help winbluesoft

Admin edit:

Other people with WinBlueSoft on your computer, please read this and post your HijackThis log in a new topic here. An expert will be assisting you to remove it for free.

You have to be a member to post questions, you can register for free here: register.

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:39 PM, on 5/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\WINDOWS\system32\setup2.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HP_Administrator\Desktop\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\_helper.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1223952629\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RIMDeviceManager] "C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [setup2.exe] C:\WINDOWS\system32\setup2.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebSearch Control) - http://74.169.86.249/WebSearch.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA86A2D4-AA1C-415F-B07A-B1505A8A4DDF}: NameServer = 85.255.112.23,85.255.112.126
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.23,85.255.112.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.23,85.255.112.126
O18 - Filter hijack: text/html - {96625bd2-ac1a-454a-85d4-37a38deaa59c} - C:\WINDOWS\system32\mst120.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 11109 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL (file missing)
  O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\_helper.dll (file missing)
  O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
  O4 - HKCU\..\Run: [setup2.exe] C:\WINDOWS\system32\setup2.exe
  O17 - HKLM\System\CCS\Services\Tcpip\..\{BA86A2D4-AA1C-415F-B07A-B1505A8A4DDF}: NameServer = 85.255.112.23,85.255.112.126
  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.23,85.255.112.126
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.23,85.255.112.126
  O18 - Filter hijack: text/html - {96625bd2-ac1a-454a-85d4-37a38deaa59c} - C:\WINDOWS\system32\mst120.dll
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Leave the script box empty.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

3. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "gaopdxserv.sys" found!
ImagePath: \systemroot\system32\drivers\gaopdxwppvgomxwtowkrnkwkllwsyrtjabvjdr.sys
Driver disabled successfully.

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
gaopdxserv.sys

Files to delete:
C:\WINDOWS\system32\drivers\gaopdxwppvgomxwtowkrnkwkllwsyrtjabvjdr.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

3. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "gaopdxserv.sys" deleted successfully.

Error: file "C:\WINDOWS\system32\drivers\gaopdxwppvgomxwtowkrnkwkllwsyrtjabvjdr" not found!
Deletion of file "C:\WINDOWS\system32\drivers\gaopdxwppvgomxwtowkrnkwkllwsyrtjabvjdr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.36
Database version: 2138
Windows 5.1.2600 Service Pack 2

5/15/2009 6:42:52 PM
mbam-log-2009-05-15 (18-42-52).txt

Scan type: Quick Scan
Objects scanned: 98406
Time elapsed: 8 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Illysoft (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Illysoft (Rogue.SpyNoMore) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-7-9-41-100027762-100003185-100030723-7488.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.sig (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaopdxndqculqrsoujcxjbaivxgoddvkuyowtx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxwppvgomxwtowkrnkwkllwsyrtjabvjdr.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxxejyxaahoiykfyukeaegrwigmhfvvkja.sys (Trojan.Agent) -> Quarantined and deleted successfully.

DDS (Ver_09-05-14.01) - NTFSx86
Run by HP_Administrator at 18:50:22.43 on Fri 05/15/2009
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.67 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.5.0.134\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RIMDeviceManager] "c:\program files\common files\research in motion\rimdevicemanager\RIMDeviceManager.exe" -RunServer
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [RecoverFromReboot] c:\windows\temp\RecoverFromReboot.exe
mRun: [HostManager] c:\program files\common files\aol\1223952629\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} - hxxp://74.169.86.249/WebSearch.CAB
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Filter: text/html - {96625bd2-ac1a-454a-85d4-37a38deaa59c} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-28 101936]

============== File Associations ===============

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
piffile="%1" %*"

=============== Created Last 30 ================

2009-05-15 18:16 --d----- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-05-15 18:16 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-15 18:16 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-15 18:15 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-15 18:15 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-15 17:05 1,152 a------- c:\windows\system32\windrv.sys
2009-05-15 17:04 --d----- c:\docume~1\hp_adm~1\applic~1\GetRightToGo
2009-05-15 16:37 --d----- c:\program files\common files\PC Tools
2009-05-14 12:24 8,551 a------- c:\windows\system32\23z66spam5o9236.dll
2009-05-13 08:46 6,416 a------- c:\windows\system32\zea3s9eal858.cpl
2009-05-12 05:31 17,406 a------- c:\windows\30981s9zm5ot4d3.exe
2009-05-11 12:20 17,967 a------- c:\windows\system32\4059spy5are24z.bin
2009-05-11 10:29 14,945 a------- c:\windows\1z2955py754.ocx
2009-05-11 08:10 14,315 a------- c:\windows\system32\50589pyzare332.cpl
2009-05-09 21:58 15,066 a------- c:\windows\6928spaz5ot1df.ocx
2009-05-08 18:38 10,003 a------- c:\windows\system32\z507v9r2405.exe
2009-05-08 02:13 225,280 a------- c:\windows\system32\rewire.dll
2009-05-08 02:13 --d----- c:\program files\VstPlugins
2009-05-08 02:13 1,294,336 a------- c:\windows\system32\vorbis.acm
2009-05-08 02:12 --d----- c:\program files\Outsim
2009-05-08 02:11 --d----- c:\program files\Image-Line
2009-05-03 09:23 9,731 a------- c:\windows\system32\z412vi9905.exe
2009-05-03 07:22 10,462 a------- c:\windows\17545s5a9bot691z.ocx
2009-05-03 04:18 7,896 a------- c:\windows\system32\7939not-a-viru5z97.cpl
2009-05-01 17:47 14,191 a------- c:\windows\39315spy5dz5.exe
2009-05-01 03:01 10,159 a------- c:\windows\system32\5csze9l119.exe
2009-05-01 01:59 7,131 a------- c:\windows\system32\4953zir3960.ocx
2009-04-28 05:18 13,349 a------- c:\windows\system32\5d20thze59131.dll
2009-04-28 04:11 9,164 a------- c:\windows\system32\5496downzoader757.ocx
2009-04-26 04:57 6,275 a------- c:\windows\system32\3c56t9zef3077.cpl
2009-04-25 13:33 3,100 a------- c:\windows\4558backzoo9777.dll
2009-04-25 11:48 10,972 a------- c:\windows\19097trzj47f5.ocx
2009-04-25 07:09 4,238 a------- c:\windows\1c47t9iz52535.ocx
2009-04-25 04:00 6,868 a------- c:\windows\186475roj4d9z.ocx
2009-04-23 12:57 9,087 a------- c:\windows\system32\29796tr591z7.bin
2009-04-22 20:43 10,790 a------- c:\windows\system32\175919otza-virus206.cpl
2009-04-22 18:40 17,353 a------- c:\windows\system32\56d6downloazer5089.ocx
2009-04-18 21:17 12,949 a------- c:\windows\4936wo5z690.exe
2009-04-18 09:31 4,333 a------- c:\windows\system32\22669tr5jz28.dll
2009-04-18 09:23 5,437 a------- c:\windows\4ea0s5eal1z479.cpl
2009-04-18 06:04 14,082 a------- c:\windows\5e95t5ze9930.exe
2009-04-17 02:54 6,325 a------- c:\windows\59987worm1az.dll

==================== Find3M ====================

2009-05-15 18:45 256 a------- c:\documents and settings\hp_administrator\pool.bin
2009-04-09 21:26 11,130 a------- c:\windows\system32\20218tr5z5e79.dll
2009-04-09 20:32 10,573 a------- c:\windows\system32\9048worm156z.dll
2009-04-07 01:55 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-04 07:33 13,438 a------- c:\windows\system32\4775addwaze28299.bin
2009-04-03 04:27 10,151 a------- c:\windows\system32\450095rm1z2.exe
2009-04-02 12:18 2,666 a------- c:\windows\system32\3427vz95035.dll
2009-04-02 04:05 3,912 a------- c:\windows\9cz5addwa5e2853.bin
2009-03-28 16:47 14,293 a------- c:\windows\495zpy5.exe
2009-03-26 23:34 10,341 a------- c:\windows\92865wozm5b5.exe
2009-03-25 12:19 14,176 a------- c:\windows\system32\6062addwa9z115.dll
2009-03-23 22:49 9,681 a------- c:\windows\system32\39928z5oj134.bin
2009-03-20 07:47 3,299 a------- c:\windows\system32\15817hacztool1985.bin
2009-03-20 02:09 15,938 a------- c:\windows\93857troj4bz.dll
2009-03-15 10:48 8,075 a------- c:\windows\2107spyz9re594.dll
2009-03-14 06:03 10,892 a------- c:\windows\system32\71989irz55d7.bin
2009-03-09 05:02 8,537 a------- c:\windows\system32\6956not-a9virzsad.dll
2009-03-08 22:15 14,943 a------- c:\windows\95569tzoj10a.dll
2009-03-08 15:50 13,210 a------- c:\windows\320zte9l5975.exe
2009-03-07 09:09 12,868 a------- c:\windows\11z50sp93dd.exe
2009-03-04 15:41 6,593 a------- c:\windows\system32\21865hacz9ool55a.bin
2009-03-03 22:20 8,770 a------- c:\windows\3370downloaderz5995.bin
2009-03-03 13:19 6,237 a------- c:\windows\15980spy989z.exe
2009-03-01 00:13 2,549 a------- c:\windows\9929iruz5cc.exe
2009-02-28 04:09 6,498 a------- c:\windows\10399nzt-a-viru52f4.exe
2009-02-25 19:05 6,328 a------- c:\windows\system32\97315zorm58d.dll
2009-02-22 12:52 10,596 a------- c:\windows\system32\9335hiez2430.bin
2009-02-21 17:20 15,547 a------- c:\windows\system32\458dth5e9t89z9.exe
2009-02-19 01:20 8,785 a------- c:\windows\system32\4452th9ez1499.bin
2009-02-17 08:23 4,996 a------- c:\windows\56z7vir6965.exe
2009-02-16 16:56 8,101 a------- c:\windows\156525zru9da.exe

============= FINISH: 18:50:30.07 ===============

Hello.
Do you have attach.txt? please post that too, I want you to uninstall a few things.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/13/2008 9:01:26 PM
System Uptime: 5/15/2009 6:44:48 PM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket 939 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 176 GiB total, 160.859 GiB free.
D: is FIXED (FAT32) - 10 GiB total, 3.612 GiB free.
E: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\5B63D111D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\5B63D111D800
Service: NIC1394

==== System Restore Points ===================

RP163: 5/15/2009 5:19:05 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player 11
AiO_Scan
AiOSoftware
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Uninstaller
AOL You've Got Pictures Screensaver
Apple Software Update
ATI Control Panel
ATI Display Driver
BlackBerry Desktop Software 4.7
BlackBerry Media Sync
BlackBerry Media Sync
Bonjour
BufferChm
CameraDrivers
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
CueTour
Destinations
DeviceManagementQFolder
DocProc
DocumentViewer
DocumentViewerQFolder
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
Fax
GemMaster Mystic
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Deskjet 3840
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Product Detection
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HP Tunes
HPProductAssistant
HpSdpAppCoreApp
HTMLPad 2008 Pro v9.5
InstantShareDevices
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
Java DB 10.4.1.3
Java(TM) 6 Update 13
Java(TM) SE Development Kit 6 Update 13
Jewel Quest from HP Media Center (remove only)
LightScribe 1.4.42.1
LimeWire 4.18.8
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2005
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Works
Motorola SM56 Speakerphone Modem
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
muvee autoProducer 4.0
muvee autoProducer unPlugged 1.1 - HPD
NewCopy
Office 2003 Tour
Otto
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PS2
PSPrinters08
PSTAPlugin
Pure Networks Port Magic
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
Quicken 2005
QuickTime
RandMap
Readme
RealPlayer
Realtek AC'97 Audio
Scan
ScannerCopy
SCRABBLE Blast from HP Media Center (remove only)
SCRABBLE from HP Media Center (remove only)
SCRABBLE Rack Attack from HP Media Center (remove only)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB960714)
Security Update for Windows Internet Explorer 8 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1
Slingo Deluxe from HP Media Center (remove only)
Slyder from HP Media Center (remove only)
SolutionCenter
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
Sun Download Manager 2.0 (web)
Super Granny from HP Media Center (remove only)
Swarm from HP Media Center (remove only)
Toxic Biohazard
Tradewinds from HP Media Center (remove only)
TrayApp
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Updates from HP (remove only)
Viewpoint Media Player
VZAccess Manager for RIM
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 Beta 2
Windows Media Format Runtime
Windows Media Player 10 Hotfix [See KB889858 for more information]
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885354
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB895678

==== Event Viewer Messages From Past Week ========

5/15/2009 6:43:44 PM, error: PlugPlayManager [11] - The device Root\LEGACY_TGJZ\0000 disappeared from the system without first being prepared for removal.
5/15/2009 6:02:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 gagp30kx iaStor IntelIde ViaIde
5/15/2009 4:09:07 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000369' while processing the file '_515171_' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/15/2009 3:47:37 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000369' while processing the file '_114312_' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/15/2009 3:37:37 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000369' while processing the file 'desktop.ini' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/12/2009 9:24:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2

==== End Of File ===========================

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

• Adobe Reader 7.0
  
• J2SE Runtime Environment 5.0
  
• LimeWire 4.18.8
  
• Viewpoint Media Player
  
• WildTangent Web Driver
  

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  C:\Program Files\Common
  C:\Program Files\WinBlueSoft Software
  C:\WINDOWS\system32\setup2.exe
  C:\WINDOWS\system32\mst120.dll
  c:\program files\spynomore
  c:\windows\system32\23z66spam5o9236.dll
  c:\windows\system32\zea3s9eal858.cpl
  c:\windows\30981s9zm5ot4d3.exe
  c:\windows\system32\4059spy5are24z.bin
  c:\windows\1z2955py754.ocx
  c:\windows\system32\50589pyzare332.cpl
  c:\windows\6928spaz5ot1df.ocx
  c:\windows\system32\z507v9r2405.exe
  c:\windows\system32\z412vi9905.exe
  c:\windows\17545s5a9bot691z.ocx
  c:\windows\system32\7939not-a-viru5z97.cpl
  c:\windows\39315spy5dz5.exe
  c:\windows\system32\5csze9l119.exe
  c:\windows\system32\4953zir3960.ocx
  c:\windows\system32\5d20thze59131.dll
  c:\windows\system32\5496downzoader757.ocx
  c:\windows\system32\3c56t9zef3077.cpl
  c:\windows\4558backzoo9777.dll
  c:\windows\19097trzj47f5.ocx
  c:\windows\1c47t9iz52535.ocx
  c:\windows\186475roj4d9z.ocx
  c:\windows\system32\29796tr591z7.bin
  c:\windows\system32\175919otza-virus206.cpl
  c:\windows\system32\56d6downloazer5089.ocx
  c:\windows\4936wo5z690.exe
  c:\windows\system32\22669tr5jz28.dll
  c:\windows\4ea0s5eal1z479.cpl
  c:\windows\5e95t5ze9930.exe
  c:\windows\59987worm1az.dll
  c:\windows\system32\20218tr5z5e79.dll
  c:\windows\system32\9048worm156z.dll
  c:\windows\system32\4775addwaze28299.bin
  c:\windows\system32\450095rm1z2.exe
  c:\windows\system32\3427vz95035.dll
  c:\windows\9cz5addwa5e2853.bin
  c:\windows\495zpy5.exe
  c:\windows\92865wozm5b5.exe
  c:\windows\system32\6062addwa9z115.dll
  c:\windows\system32\39928z5oj134.bin
  c:\windows\system32\15817hacztool1985.bin
  c:\windows\93857troj4bz.dll
  c:\windows\2107spyz9re594.dll
  c:\windows\system32\71989irz55d7.bin
  c:\windows\system32\6956not-a9virzsad.dll
  c:\windows\95569tzoj10a.dll
  c:\windows\320zte9l5975.exe
  c:\windows\11z50sp93dd.exe
  c:\windows\system32\21865hacz9ool55a.bin
  c:\windows\3370downloaderz5995.bin
  c:\windows\15980spy989z.exe
  c:\windows\9929iruz5cc.exe
  c:\windows\10399nzt-a-viru52f4.exe
  c:\windows\system32\97315zorm58d.dll
  c:\windows\system32\9335hiez2430.bin
  c:\windows\system32\458dth5e9t89z9.exe
  c:\windows\system32\4452th9ez1499.bin
  c:\windows\56z7vir6965.exe
  c:\windows\156525zru9da.exe
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== FILES ==========
C:\Program Files\Common moved successfully.
File/Folder C:\Program Files\WinBlueSoft Software not found.
C:\WINDOWS\system32\setup2.exe moved successfully.
File/Folder C:\WINDOWS\system32\mst120.dll not found.
File/Folder c:\program files\spynomore not found.
LoadLibrary failed for c:\windows\system32\23z66spam5o9236.dll
c:\windows\system32\23z66spam5o9236.dll NOT unregistered.
c:\windows\system32\23z66spam5o9236.dll moved successfully.
c:\windows\system32\zea3s9eal858.cpl moved successfully.
c:\windows\30981s9zm5ot4d3.exe moved successfully.
c:\windows\system32\4059spy5are24z.bin moved successfully.
LoadLibrary failed for c:\windows\1z2955py754.ocx
c:\windows\1z2955py754.ocx NOT unregistered.
c:\windows\1z2955py754.ocx moved successfully.
c:\windows\system32\50589pyzare332.cpl moved successfully.
LoadLibrary failed for c:\windows\6928spaz5ot1df.ocx
c:\windows\6928spaz5ot1df.ocx NOT unregistered.
c:\windows\6928spaz5ot1df.ocx moved successfully.
c:\windows\system32\z507v9r2405.exe moved successfully.
c:\windows\system32\z412vi9905.exe moved successfully.
LoadLibrary failed for c:\windows\17545s5a9bot691z.ocx
c:\windows\17545s5a9bot691z.ocx NOT unregistered.
c:\windows\17545s5a9bot691z.ocx moved successfully.
c:\windows\system32\7939not-a-viru5z97.cpl moved successfully.
c:\windows\39315spy5dz5.exe moved successfully.
c:\windows\system32\5csze9l119.exe moved successfully.
LoadLibrary failed for c:\windows\system32\4953zir3960.ocx
c:\windows\system32\4953zir3960.ocx NOT unregistered.
c:\windows\system32\4953zir3960.ocx moved successfully.
LoadLibrary failed for c:\windows\system32\5d20thze59131.dll
c:\windows\system32\5d20thze59131.dll NOT unregistered.
c:\windows\system32\5d20thze59131.dll moved successfully.
LoadLibrary failed for c:\windows\system32\5496downzoader757.ocx
c:\windows\system32\5496downzoader757.ocx NOT unregistered.
c:\windows\system32\5496downzoader757.ocx moved successfully.
c:\windows\system32\3c56t9zef3077.cpl moved successfully.
LoadLibrary failed for c:\windows\4558backzoo9777.dll
c:\windows\4558backzoo9777.dll NOT unregistered.
c:\windows\4558backzoo9777.dll moved successfully.
LoadLibrary failed for c:\windows\19097trzj47f5.ocx
c:\windows\19097trzj47f5.ocx NOT unregistered.
c:\windows\19097trzj47f5.ocx moved successfully.
LoadLibrary failed for c:\windows\1c47t9iz52535.ocx
c:\windows\1c47t9iz52535.ocx NOT unregistered.
c:\windows\1c47t9iz52535.ocx moved successfully.
LoadLibrary failed for c:\windows\186475roj4d9z.ocx
c:\windows\186475roj4d9z.ocx NOT unregistered.
c:\windows\186475roj4d9z.ocx moved successfully.
c:\windows\system32\29796tr591z7.bin moved successfully.
c:\windows\system32\175919otza-virus206.cpl moved successfully.
LoadLibrary failed for c:\windows\system32\56d6downloazer5089.ocx
c:\windows\system32\56d6downloazer5089.ocx NOT unregistered.
c:\windows\system32\56d6downloazer5089.ocx moved successfully.
c:\windows\4936wo5z690.exe moved successfully.
LoadLibrary failed for c:\windows\system32\22669tr5jz28.dll
c:\windows\system32\22669tr5jz28.dll NOT unregistered.
c:\windows\system32\22669tr5jz28.dll moved successfully.
c:\windows\4ea0s5eal1z479.cpl moved successfully.
c:\windows\5e95t5ze9930.exe moved successfully.
LoadLibrary failed for c:\windows\59987worm1az.dll
c:\windows\59987worm1az.dll NOT unregistered.
c:\windows\59987worm1az.dll moved successfully.
LoadLibrary failed for c:\windows\system32\20218tr5z5e79.dll
c:\windows\system32\20218tr5z5e79.dll NOT unregistered.
c:\windows\system32\20218tr5z5e79.dll moved successfully.
LoadLibrary failed for c:\windows\system32\9048worm156z.dll
c:\windows\system32\9048worm156z.dll NOT unregistered.
c:\windows\system32\9048worm156z.dll moved successfully.
c:\windows\system32\4775addwaze28299.bin moved successfully.
c:\windows\system32\450095rm1z2.exe moved successfully.
LoadLibrary failed for c:\windows\system32\3427vz95035.dll
c:\windows\system32\3427vz95035.dll NOT unregistered.
c:\windows\system32\3427vz95035.dll moved successfully.
c:\windows\9cz5addwa5e2853.bin moved successfully.
c:\windows\495zpy5.exe moved successfully.
c:\windows\92865wozm5b5.exe moved successfully.
LoadLibrary failed for c:\windows\system32\6062addwa9z115.dll
c:\windows\system32\6062addwa9z115.dll NOT unregistered.
c:\windows\system32\6062addwa9z115.dll moved successfully.
c:\windows\system32\39928z5oj134.bin moved successfully.
c:\windows\system32\15817hacztool1985.bin moved successfully.
LoadLibrary failed for c:\windows\93857troj4bz.dll
c:\windows\93857troj4bz.dll NOT unregistered.
c:\windows\93857troj4bz.dll moved successfully.
LoadLibrary failed for c:\windows\2107spyz9re594.dll
c:\windows\2107spyz9re594.dll NOT unregistered.
c:\windows\2107spyz9re594.dll moved successfully.
c:\windows\system32\71989irz55d7.bin moved successfully.
LoadLibrary failed for c:\windows\system32\6956not-a9virzsad.dll
c:\windows\system32\6956not-a9virzsad.dll NOT unregistered.
c:\windows\system32\6956not-a9virzsad.dll moved successfully.
LoadLibrary failed for c:\windows\95569tzoj10a.dll
c:\windows\95569tzoj10a.dll NOT unregistered.
c:\windows\95569tzoj10a.dll moved successfully.
c:\windows\320zte9l5975.exe moved successfully.
c:\windows\11z50sp93dd.exe moved successfully.
c:\windows\system32\21865hacz9ool55a.bin moved successfully.
c:\windows\3370downloaderz5995.bin moved successfully.
c:\windows\15980spy989z.exe moved successfully.
c:\windows\9929iruz5cc.exe moved successfully.
c:\windows\10399nzt-a-viru52f4.exe moved successfully.
LoadLibrary failed for c:\windows\system32\97315zorm58d.dll
c:\windows\system32\97315zorm58d.dll NOT unregistered.
c:\windows\system32\97315zorm58d.dll moved successfully.
c:\windows\system32\9335hiez2430.bin moved successfully.
c:\windows\system32\458dth5e9t89z9.exe moved successfully.
c:\windows\system32\4452th9ez1499.bin moved successfully.
c:\windows\56z7vir6965.exe moved successfully.
c:\windows\156525zru9da.exe moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 051

We can remove OTMoveIt now.

• Please double-click OTMoveIt3.exe to run it again.
  
• Press the green CleanUp! button.
  
• Press Yes cleanup process prompt, do the same for the reboot prompt.
  

How is the machine running now?

I have a security center warning asking about virus protection I had norton antivirus before but that went missing after a while what should I do?

You aren't running Anti Virus Software

Please install Avira antivirus otherwise you won't be protected.

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.