Viruses in system32 folder

Again like the topic below me for some reason the viruses started appearing again, the viruses that it notifies me about are all different, update235435345.exe, update756344225.exe ect, and they are all located in the system32 folder. I went into the the same folder that it says they are located but i cant find the files anywhere ??? I have no idea were all of these files are coming from. Anyone know whats wrong?

Hi Steven6767,

Let’s take a closer look at your system.

Download Deckard’s System Scanner (DSS) to your Desktop.
[*]Close all applications and windows.
[*]Double-click on DSS.exe to run it, and follow the prompts.
[*]The scan may take a minute. When the scan is complete, a text file will open - Main.txt
Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard’s System Scanner to run and don’t let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Post the main.txt from the C:\Deckard\System Scanner folder into your next reply.

Ok here it is.

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\ie_updater.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\clcl3.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mine\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\System32\tmp8C.tmp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - C:\wmplayer.dll
O2 - BHO: (no name) - {cb97713c-658a-43a7-8d4f-bffdc4eb9bea} - C:\WINDOWS\system32\din700.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [SoundService] rundll32.exe “C:\WINDOWS\wvvtsr.dll”,setvm
O4 - HKLM..\Run: [BootService] rundll32.exe “C:\WINDOWS\opmkjh.dll”,realset
O4 - HKLM..\Run: [Intel system tool] C:\WINDOWS\System32\svehost.exe
O4 - HKLM..\Run: [clcl3] C:\WINDOWS\System32\clcl3.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”
O4 - HKCU..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MS_update_0612_KB74062.exe
O4 - Global Startup: MS_update_0704_KB74073.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O20 - Winlogon Notify: din700 - C:\WINDOWS\System32\din700.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\System32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - “C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”
O23 - Service: avast! Antivirus - Unknown owner - “C:\Program Files\Alwil Software\Avast4\ashServ.exe”
O23 - Service: avast! Mail Scanner - ALWIL Software - “C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service
O23 - Service: avast! Web Scanner - ALWIL Software - “C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - “C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe”
O23 - Service: ieupdater2 (Microsoft IEUpdater2) - Unknown owner - C:\ie_updater.exe /start
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

– Files created between 2007-03-13 and 2007-04-13 -----------------------------

2008-11-27 18:14:34 56832 -----n— C:\WINDOWS\System32\iyvu9_32.dll
2008-11-27 18:14:34 143872 -----n— C:\WINDOWS\System32\iacenc.dll
2007-04-13 09:45:28 0 d-------- C:\Program Files\IObit
2007-04-13 08:58:21 445440 --a------ C:\wmplayer.dll
2007-04-13 08:57:29 21504 --a------ C:\WINDOWS\System32\jlwadhujvocys.dll<JLWADH~1.DLL>
2007-04-13 08:56:10 16221 --a------ C:\ie_updater.exe<IE_UPD~1.EXE>
2007-04-12 06:44:17 200704 --a------ C:\WINDOWS\System32\teulKit.dll
2007-04-12 06:44:17 0 d-------- C:\Program Files\Netscape
2007-04-12 06:44:16 0 d-------- C:\Program Files\Playnet
2007-04-12 06:41:43 0 d-------- C:\Program Files\CRS
2007-04-11 07:44:41 0 d-------- C:\Documents and Settings\mine\Application Data\SlySoft
2007-04-11 07:43:32 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-04-08 09:44:50 0 d-------- C:\Documents and Settings\mine\Application Data\Azureus
2007-04-07 11:42:13 0 d-------- C:\Documents and Settings\mine\Application Data\SystemRequirementsLab<SYSTEM~1>
2007-04-07 11:42:09 0 d-------- C:\WINDOWS\Sun
2007-04-07 11:42:09 0 d-------- C:\Documents and Settings\mine\Application Data\Sun
2007-04-07 11:41:12 0 d-------- C:\Program Files\Java
2007-04-07 11:41:05 204288 --a------ C:\WINDOWS\System32\clcl3.exe
2007-04-07 11:40:55 73728 --a------ C:\WINDOWS\System32\svehost.exe
2007-04-07 11:39:50 0 d-------- C:\Program Files\Common Files\Java
2007-04-07 11:39:24 671 --a------ C:\WINDOWS\mozver.dat
2007-04-06 13:36:17 646392 --a------ C:\WINDOWS\System32\drivers\sptd.sys
2007-04-04 08:46:38 0 d-------- C:\Documents and Settings\mine\Application Data\Talkback
2007-04-04 08:46:07 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-04 07:13:06 8192 --a------ C:\WINDOWS\System32\kbdkor.dll
2007-04-04 07:13:06 8704 --a------ C:\WINDOWS\System32\kbdjpn.dll
2007-04-04 07:13:06 6144 --a------ C:\WINDOWS\System32\kbd106.dll
2007-04-04 07:13:06 5632 --a------ C:\WINDOWS\System32\kbd103.dll
2007-04-04 07:13:06 6144 --a------ C:\WINDOWS\System32\kbd101c.dll
2007-04-04 07:13:06 6144 --a------ C:\WINDOWS\System32\kbd101b.dll
2007-04-03 12:33:34 19275 --a------ C:\WINDOWS\System32\din700.dll
2007-04-03 02:53:57 22584 --a------ C:\WINDOWS\System32\drivers\PnkBstrK.sys
2007-04-03 02:53:53 99904 --a------ C:\WINDOWS\System32\PnkBstrB.exe
2007-04-03 02:53:47 63040 --a------ C:\WINDOWS\System32\PnkBstrA.exe
2007-04-03 02:53:47 0 d-------- C:\WINDOWS\System32\LogFiles
2007-04-02 06:46:46 0 d-------- C:\Program Files\SystemRequirementsLab<SYSTEM~1>
2007-03-28 09:18:09 0 d-------- C:\Documents and Settings\mine\Application Data\Lavasoft
2007-03-28 09:17:59 0 d-------- C:\Program Files\Lavasoft
2007-03-26 10:26:35 0 d-------- C:\WINDOWS\LastGood
2007-03-25 04:31:51 0 d-------- C:\WINDOWS\System32\appmgmt
2007-03-21 20:27:47 0 d-------- C:\Documents and Settings\mine\Application Data\Xfire
2007-03-21 20:27:46 0 d—s---- C:\Program Files\Xfire

I see several things going on right now. We can start here:

Open avast! antivirus and click the chest icon. Highlight User Files and add these files to the chest

C:\ie_updater.exe

C:\wmplayer.dll

C:\WINDOWS\system32\din700.dll

C:\WINDOWS\System32\svehost.exe

Then download CleanUp. Install and run it to clean your temporary files.

Next, Download SDFix and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press “Enter”.
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose “Extract All”,
Open the extracted folder and double click “RunThis.bat” to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log.

I notice that you shortened your initial DSS log. This time please break the log into pieces and use multiple posts so we can see the entire thing.

Now install Java Version 6 Update 1. After installation and reboot (if called for) open Add/Remove Programs and uninstall any version of Java prior to 6.1

Finally, if these files are still present please check them at
Virus Total
and post the results

C:\WINDOWS\system32\clcl3.exe

C:\WINDOWS\wvvtsr.dll

C:\WINDOWS\opmkjh.dll

Do you have a third party firewall? Its usually obvious in the hjt log but with some of the log missing I need to ask. And what is you operating system?

Ok, I did everything except the download the SDFix because I found somehthing else thats kind of weird. I went into windows in my c drive then went into temp, there was a folder there avast4 i went into and theres a file there trzC.tmp and i scan it and it says its a virus so i move it to the chest, and when i go back to it it comes up with trzD.tmp and it just keeps going to each letter. Oh and then it just stopped at f and then went to trz10.tmp. Any one got any ideas ???

No i don’t have a fire wall, ill get the rest of the log so you can see it all.

– Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
“NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup”
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe”
“NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit”
“SoundService”=“rundll32.exe "C:\WINDOWS\wvvtsr.dll",setvm”
“BootService”=“rundll32.exe "C:\WINDOWS\opmkjh.dll",realset”
“Intel system tool”=“C:\WINDOWS\System32\svehost.exe”
“clcl3”=“C:\WINDOWS\System32\clcl3.exe”
“SunJavaUpdateSched”=“"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
“Installed”=“1”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
“NoChange”=“1”
“Installed”=“1”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
“Installed”=“1”

[HKEY_USERS.default\software\microsoft\windows\currentversion\runonce]
“RunNarrator”=“Narrator.exe”

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“Windows update loader”=“C:\Windows\xpupdate.exe”

[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\system]
“Wallpaper”=“”

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\system]
“Wallpaper”=“”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=“”
“LinkResolveIgnoreLinkInfo”=dword:00000000
“NoResolveSearch”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“LinkResolveIgnoreLinkInfo”=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]
“NoActiveDesktop”=dword:00000000
“ForceActiveDesktopOn”=dword:00000001

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
“NoActiveDesktop”=dword:00000000
“ForceActiveDesktopOn”=dword:00000001

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\din700
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
“SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll”

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

– End of Deckard’s System Scanner: finished at 2007-04-14 at 00:17:06 ---------

Ok here’s the SDFix report.

SDFix: Version 1.78

Run by mine - Sat 04/14/2007 - 0:42:32.87

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\mine\Desktop\SDFix

Safe Mode:
Checking Services:

Name:
Microsoft IEUpdater2
ntldr.sys

ImagePath:
C:\ie_updater.exe /start
??\C:\ntldr.sys

Microsoft IEUpdater2 - Deleted
ntldr.sys - Deleted

Killing PID 216 ‘smss.exe’
Killing PID 288 ‘winlogon.exe’

ndis.sys Infected!

Patched File copied to Backups Folder
Attempting to replace ndis.sys with original version…

Original ndis.sys Restored

Was anything detected by Virus Total on these files?

C:\WINDOWS\system32\clcl3.exe

C:\WINDOWS\wvvtsr.dll

C:\WINDOWS\opmkjh.dll

If detections were made please post the results, or confirm that nothing was found.

Download the free version of AVG Antispyware, install it, update, but don’t scan yet

http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free

Then download Comodo Free Firewall and install it. Block anything you are unsure of that is requesting internet access

http://www.filehippo.com/download_comodo/

Now do a Complete System Scan with AVG AntiSpyware. When the scan is complete click Save Scan Report and post the contents in your next response along with a fresh hijackthis log (run hijackthis after AVG).

I forgot to get Virus Total but the warnings have seemed to stop for a long while actually, i’ve left my computer on and no virus popups have came yet.

That’s because SDFix removed some of the worst things, but you’re not completely clean yet.

Please follow through with the steps I posted above. After the AVG Antispyware (make sure you don’t get AVG AntiVirus by mistake) we will probably need to fix a few things in hijckthis and then maybe be done.

Ok, when I went to Virus Total, I was trying to send them clcl3.exe but when I would send it through msn hotmail it says I can’t send this file becuase it has a virus on it. But when I scan it with avast but it says it’s clean. Oh and I can’t find the other 2 wvvtsr.dll and opmkjh.dll files.

Oh and is it ok if I delete the SDFix folder? Or should I keep it just incase?

OK - in the Control Panel open Folder Options and click the View tab. Make sure:

Show Hidden Files and Foldres is checked

Hide extension for known files types is not checked

Hide protected operating system files is not checked

Don’t try to email the files. Instead, go to the Virus Total web site and use the Browse button at the top to navigate to the file. Then click send. You will need to do this with each file individually (click on the image below to enlarge it).

Let’s keep the SDFix folder for now.

Ok virus total for clcl3.exe says

AhnLab-V3 2007.4.14.0 04.13.2007 no virus found
AntiVir 7.3.1.52 04.14.2007 TR/Clickr.LD
Authentium 4.93.8 04.14.2007 W32/Downloader2.ALD
Avast 4.7.936.0 04.14.2007 no virus found
AVG 7.5.0.447 04.15.2007 no virus found
BitDefender 7.2 04.15.2007 Trojan.Downloader.Agent.ES
CAT-QuickHeal 9.00 04.14.2007 TrojanDownloader.Agent.es
ClamAV devel-20070312 04.15.2007 no virus found
DrWeb 4.33 04.14.2007 no virus found
eSafe 7.0.15.0 04.12.2007 Win32.Agent.es
eTrust-Vet 30.7.3567 04.14.2007 no virus found
Ewido 4.0 04.14.2007 Downloader.Agent.es
FileAdvisor 1 04.15.2007 no virus found
Fortinet 2.85.0.0 04.14.2007 Clickr.LD!tr
F-Prot 4.3.2.48 04.13.2007 W32/Downloader2.ALD
AhnLab-V3 2007.4.14.0 04.13.2007 no virus found
AntiVir 7.3.1.52 04.14.2007 TR/Clickr.LD
Authentium 4.93.8 04.14.2007 W32/Downloader2.ALD
Avast 4.7.936.0 04.14.2007 no virus found
AVG 7.5.0.447 04.15.2007 no virus found
BitDefender 7.2 04.15.2007 Trojan.Downloader.Agent.ES
CAT-QuickHeal 9.00 04.14.2007 TrojanDownloader.Agent.es
ClamAV devel-20070312 04.15.2007 no virus found
DrWeb 4.33 04.14.2007 no virus found
eSafe 7.0.15.0 04.12.2007 Win32.Agent.es
eTrust-Vet 30.7.3567 04.14.2007 no virus found
Ewido 4.0 04.14.2007 Downloader.Agent.es
FileAdvisor 1 04.15.2007 no virus found
Fortinet 2.85.0.0 04.14.2007 Clickr.LD!tr
F-Prot 4.3.2.48 04.13.2007 W32/Downloader2.ALD

Try the other two files as well. With the changes to the Folder View you should be able to find them.

After scanning the three please add any that are infected to the user files in the avast! chest before running AVG AntiSpyware.

Im doing a complete sytem scan with AVGAS too so ill post the log. It will be a bit before its finished.

So far for the AVGAS scan, I have found 55 infected files.

Make sure to quarantine anything found in AVG.

Did Virus Total find anything in the other two files?

I’ll check back later.

Oh, I forgot to switch pages so I didnt know you replied so I ran the AVG :-\ I’ll get the firewalls too.