[aoshi26]

D:\I386\Apps\APP21763\commands.exe [PE_LUDER.A]
D:\I386\Apps\APP13680\src\custom\program\Qnue\custom\host.exe [PE_LUDER.A]
D:\I386\Apps\APP13680\src\custom\program\Qnue\custom\video.exe [PE_LUDER.A]
D:\I386\Apps\APP13680\src\DISK1\msaa20\setup.exe [PE_LUDER.A]
D:\I386\Apps\APP13680\src\DISK1\msaardk.exe [PE_LUDER.A]
D:\I386\Apps\APP13680\src\DISK1\setup.exe [PE_LUDER.A]
D:\I386\Apps\APP13680\src\install.exe [PE_LUDER.A]
D:\I386\Apps\APP13680\src\tools\sanitize.exe [PE_LUDER.A]
D:\I386\Apps\APP13680\commands.exe [PE_LUDER.A]
D:\I386\Apps\APP16319\pcdr\setup.exe [PE_LUDER.A]
D:\I386\Apps\APP16319\commands.exe [PE_LUDER.A]
D:\I386\Apps\APP08043\commands.exe [PE_LUDER.A]
D:\I386\Apps\APP15069\commands.exe [PE_LUDER.A]
D:\I386\Apps\APP04553\commands.exe [PE_LUDER.A]
D:\I386\Apps\APP20714\src\da\js\LURegWMI.exe [PE_LUDER.A]
D:\I386\Apps\APP20714\src\da\js\LUSetup\LUSETUP.EXE [PE_LUDER.A]
D:\I386\Apps\APP20714\src\de\js\LURegWMI.exe [PE_LUDER.A]
D:\I386\Apps\APP20714\src\de\js\LUSetup\LUSETUP.EXE [PE_LUDER.A]
D:\I386\Apps\APP20714\src\en\JS\LUREGWMI.EXE [PE_LUDER.A]
D:\I386\Apps\APP20714\src\en\JS\LUSETUP\LUSETUP.EXE [PE_LUDER.A]
D:\I386\Apps\APP20714\src\es\JS\LURegWMI.exe [PE_LUDER.A]
D:\I386\Apps\APP20714\src\es\JS\LUSetup\LUSETUP.EXE [PE_LUDER.A]
D:\I386\Apps\APP20714\src\fi\js\LURegWMI.exe [PE_LUDER.A]
D:\I386\Apps\APP20714\src\fi\js\LUSetup\LUSETUP.EXE [PE_LUDER.A]
D:\I386\Apps\APP20714\src\fr\JS\LURegWMI.exe [PE_LUDER.A]
D:\I386\Apps\APP20714\src\fr\JS\LUSetup\LUSETUP.EXE [PE_LUDER.A]
D:\I386\Apps\APP20714\src\it\js\LURegWMI.exe [PE_LUDER.A]
D:\I386\Apps\APP20714\src\it\js\LUSetup\LUSETUP.EXE [PE_LUDER.A]
D:\I386\Apps\APP20714\src\ko\JS\LUREGWMI.EXE [PE_LUDER.A]
D:\I386\Apps\APP20714\src\ko\JS\LUSETUP\LUSETUP.EXE [PE_LUDER.A]
D:\I386\Apps\APP20714\src\nl\js\LURegWMI.exe [PE_LUDER.A]
D:\I386\Apps\APP20714\src\nl\js\LUSetup\LUSETUP.EXE [PE_LUDER.A]
D:\I386\Apps\APP20714\src\no\js\LURegWMI.exe [PE_LUDER.A]
D:\I386\Apps\APP20714\src\no\js\LUSetup\LUSETUP.EXE [PE_LUDER.A]
D:\I386\Apps\APP20714\src\pt\js\LURegWMI.exe [PE_LUDER.A]
D:\I386\Apps\APP20714\src\pt\js\LUSetup\LUSETUP.EXE [PE_LUDER.A]
D:\I386\Apps\APP20714\src\sv\js\LURegWMI.exe [PE_LUDER.A]
D:\I386\Apps\APP20714\src\sv\js\LUSetup\LUSETUP.EXE [PE_LUDER.A]
D:\I386\Apps\APP20714\src\zh\cn\JS\LUREGWMI.EXE [PE_LUDER.A]
D:\I386\Apps\APP20714\src\zh\cn\JS\LUSETUP\LUSETUP.EXE [PE_LUDER.A]
D:\I386\Apps\APP20714\src\zh\tw\JS\LURegWMI.exe [PE_LUDER.A]
D:\I386\Apps\APP20714\src\zh\tw\JS\LUSETUP\LUSETUP.EXE [PE_LUDER.A]
D:\I386\Apps\APP20714\commands.exe [PE_LUDER.A]
D:\I386\Apps\APP07927\src\CDSTART.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\NAV\EXTERNAL\COMMONFI\SYMSHARE\SMNLNCH.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\NAV\EXTERNAL\NORTON\APP\NAVSTUB.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\NAV\EXTERNAL\NORTON\APP\NAVW32.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\NAV\EXTERNAL\NORTON\APP\QCONSOLE.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\NAV\EXTERNAL\NORTON\APP\SAVSCAN.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\NAV\EXTERNAL\NORTON\CCIMSCN.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\NAV\EXTERNAL\NORTON\CFGWIZ.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\NAV\EXTERNAL\NORTON\OPSCAN.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\NAV\OMIGRATE.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SETUP\ASCORE\COMMON\SYMSHARE\ANTISPAM\ASOELNCH.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SETUP\ASCORE\COMMON\SYMSHARE\ANTISPAM\EUDOHELP.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SETUP\FIREWALL\APP\HNETWIZ.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SETUP\ISCOMMON\APP\ALERTAST.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SETUP\ISCOMMON\APP\ALESCAN.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SETUP\ISCOMMON\APP\ALEUPDAT.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SETUP\ISCOMMON\APP\IAMSTATS.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SETUP\ISCOMMON\CCEMFLSV.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SETUP\PCONTROL\APP\URLUPDAT.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SETUP\SETUP\SYMSHARE\ANTISPAM\EUDOHELP.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SETUP\SYMLT\CFGWIZ.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SETUP\SYMLT\SYMSHARE\SMNLNCH.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\CCCOMMON\CCCOMMON\CCLGVIEW.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\CCCOMMON\CCCOMMON\CCPWDSVC.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\CCCOMMON\CCCOMMON\CCSETMGR.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\CCCOMMON\CCCOMMON\NMAIN.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\FRE\FREMSI.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\FRE\FREUPDT.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\LIVEREG\SYMCSUB.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\LIVEREG\VCCLNUP.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\LIVEREG\VCSETUP.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\NISTOOLS\ISRLRSTR.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\PROXY\CCPXYCRE\CCPROXY.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\SEVINST\SEVINST.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\SPBBC\SPBBC\SYMSHARE\SPBBC\UPDMGR.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\SYMLNCH\SYMLNCH.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\SYMNET\SYMNET\SYMSHARE\IDS\IDSINST.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\SYMNET\SYMNET\SYMSHARE\SNDINST.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\SYMNET\SYMNET\SYMSHARE\SNDSRVC.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\SYMSC\SYMWMIAV\SYMSC\USRPRMPT.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SUPPORT\SYMSC\SYMWMIIS\SYMSC\USRPRMPT.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\src\SYMSETUP.EXE [PE_LUDER.A]
D:\I386\Apps\APP07927\commands.exe [PE_LUDER.A]
D:\I386\Apps\APP28691\HPBootOp\Setup.Exe [PE_LUDER.A]
D:\I386\Apps\APP28691\commands.exe [PE_LUDER.A]
D:\I386\Apps\APP08791\commands.exe [PE_LUDER.A]
D:\I386\Drv\APP20021\executable\PCIFINDX.exe [PE_LUDER.A]
D:\I386\Drv\APP20021\PCIFINDX.exe [PE_LUDER.A]
D:\I386\Drv\APP20021\commands.exe [PE_LUDER.A]
D:\I386\Drv\APP14335\executable\PCIFINDX.exe [PE_LUDER.A]
D:\I386\Drv\APP14335\PCIFINDX.exe [PE_LUDER.A]
D:\I386\Drv\APP14335\commands.exe [PE_LUDER.A]
D:\I386\Drv\APP22099\PCIFINDX.exe [PE_LUDER.A]
D:\I386\Drv\APP22099\commands.exe [PE_LUDER.A]
D:\I386\Drv\APP14164\executable\PCIFINDX.exe [PE_LUDER.A]
D:\I386\Drv\APP14164\PCIFINDX.exe [PE_LUDER.A]
D:\I386\Drv\APP14164\src\Alcxmntr.exe [PE_LUDER.A]
D:\I386\Drv\APP14164\src\SoundMan.exe [PE_LUDER.A]
D:\I386\Drv\APP14164\commands.exe [PE_LUDER.A]
D:\I386\Drv\APP03211\PCIFINDX.exe [PE_LUDER.A]
D:\I386\Drv\APP03211\commands.exe [PE_LUDER.A]
D:\I386\Drv\APP29671\PCIFINDX.exe [PE_LUDER.A]
D:\I386\Drv\APP29671\commands.exe [PE_LUDER.A]
D:\I386\Drv\APP19201\executable\PCIFINDX.exe [PE_LUDER.A]
D:\I386\Drv\APP19201\PCIFINDX.exe [PE_LUDER.A]
D:\I386\Drv\APP19201\src\HXFSetup.exe [PE_LUDER.A]
D:\I386\Drv\APP19201\src\Setup.exe [PE_LUDER.A]
D:\I386\Drv\APP19201\commands.exe [PE_LUDER.A]
D:\I386\Drv\APP05820\PCIFINDX.exe [PE_LUDER.A]
D:\I386\Drv\APP05820\commands.exe [PE_LUDER.A]
D:\I386\Drv\APP04130\PCIFINDX.exe [PE_LUDER.A]
D:\I386\Drv\APP04130\commands.exe [PE_LUDER.A]
D:\I386\Drv\APP01875\PCIFINDX.exe [PE_LUDER.A]
D:\I386\Drv\APP01875\commands.exe [PE_LUDER.A]
D:\I386\Drv\APP15680\PCIFINDX.exe [PE_LUDER.A]
D:\I386\Drv\APP15680\src\HcwDriverInstall.exe [PE_LUDER.A]
D:\I386\Drv\APP15680\commands.exe [PE_LUDER.A]
D:\I386\Drv\APP17486\KBUPDATE.EXE [PE_LUDER.A]
D:\I386\Drv\APP17486\src\CreateVF.exe [PE_LUDER.A]
D:\I386\Drv\APP17486\src\kbd.exe [PE_LUDER.A]
D:\I386\Drv\APP17486\src\RunReg.exe [PE_Luder.A]
D:\I386\Drv\APP17486\static\Common\hpkey.exe [PE_LUDER.A]
D:\I386\Drv\APP17486\commands.exe [PE_LUDER.A]
D:\I386\Drv\APP26335\commands.exe [PE_LUDER.A]
D:\MiniNT\system32\attrib.exe [PE_LUDER.A]
D:\MiniNT\system32\autofmt.exe [PE_LUDER.A]
D:\MiniNT\system32\Bootini.exe [PE_LUDER.A]
D:\MiniNT\system32\BSUpdate.exe [PE_LUDER.A]
D:\MiniNT\system32\chkdsk.exe [PE_LUDER.A]
D:\MiniNT\system32\cmd.exe [PE_LUDER.A]
D:\MiniNT\system32\cmd2.exe [PE_LUDER.A]
D:\MiniNT\system32\csrss.exe [PE_LUDER.A]
D:\MiniNT\system32\DblRes.exe [PE_LUDER.A]
D:\MiniNT\system32\drivers\PROUnstl.exe [PE_LUDER.A]
D:\MiniNT\system32\DSKPART.EXE [PE_LUDER.A]
D:\MiniNT\system32\Eject.exe [PE_LUDER.A]
D:\MiniNT\system32\expand.exe [PE_LUDER.A]
D:\MiniNT\system32\FATFMT32.EXE [PE_LUDER.A]
D:\MiniNT\system32\IPCONFIG.EXE [PE_LUDER.A]
D:\MiniNT\system32\LABEL.EXE [PE_LUDER.A]
D:\MiniNT\system32\LogViewer.exe [PE_LUDER.A]
D:\MiniNT\system32\lsass.exe [PE_LUDER.A]
D:\MiniNT\system32\makecab.exe [PE_LUDER.A]
D:\MiniNT\system32\mount.exe [PE_LUDER.A]
D:\MiniNT\system32\NET.EXE [PE_LUDER.A]
D:\MiniNT\system32\nvuide.exe [PE_LUDER.A]
D:\MiniNT\system32\OwnerPatch.exe [PE_LUDER.A]
D:\MiniNT\system32\PAGEFILE.EXE [PE_LUDER.A]
D:\MiniNT\system32\regedit.exe [PE_LUDER.A]
D:\MiniNT\system32\Restore.exe [PE_LUDER.A]
D:\MiniNT\system32\ShutDown.exe [PE_LUDER.A]
D:\MiniNT\system32\start.exe [PE_LUDER.A]
D:\MiniNT\system32\svchost.exe [PE_LUDER.A]
D:\MiniNT\system32\taskmgr.exe [PE_LUDER.A]
D:\MiniNT\system32\winlogon.exe [PE_LUDER.A]
D:\MiniNT\system32\xcopy.exe [PE_LUDER.A]
D:\MiniNT\system32\xlog.exe [PE_LUDER.A]
D:\MiniNT\system32\EQNDIAG.EXE [PE_LUDER.A]
D:\MiniNT\system32\EQNLOGR.EXE [PE_LUDER.A]
D:\MiniNT\system32\NTSD.EXE [PE_LUDER.A]
D:\MiniNT\system32\ODBCAD32.EXE [PE_LUDER.A]
D:\MiniNT\system32\ODBCCONF.EXE [PE_LUDER.A]
D:\MiniNT\system32\PEER.EXE [PE_LUDER.A]
D:\MiniNT\system32\PORTMON.EXE [PE_LUDER.A]
D:\MiniNT\system32\PROUnstl.exe [PE_LUDER.A]
D:\MiniNT\system32\FACTORY.EXE [PE_LUDER.A]
D:\TOOLS\windows\creator\ToolsCDLauncher.exe [PE_LUDER.A]
16691 files have been read.
16691 files have been checked.
15695 files have been scanned.
29201 files have been scanned. (including files in archived)
340 files containing viruses.
Found 340 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/1/2007 11:07:04
---------*---------*---------*---------*---------*---------*---------*---------*
2007-01-01, 11:07:05, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 1/1/2007 10:18:02
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 153 (148180 Patterns) (2006/12/31) (415300)
Command Line: C:\Documents and Settings\HP_Administrator\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\HP_Administrator\Desktop\SysClean

Success Clean [ PE_LUDER.A]( 6347) from D:\Info.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\cmdcons\autofmt.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\DRW\DWWIN.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\EXPAND.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\NETSETUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\NTSD.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\attrib.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\autofmt.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\Bootini.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\BSUpdate.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\chkdsk.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\cmd.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\cmd2.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\csrss.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\DblRes.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\DSKPART.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\Eject.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\expand.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\FATFMT32.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\IPCONFIG.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\LABEL.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\LogViewer.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\lsass.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\makecab.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\mount.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\NET.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\nvuide.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\OwnerPatch.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\PAGEFILE.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\regedit.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\Restore.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\ShutDown.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\start.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\svchost.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\taskmgr.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\winlogon.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\xcopy.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\SYSTEM32\xlog.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP17837\src\jre-1_5_0-windows-i586.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP17837\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP03365\src\rp10-1059-hp-br-setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP03365\src\rp10-1059-hp-cn-setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP03365\src\rp10-1059-hp-de-setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP03365\src\rp10-1059-hp-en-setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP03365\src\rp10-1059-hp-es-setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP03365\src\rp10-1059-hp-fr-setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP03365\src\rp10-1059-hp-it-setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP03365\src\rp10-1059-hp-ja-setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP03365\src\rp10-1059-hp-ko-setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP03365\src\rp10-1059-hp-tw-setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP03365\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP05627\src\SC_AUDIO_202\BIN\MRating.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP05627\src\SC_COPY_202\BIN\MRating.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP05627\src\SC_DATA_202\BIN\MRating.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP05627\src\setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP05627\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{049D60AF-B425-4F8A-BD66-9D8C1B519D59}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{0814ADC6-5B36-4144-A8EA-439C36B1BB11}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{0AA27562-3C4E-4860-8742-7ADEBE2EFC43}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{0C20CAB1-F8BC-4AC1-A796-535B005C1B83}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{1280194E-E9D5-4253-95E7-40169E2A4848}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{133F647D-B454-42BC-ADBE-387482A29B88}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{1B497FAA-E53E-420D-8408-FFDD3278CD50}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{1FFA88DF-0AC3-4D9E-9139-5FF98813C12C}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{2BA80327-9385-4EC8-9796-47C49BD73352}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{3D61540E-C88C-4358-B6A1-DC26648F2A3D}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{47D5A62B-1B41-4DB1-8267-ADA434FA782B}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{538B9061-0C77-4FB2-903F-EC42A1FF5DD8}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{55275778-F7D9-4BA0-95F4-DEFD71ADDFD9}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{581538B9-2ED3-45E2-96CB-22AD8F811D2A}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{5DAA9E44-1B31-41CD-88A8-228EDED6E36E}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{600C800C-5985-4E74-AFE7-571001AC3FA4}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{758619C0-7C97-42BB-B1E9-775F72FDAD1E}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{90EA5584-4290-407B-B8F2-D6E6D65A4796}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{A09026AE-8F16-4929-B4E6-1825535844DB}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{A51671BD-9BE5-4944-AC62-A2A0B6FF5E54}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{A73FAC36-8925-465D-8FA2-4DA98BD9B441}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{B3FF79F4-CDA8-4845-A7C0-9CE017719F36}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{B68BB501-10CD-46E2-BB45-075A2ABFD242}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{B7217206-A362-446B-A0F7-A2622B82F821}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{D77E8A46-BEB4-49ED-B2D3-B77180169FA3}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{E59F75D0-A38B-40F4-ABA2-CA35A7735473}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\games\{EC03679F-C9F0-46E8-864D-FCCF83F4EB86}.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\other\FullSetupGamesClient-hpmedia.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\src\install\Worldwide-MediaCenter\progfiles\Apps\lic.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP18958\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\CONTENT.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\IMGCHS.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\IMGCHT.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\IMGDAN.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\IMGDEU.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\IMGENU.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\IMGESN.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\IMGFIN.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\IMGFRA.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\IMGITA.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\IMGJPN.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\IMGKOR.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\IMGNLD.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\IMGNOR.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\IMGPTB.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\IMGPTG.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\IMGSVE.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\TUTCHS.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\TUTCHT.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\TUTDAN.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\TUTDEU.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\TUTENU.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\TUTESN.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\TUTFIN.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\TUTFRA.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\TUTITA.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\TUTJPN.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\TUTKOR.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\TUTNLD.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\TUTNOR.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\TUTPTB.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\TUTPTG.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\src\BIN\TUTSVE.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP26443\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP32211\src\3rdPartyApp\aspiinst.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP32211\src\3rdPartyApp\HHUPD.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP32211\src\3rdPartyApp\InstallShieldUpdateService.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP32211\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP15274\src\AdbeRdr70_enu_full_hp.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP15274\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP10759\src\Setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP10759\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP27835\src\AUTORUN.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP27835\src\MONEY\COPYMAR.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP27835\src\MONEY\DW.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP27835\src\MONEY\MSMONEY.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP27835\src\MONEY\SALV.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP27835\src\PSS\MDACOMP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP27835\src\PSS\MNYCLEAN.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP27835\src\PSS\MSICU.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP27835\src\PSS\MSICUU.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP27835\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP09014\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\AUTORUN.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\COMMON\MSSHARED\MSDRAW\MSDRAW.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\COMMON\MSSHARED\WKSHARED\DW15.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\COMMON\MSSHARED\WKSHARED\WKSCAL.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\PFILES\MSWORKS\WKDSTORE.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\PFILES\MSWORKS\WKGDCACH.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\PFILES\MSWORKS\WKLNCKML.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\PFILES\MSWORKS\WKSDB.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\PFILES\MSWORKS\WKSDICT.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\PFILES\MSWORKS\WKSSB.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\PFILES\MSWORKS\WKSSS.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\PFILES\MSWORKS\WKSWP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\PSS\MSICU.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\PSS\MSICUU.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\PSS\WKS2KLL.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\PSS\WKS6.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\PSS\WKS6W2K.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\PSS\WKSW2K.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\REDIST\MDAC\MDAC_TYP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\src\MSWORKS\SETUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP22384\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP21131\src\English\iTunesSetup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP21131\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP13907\src\muveeInstall\setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP13907\src\muveeInstall\wmfdist.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP13907\src\setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP13907\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP21763\src\muveeInstall\setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP21763\src\setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP21763\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP13680\src\custom\program\Qnue\custom\host.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP13680\src\custom\program\Qnue\custom\video.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP13680\src\DISK1\msaa20\setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP13680\src\DISK1\msaardk.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP13680\src\DISK1\setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP13680\src\install.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP13680\src\tools\sanitize.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP13680\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP16319\pcdr\setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP16319\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP08043\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP15069\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP04553\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\da\js\LURegWMI.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\da\js\LUSetup\LUSETUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\de\js\LURegWMI.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\de\js\LUSetup\LUSETUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\en\JS\LUREGWMI.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\en\JS\LUSETUP\LUSETUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\es\JS\LURegWMI.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\es\JS\LUSetup\LUSETUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\fi\js\LURegWMI.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\fi\js\LUSetup\LUSETUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\fr\JS\LURegWMI.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\fr\JS\LUSetup\LUSETUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\it\js\LURegWMI.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\it\js\LUSetup\LUSETUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\ko\JS\LUREGWMI.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\ko\JS\LUSETUP\LUSETUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\nl\js\LURegWMI.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\nl\js\LUSetup\LUSETUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\no\js\LURegWMI.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\no\js\LUSetup\LUSETUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\pt\js\LURegWMI.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\pt\js\LUSetup\LUSETUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\sv\js\LURegWMI.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\sv\js\LUSetup\LUSETUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\zh\cn\JS\LUREGWMI.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\zh\cn\JS\LUSETUP\LUSETUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\zh\tw\JS\LURegWMI.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\src\zh\tw\JS\LUSETUP\LUSETUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP20714\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\CDSTART.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\NAV\EXTERNAL\COMMONFI\SYMSHARE\SMNLNCH.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\NAV\EXTERNAL\NORTON\APP\NAVSTUB.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\NAV\EXTERNAL\NORTON\APP\NAVW32.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\NAV\EXTERNAL\NORTON\APP\QCONSOLE.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\NAV\EXTERNAL\NORTON\APP\SAVSCAN.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\NAV\EXTERNAL\NORTON\CCIMSCN.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\NAV\EXTERNAL\NORTON\CFGWIZ.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\NAV\EXTERNAL\NORTON\OPSCAN.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\NAV\OMIGRATE.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SETUP\ASCORE\COMMON\SYMSHARE\ANTISPAM\ASOELNCH.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SETUP\ASCORE\COMMON\SYMSHARE\ANTISPAM\EUDOHELP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SETUP\FIREWALL\APP\HNETWIZ.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SETUP\ISCOMMON\APP\ALERTAST.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SETUP\ISCOMMON\APP\ALESCAN.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SETUP\ISCOMMON\APP\ALEUPDAT.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SETUP\ISCOMMON\APP\IAMSTATS.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SETUP\ISCOMMON\CCEMFLSV.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SETUP\PCONTROL\APP\URLUPDAT.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SETUP\SETUP\SYMSHARE\ANTISPAM\EUDOHELP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SETUP\SYMLT\CFGWIZ.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SETUP\SYMLT\SYMSHARE\SMNLNCH.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\CCCOMMON\CCCOMMON\CCLGVIEW.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\CCCOMMON\CCCOMMON\CCPWDSVC.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\CCCOMMON\CCCOMMON\CCSETMGR.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\CCCOMMON\CCCOMMON\NMAIN.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\FRE\FREMSI.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\FRE\FREUPDT.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\LIVEREG\SYMCSUB.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\LIVEREG\VCCLNUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\LIVEREG\VCSETUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\NISTOOLS\ISRLRSTR.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\PROXY\CCPXYCRE\CCPROXY.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\SEVINST\SEVINST.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\SPBBC\SPBBC\SYMSHARE\SPBBC\UPDMGR.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\SYMLNCH\SYMLNCH.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\SYMNET\SYMNET\SYMSHARE\IDS\IDSINST.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\SYMNET\SYMNET\SYMSHARE\SNDINST.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\SYMNET\SYMNET\SYMSHARE\SNDSRVC.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\SYMSC\SYMWMIAV\SYMSC\USRPRMPT.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SUPPORT\SYMSC\SYMWMIIS\SYMSC\USRPRMPT.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\src\SYMSETUP.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP07927\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP28691\HPBootOp\Setup.Exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP28691\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Apps\APP08791\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP20021\executable\PCIFINDX.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP20021\PCIFINDX.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP20021\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP14335\executable\PCIFINDX.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP14335\PCIFINDX.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP14335\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP22099\PCIFINDX.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP22099\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP14164\executable\PCIFINDX.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP14164\PCIFINDX.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP14164\src\Alcxmntr.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP14164\src\SoundMan.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP14164\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP03211\PCIFINDX.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP03211\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP29671\PCIFINDX.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP29671\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP19201\executable\PCIFINDX.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP19201\PCIFINDX.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP19201\src\HXFSetup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP19201\src\Setup.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP19201\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP05820\PCIFINDX.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP05820\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP04130\PCIFINDX.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP04130\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP01875\PCIFINDX.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP01875\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP15680\PCIFINDX.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP15680\src\HcwDriverInstall.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP15680\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP17486\KBUPDATE.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP17486\src\CreateVF.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP17486\src\kbd.exe
Success Clean [ PE_Luder.A]( 6726) from D:\I386\Drv\APP17486\src\RunReg.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP17486\static\Common\hpkey.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP17486\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\I386\Drv\APP26335\commands.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\attrib.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\autofmt.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\Bootini.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\BSUpdate.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\chkdsk.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\cmd.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\cmd2.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\csrss.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\DblRes.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\drivers\PROUnstl.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\DSKPART.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\Eject.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\expand.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\FATFMT32.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\IPCONFIG.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\LABEL.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\LogViewer.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\lsass.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\makecab.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\mount.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\NET.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\nvuide.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\OwnerPatch.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\PAGEFILE.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\regedit.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\Restore.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\ShutDown.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\start.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\svchost.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\taskmgr.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\winlogon.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\xcopy.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\xlog.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\EQNDIAG.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\EQNLOGR.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\NTSD.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\ODBCAD32.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\ODBCCONF.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\PEER.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\PORTMON.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\PROUnstl.exe
Success Clean [ PE_LUDER.A]( 6347) from D:\MiniNT\system32\FACTORY.EXE
Success Clean [ PE_LUDER.A]( 6347) from D:\TOOLS\windows\creator\ToolsCDLauncher.exe
16691 files have been read.
16691 files have been checked.
15695 files have been scanned.
29201 files have been scanned. (including files in archived)
340 files containing viruses.
Found 340 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/1/2007 11:07:04 48 minutes 40 seconds (2920.55 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-01-01, 11:07:05, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 1/1/2007 10:18:02
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 153 (148180 Patterns) (2006/12/31) (415300)
Command Line: C:\Documents and Settings\HP_Administrator\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\HP_Administrator\Desktop\SysClean

16691 files have been read.
16691 files have been checked.
15695 files have been scanned.
29201 files have been scanned. (including files in archived)
340 files containing viruses.
Found 340 viruses totally.
Maybe 0 viruses totally.
Stop At : 1/1/2007 11:07:04 48 minutes 40 seconds (2920.55 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2007-01-01, 11:07:05, Scanner "C:\Documents and Settings\HP_Administrator\Desktop\SysClean\VSCANTM.BIN" has fini

[Advertisements]

There is probably still more to clean so let's do another scan:

* Go here and do the BitDefender online virus scan.

• Click "I Agree" to agree to the EULA.
• Allow the ActiveX control to install when prompted.
• Click "Click here to scan" to begin the scan.
• Please refrain from using the computer until the scan is finished.
• When the scan is finished, click on "Click here to export the scan results"
• Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

[Flrman1]

There is probably still more to clean so let's do another scan:

* Go here and do the BitDefender online virus scan.

• Click "I Agree" to agree to the EULA.
• Allow the ActiveX control to install when prompted.
• Click "Click here to scan" to begin the scan.
• Please refrain from using the computer until the scan is finished.
• When the scan is finished, click on "Click here to export the scan results"
• Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

[aoshi26]

This may seem like a stupid question but do you want the Hijackthis log posted or attached. Im assuming posted but want to make sure.

[aoshi26]

Umm its not letting me attach the bitdefender scan results, it gives me an error that says the filespace required to upload all the attached files is greater than my perpost or global limit. What should I do with the bitdefender results, aI also tried to post them in a reply byitself as an attachment its still too large. Here is the Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 12:45:25 PM, on 1/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

Edited by aoshi26, 01 January 2007 - 12:55 PM.

[Flrman1]

Put the BitDefender log in a zipped folder and attach a copy of that zipped folder and send it to me here. Put "Files from GTG" in the Subject line and include a link to this thread so I'll know where it came from.

[Flrman1]

Always copy and paste the Hijack This logs unless otherwise requested.

The BitDefender scan cleaned a lot, but there were so many infected files I want to be sure we get them all and these online scans are the easiest way to get them all. Please bear with me here. We'll get there eventually.

I want to do at least two more scans. We'll do one more scan similar to the last one that cleans what it finds then we'll go back to the Kaspersky scan that I had you do first and run it again. We'll have to manually remove any that may be left then because the Kaspersky scan doesn't clean them.

First go ahead and do this scan:

* Go here and run the F-Secure Online Scanner.

• Follow the Instructions on the F-Secure page for proper installation.
• Accept the License Agreement.
• After the ActiveX installs,Click Full System Scan
• When the download completes,the scan will begin automatically.
• The scan will take some time to finish,so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
• Click the Show Report button and Copy&Paste the entire report in your next reply along with a new Hijack This log.

Note: You have to use Internet Explorer to do the scan.

After I see those results, we'll do the Kaspersky scan again. Hopefully that will be the last one we have to do.

Is the pc behaving any better yet?

[aoshi26]

Here is the F Secure report, I had to run it twice. The first time it froze up in the middle of cleaning. Yes the pc is running a lot better now.

Scanning Report
Monday, January 01, 2007 22:57:59 - 23:24:19

Computer name: YOUR-B27FB1C401
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 0 malware found
Statistics
Scanned:

* Files: 29229
* System: 5639
* Not scanned: 3

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 0
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2006-12-29
* F-Secure AVP: 7.0.171, 2007-01-02
* F-Secure Orion: 1.2.37, 2006-12-29
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Draco: 1.0.35, 0260-02-44
* F-Secure Pegasus: 1.19.0, 2006-11-19

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.



Here is the Hijack report

Logfile of HijackThis v1.99.1
Scan saved at 11:26:41 PM, on 1/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

[Flrman1]

* Run Kaspersky online virus scan here.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from Kaspersky scan

[aoshi26]

Here is the Kaspersky scan results

Tuesday, January 02, 2007 1:50:26 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/01/2007
Kaspersky Anti-Virus database records: 255628
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Scan Statistics
Total number of scanned objects 75147
Number of viruses found 7
Number of infected objects 15 / 0
Number of suspicious objects 0
Duration of the scan process 00:39:03

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007010220070103\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\_hphtra07.log Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Administrator\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000007.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\3B.tmp/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\3B.tmp/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\3B.tmp ZIP: infected - 2 skipped
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\3B.tmp CryptFF.b: infected - 2 skipped
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\3C.tmp/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\3C.tmp/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\3C.tmp/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\3C.tmp ZIP: infected - 3 skipped
C:\Program Files\Trend Micro\Antivirus\QUARANTINE\3C.tmp CryptFF.b: infected - 3 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{E924C4F8-D669-49FC-BA70-320C4C95C164}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B6A6A72B-4658-42B1-A70C-CF4DB07E2682}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\GAME1.0XE Infected: Trojan-Downloader.Win32.Tibs.jy skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.


Here is the Hijack


Logfile of HijackThis v1.99.1
Scan saved at 1:52:41 PM, on 1/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

[Flrman1]

The only infected files that found are either in Trends quarantine and harmless and it is falsely detecting part of Smitfraudfix as a virus which is quite common.

Go ahead and delete the Smitfraudfix files you have.

How is the pc behaving now?

[aoshi26]

its working a lot better now thanks for the help.

[Flrman1]

You're Welcome!

* If I had you use Killbox to delete any files, go ahead and delete the C:\!Killbox folder then empty the Recycle Bin.


* Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.


* Go to Windows update and install all "High Priority Updates".


* Now turn off System Restore:

On the Desktop, right-click My Computer.
Click "Properties".
Click the "System Restore" tab.
Put a check by "Turn off System Restore on all drives".
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To turn System Restore back on:

On the Desktop, right-click My Computer.
Click "Properties".
Click the "System Restore" tab.
Remove the check by "Turn off System Restore on all drives".
Click Apply, and then click OK.

To create a restore point:

Single-click "Start" and point to "All Programs".
Mouse over "Accessories", then "System Tools", and select "System Restore".
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the "Next" button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click "Create" and you're done.

[Flrman1]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.