If it was fat32 before you could try reformatting again with this option instead of ntfs. Can you see what files are on it?

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=550

Is WinPCap something you installed? Do you need it? I suggest you either remove it or update to the current version.

It was fat and ntfs only, so i cant format it. And i cannot open that usb stick now. Ok, i remove WinPCap already. And i using spybot search and destroy scan my pc, the result is my pc clean, did it really clean now??

The software i using now is spybot, spyware termonator and avast

I don’t think this is related to the repair install. Do you have a format utility from the USB stick manufacturer or are you using Windows’?

The only thing left, that I was aware of, was C:\WINDOWS\system32\msavpw1.dll and whatever was bring it back. If that’s gone for good now I would say you are clean.

Normally I would suggest celaning temp files and deleteing old restore points now but, after a repair install, I don’t think it s necessary.

I using windows and the msavpw1.dll i cant find in the system32 folder. OTMoveit result should be file not found but i still can delete it and remove success. Quite weird

Well, i hv a memory card that using at home only. That day we scan out dont hv anything, and i using it also show safely. But today suddenly contain flash.10.setup.exe in the autorun.inf then avast detect win32:VB-EHR[trj] in that memory card when i double click on that memory card. All 3 files that detect name flash.10.setup.exe, scanner.exe and love calculator.exe. I dun hv this 3 files before.

Flash.10.exe virus is B to remove. I am currently working one on Geeks to Go. If you have let the virus run then you will lose the option to look at folders, run task manager and use the command prompt

You will need to run this registry fix

REGISTRY FIX

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
“NoFind”=-
“NoFolderOptions”=-
“DisableCMD”=-
“DisableTaskMgr”=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
“HideFileExt” =0
“ShowSuperHidden” =1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Shell”=“Explorer.exe”

Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop
http://img127.imageshack.us/img127/433/regtg8.jpg

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

Then reset the permissions and try to delete the main infectors

FILE DELETION

@Echo off attrib -s -r -h "C:\Windows\SYSTEM32\Flash.10.exe" del /q "C:\Windows\SYSTEM32\Flash.10.exe" attrib -s -r -h "C:\Windows\SYSTEM32\JambanMu.com" del /q "C:\Windows\SYSTEM32\JambanMu.com" quit

I will need you to create the delete.bat to do that copy and paste ALL of the above in the quote box to a notepad file.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type delete.bat
This will create a delete.bat file on your desktop
To use this file you will need to left click the icon a black box may briefly appear and you are done

Then Locate the following files/folders on your system and delete them (first I would recommend copying and zipping to Avast for analysis)

C:\Windows\System32\CMD.COM
C:\Windows\System32\DXDIAG.COM
C:\Windows\System32\FLASH.10.EXE
C:\Windows\System32\JAMBANMU.COM
C:\Windows\System32\MSCONFIG.COM
C:\Windows\System32\PING.COM
C:\Windows\System32\REGEDIT.COM
C:\Documents and Settings%User%\My Documents\MY SECRET.FOLD
C:\Documents and Settings%User%\My Documents\My Music\NEW SONG.LAGU
C:\Documents and Settings%User%\My Documents\My Music\NEW VIDEO.VIDZ
C:\Documents and Settings%Use%r\My Documents\My Pictures\AWEKS.PIKZ
C:\Documents and Settings%User%\My Documents\My Pictures\SERAM.PIKZ
C:\Program Files\Common Files\Microsoft Shared\MACROMEDIA.10.EXE
C:\Program Files\Common Files\Microsoft Shared\DAO\MSN.MSN
C:\Documents and Settings%User%\Start Menu\Programs\Startup(EMPTY).EMPTY

This is a new variant from the far east

Ok, i cant merge the fix.reg after doing what u ask. It show a error that say that is not a win32 application. Then files u ask me to found i cant found it but under this 2 i found .exe.

C:\Windows\System32\CMD.COM
C:\Windows\System32\DXDIAG.COM

mauserme, we find the C:\WINDOWS\system32\msavpw1.dll already. It really not clean up from system32, and i know where it locate already. Should we delete through from windows?? This is after virustotal scan result.

Antivirus Version Last Update Result
AhnLab-V3 2007.9.22.0 2007.09.21 -
AntiVir 7.6.0.15 2007.09.21 TR/Spy.Gen
Authentium 4.93.8 2007.09.21 -
Avast 4.7.1043.0 2007.09.21 -
AVG 7.5.0.485 2007.09.21 PSW.OnlineGames.FLV
BitDefender 7.2 2007.09.21 BehavesLike:Trojan.ShellHook
CAT-QuickHeal 9.00 2007.09.21 -
ClamAV 0.91.2 2007.09.21 -
DrWeb 4.33 2007.09.21 BACKDOOR.Trojan
eSafe 7.0.15.0 2007.09.19 -
eTrust-Vet 31.2.5153 2007.09.21 Win32/Inhoo!generic
Ewido 4.0 2007.09.20 -
FileAdvisor 1 2007.09.21 High threat detected
Fortinet 3.11.0.0 2007.09.21 W32/Small.CD48!tr
F-Prot 4.3.2.48 2007.09.21 -
F-Secure 6.70.13030.0 2007.09.21 W32/Malware.AFEA
Ikarus T3.1.1.12 2007.09.21 BehavesLikeWin32.ExplorerHijack
Kaspersky 4.0.2.24 2007.09.21 -
McAfee 5125 2007.09.21 -
Microsoft 1.2803 2007.09.21 Trojan:Win32/AgentBypass.gen!G
NOD32v2 2544 2007.09.21 probably a variant of Win32/Genetik
Norman 5.80.02 2007.09.21 W32/Malware.AFEA
Panda 9.0.0.4 2007.09.21 Generic Trojan
Prevx1 V2 2007.09.21 -
Rising 19.41.42.00 2007.09.21 Trojan.PSW.Win32.OnlineGames.xuf
Sophos 4.21.0 2007.09.21 Mal/Behav-010
Sunbelt 2.2.907.0 2007.09.20 Win32.ExplorerHijack
Symantec 10 2007.09.21 Infostealer.Gampass
TheHacker 6.2.5.064 2007.09.21 -
VBA32 3.12.2.4 2007.09.20 suspected of Trojan-PSW.Game.58 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.09.21 -
Webwasher-Gateway 6.0.1 2007.09.21 Trojan.Spy.Gen
Additional information
File size: 27136 bytes
MD5: df2b99ae949759f752b89191fc5244ba
SHA1: 20d01f5f661b54062c81f4cba1d617e2a464d3ad
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=df2b99ae949759f752b89191fc5244ba

Hi calciver. I’m not ignoring you - I want to go through your logs again and figure out a way to make this file disappear once and for all. My time has not been my own this week but I should be able to delve in deeper this weekend.

In regard to the USB stick, have you checked the manufacturere’s web site to see if they have a format utility? It may work better than Windows if they have one available.

EDIT: I didn’t see Essexboy’s response until just now. Do everything he says …

@ Essexboy

Ta

We deleted a mountpoints2 reg entry for the E: drive several pages back but when we looked for flash.10.setup.exe on E: it coulnd’t be found.

Thx, I already format the memory card and work normally already. I think that may be infected when i take my memory card check at the shop, it going some problem in my handphone. I make the fix.reg as Essexboy tell me but it cant be merge.

Edit: Its ok, everyone got work also, good luck for your own things

No probs if it couldn’t merge then you had not run the virus on your main system Good luck

Holly fricken cow. :
You all have worked so hard for him!
I only read the first page and 13, 14, but holly cow. This guy needs to buy you all beer or something. ;D
Good work.

To keep up with the spirit of giving and to test my stuff against this one, Caciver, if you get reinfected, and I think you will because of the damage and holes left by the monster, log in for a free est, www.virusSWAT.com Services, Free Estimate. When asked for info about your issues, ask for Dean, say you are from this forum, I will hook ya up with our PC Barricade, (I will keep the Avast and not use Trend though).
Please do it on Monday if you do.

Hoho~ If i can i will do for it ;D. Sake for all at here. But dewild1, the site u gv me i really not very understand how to use it.

Is C:\WINDOWS\system32\msavpw1.dll still on your computer?

Yup, it still on C:\WINDOWS\system32 but at other location. Spend long time and eyes almost spoilt to get it out. I hv try remove with OTMoveit, result same. After delete then come back.

LOL. The guy who did our web site it too smart. Does not know how to do things simple! We are working on it.
Here is a direct link, please do not do it till monday cuz I am playing with my kids. http://www.virusswat.com/help/default.asp?2339

I’ve had some conversation with Essexboy about this and I think we should try the deletion method he posted several pages back (ta to Essexboy for sharing with me once again):

1. Please download The Avenger by Swandog46 to your Desktop.
   [*]Click on Avenger.zip to open the file[*]Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

[QUOTE]Files to delete:
C:\WINDOWS\system32\msavpw1.dll
[/quote]

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
   [*] Under “Script file to execute” choose “Input Script Manually”.
   [*]Now click on the Magnifying Glass icon which will open a new window titled “View/edit script”
   [*] Paste the text copied to clipboard into this window by pressing (Ctrl+V).
   [*] Click Done
   [*] Now click on the Green Light to begin execution of the script
   [*] Answer “Yes” twice when prompted.
4. The Avenger will automatically do the following:
   [*]It will Restart your computer. ( In cases where the code to execute contains “Drivers to Unload”, The Avenger will actually restart your system twice.)
   [*]On reboot, it will briefly open a black command window on your desktop, this is normal.
   [*]After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
   [*] The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply

@dewild1

Is there something you can do within the avast! forum. I think we would all like to learn from your abilities.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cefnpyis

Script file located at: ??\C:\Program Files\hcokkltw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

Beginning to process script file:

File C:\WINDOWS\system32\msavpw1.dll deleted successfully.

Completed script processing.

Finished! Terminate.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:20 PM, on 9/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\WinClamAVShield\sp_clamsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\TM Net\Diagnostic Tool\tmnet connect.exe
C:\Program Files\TM Net\tmnet streamyx dialer\fwportal.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe”
O4 - HKLM..\Run: [%FP%TM Net fts.exe] “C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe”
O4 - HKLM..\Run: [StormCodec_Helper] “C:\Program Files\Storm Codec\StormSet.exe” /S /opti
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [COMODO Firewall Pro] “C:\Program Files\Comodo\Firewall\CPF.exe” /background
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\Storm Codec\QTTask.exe” -atboottime
O4 - HKLM..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM..\Run: [SpywareTerminator] “C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe”
O4 - HKLM..\Run: [cnbfayqp] C:\xuwffoua.bat
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O17 - HKLM\System\CCS\Services\Tcpip..{1AC7128B-89DD-482E-9BAB-F1114D458B8F}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

–
End of file - 9197 bytes