008
2009-04-25 16:34 . 2008-03-18 23:46 -------- d-----w- c:\documents and settings\Adrienne\Application Data\Intuit Canada
2009-04-25 16:33 . 2008-03-18 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit Canada
2009-04-11 13:12 . 2008-09-14 19:44 -------- d-----w- c:\program files\Norton 360
2009-04-01 07:47 . 2009-04-01 07:47 782896 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\AVManagerUnified.dll
2009-04-01 07:47 . 2009-04-01 07:47 30256 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\CFireWallCOM.dll
2009-04-01 07:47 . 2009-04-01 07:47 146992 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\FWManager.dll
2009-04-01 07:47 . 2008-06-02 12:09 91184 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\CAntiVirusCOM.dll
2009-04-01 07:47 . 2008-06-02 12:09 35888 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\OPSWATProcessesScanner.dll
2009-04-01 02:46 . 2008-02-24 02:07 9584 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll
2009-03-27 13:16 . 2009-03-27 13:17 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-27 13:16 . 2009-03-27 13:16 152576 ----a-w- c:\documents and settings\Adrienne\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-03-26 19:23 . 2008-07-24 04:28 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-11 17:20 . 2009-03-11 17:20 55248 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\uninstall.exe
2009-03-11 17:20 . 2009-03-11 17:20 65536 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\CertAuthIMC.dll
2009-03-11 17:20 . 2009-03-11 17:20 292136 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\dsHostChecker.exe
2009-03-11 17:20 . 2009-03-11 17:20 230696 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\dsHostCheckerProxy.exe
2009-03-11 16:57 . 2009-03-11 16:57 401462 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\msvcp60.dll
2009-03-11 16:57 . 2009-03-11 16:57 626688 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\msvcr80.dll
2009-03-11 16:57 . 2009-03-11 16:57 548864 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\msvcp80.dll
2009-04-01 02:47 . 2008-09-15 12:36 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-15 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-27 136600]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"USRobotics Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-06-19 1290240]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-04 64512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-28 66864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2009-2-11 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead demo\\left4dead.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/27/2009 8:41 PM 101936]
R3 NdisWDM;USRobotics NDIS-WDM Virtual Miniport Ethernet Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [12/25/2008 2:26 AM 203920]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinBlueSoft - c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: bmofg.com\inet
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://inet.bmofg.com/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\Adrienne\Application Data\Mozilla\Firefox\Profiles\96s379pc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 09:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(7116)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-06-09 9:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-09 13:13

Pre-Run: 159,662,841,856 bytes free
Post-Run: 160,035,299,328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

957 --- E O F --- 2009-05-14 00:29

Hello.
Thanks Origin, still more to do though.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\drivers\logiflt.iad

Folder::
c:\program files\DNA
c:\documents and settings\Adrienne\Application Data\DNA
c:\program files\LimeWire

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=-
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

It's looking like winbluesoft is gone... no more alerts! Hooray!

I ran the script and here were the results:

ComboFix 09-06-09.06 - Adrienne 06/09/2009 21:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1422 [GMT -4:00]
Running from: c:\documents and settings\Adrienne\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Adrienne\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
* Created a new restore point

FILE ::
"c:\windows\system32\drivers\logiflt.iad"
"c:\windows\system32\drivers\lvuvc.hs"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Adrienne\Application Data\DNA
c:\documents and settings\Adrienne\Application Data\DNA\dht.dat
c:\documents and settings\Adrienne\Application Data\DNA\dht.dat.old
c:\documents and settings\Adrienne\Application Data\DNA\dna.lng
c:\documents and settings\Adrienne\Application Data\DNA\resume.dat
c:\documents and settings\Adrienne\Application Data\DNA\resume.dat.old
c:\documents and settings\Adrienne\Application Data\DNA\rss.dat
c:\documents and settings\Adrienne\Application Data\DNA\rss.dat.old
c:\documents and settings\Adrienne\Application Data\DNA\settings.dat
c:\documents and settings\Adrienne\Application Data\DNA\settings.dat.old

c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.2.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\gxvxccount
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.

2009-06-09 12:33 . 2009-06-09 12:33 79360 ----a-w- c:\windows\system32\drivers\MSIVXserv.sys
2009-06-08 23:12 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 23:12 . 2009-06-08 23:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 23:12 . 2009-06-08 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-08 23:12 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 21:55 . 2009-06-08 22:25 -------- d-----w- c:\program files\Trend Micro
2009-06-08 14:02 . 2009-06-08 14:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-08 12:58 . 2009-06-08 13:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-22 00:45 . 2009-05-22 00:45 -------- d-----w- c:\program files\iPod
2009-05-22 00:45 . 2009-05-22 00:45 -------- d-----w- c:\program files\iTunes
2009-05-22 00:45 . 2009-05-22 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-22 00:43 . 2009-05-22 00:43 -------- d-----w- c:\program files\Bonjour
2009-05-22 00:42 . 2009-05-22 00:43 -------- d-----w- c:\program files\QuickTime
2009-05-22 00:39 . 2009-03-26 19:23 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-22 00:37 . 2009-05-22 00:37 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-15 12:31 . 2009-05-15 12:31 -------- d-----w- c:\program files\Citrix

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 01:59 . 2008-03-18 22:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-08 02:50 . 2008-10-24 13:10 -------- d-----w- c:\documents and settings\Adrienne\Application Data\Skype
2009-06-07 20:00 . 2008-10-27 23:00 -------- d-----w- c:\documents and settings\Adrienne\Application Data\skypePM
2009-05-22 13:43 . 2008-06-17 00:26 -------- d-----w- c:\documents and settings\Adrienne\Application Data\LimeWire
2009-05-22 02:25 . 2008-04-10 12:43 -------- d-----w- c:\documents and settings\Adrienne\Application Data\Juniper Networks
2009-05-22 02:25 . 2008-04-10 12:43 36939 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Setup\uninstall.exe
2009-05-22 02:25 . 2008-04-16 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2009-05-22 00:59 . 2008-06-24 12:54 26016 ----a-w- c:\documents and settings\Adrienne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-22 00:45 . 2008-07-24 04:27 -------- d-----w- c:\program files\Common Files\Apple
2009-04-25 16:48 . 2009-04-25 16:34 -------- d-----w- c:\program files\QuickTax 2008
2009-04-25 16:34 . 2008-03-18 23:46 -------- d-----w- c:\documents and settings\Adrienne\Application Data\Intuit Canada
2009-04-25 16:33 . 2008-03-18 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit Canada
2009-04-11 13:12 . 2008-09-14 19:44 -------- d-----w- c:\program files\Norton 360
2009-04-01 07:47 . 2009-04-01 07:47 782896 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\AVManagerUnified.dll
2009-04-01 07:47 . 2009-04-01 07:47 30256 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\CFireWallCOM.dll
2009-04-01 07:47 . 2009-04-01 07:47 146992 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\FWManager.dll
2009-04-01 07:47 . 2008-06-02 12:09 91184 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\CAntiVirusCOM.dll
2009-04-01 07:47 . 2008-06-02 12:09 35888 ----a-w- c:\documents and settings\Adrienne\Application Data\Juniper Networks\Host Checker\OPSWATProcessesScanner.dll
2009-04-01 02:46 . 2008-02-24 02:07 9584 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll
2009-03-27 13:16 . 2009-03-27 13:17 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-03-27 13:16 . 2009-03-27 13:16 152576 ----a-w- c:\documents and settings\Adrienne\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-03-26 19:23 . 2008-07-24 04:28 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-01 02:47 . 2008-09-15 12:36 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-09_13.07.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-10 01:59 . 2009-06-10 01:59 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat
+ 2009-06-10 01:59 . 2009-06-10 01:59 16384 c:\windows\Temp\Perflib_Perfdata_750.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-27 136600]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"USRobotics Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-06-19 1290240]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-04 64512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-28 66864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2009-2-11 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead demo\\left4dead.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/27/2009 8:41 PM 101936]
R3 NdisWDM;USRobotics NDIS-WDM Virtual Miniport Ethernet Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [12/25/2008 2:26 AM 203920]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: bmofg.com\inet
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://inet.bmofg.com/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\Adrienne\Application Data\Mozilla\Firefox\Profiles\96s379pc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 21:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(7104)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-06-10 22:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-10 02:06
ComboFix2.txt 2009-06-09 13:13

Pre-Run: 160,004,149,248 bytes free
Post-Run: 159,965,130,752 bytes free

295 --- E O F --- 2009-05-14 00:29

Anything else I should do?

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

System seems a little slow. Is it possible I still have something on here?

Here's a HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:56 PM, on 6/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [USRobotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://inet.bmofg.com/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://inet.bmofg.com/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9734 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
  O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
  O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
  O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
  O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
  O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
  O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Reboot.
Is should be faster now.

Computer seems to be running great now.

Thanks for all the help!

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.