@echo off

REM Name: pacerd_bundle-files.bat
REM Version: 1.0

REM Written By: Jim Cameron (http://support.moonpoint.com)
REM Written On: December 3, 2006
REM Last Modified: December 3, 2006

REM Search for files associated with "Pacerd.bundle",
REM which are listed at http://www.kephyr.com/spywarescanner/library/pacerd.bundle/
REM as being associated with the malware. 

REM Set value for sysem directory. This assumes the system this batch file is executed on is a Windows NT or
REM later system as, by default, this value should be %WinDir%\system on Windows 95, 98, ME.

set SystemDir=%WinDir%\system32

echo.
echo *** Searching for pacerd.bundle files. ***
echo.

for %%F in ("%ProgramFiles%\System Files\System.exe" "%ProgramFiles%\System Files\plugin.dll" %WinDir%\etb\pokapoka73.exe %WinDir%\etb\pokapoka75.exe %WinDir%\exe82.exe %WinDir%\jptc.dat %WinDir%\offun.exe %WinDir%\rk.exe
 %WinDir%\rlvknlg.exe %SystemDir%\PSof1.exe %SystemDir%\exp.exe %SystemDir%\wintask.exe %SystemDir%\adcomplusanalytic.exe %SystemDir%\ichckupd.exe %SystemDir%\bho.dll %SystemDir%\nsb12.dll %SystemDir%\APD123.exe%SystemDir%\wuauclt.dll %SystemDir%\202_app13.exe %SystemDir%\APD123.exe %SystemDir%\MTE2ODM6ODoxNg.exe %SystemDir%\PopOops.dll %SystemDir%\PopOops.dll %SystemDir%\SI.exe %SystemDir%\SWLAD1.dll %SystemDir%\SWLAD1.dll %SystemDir%\atmtd.dll %SystemDir%\atmtd.dll._ %SystemDir%\dist001.exe %SystemDir%\installer216.exe %SystemDir%\nstD.dll %SystemDir%\uc.exe %SystemDir%\wuauclt.dll %SystemDir%\AOP2.exe %SystemDir%\repairs302972979.dll) do if exist %%F echo %%F

echo.
echo *** Searching for pacerd.bundle directories. ***
echo.

REM Double quotes are needed for directories with spaces in their names, e.g. "Program Files".

for %%D in ("%ProgramFiles%\Msnmaker\" "%ProgramFiles%\Quick Links\" "%ProgramFiles%\InetGet\" "%ProgramFiles%\FREEPR~1\" "%ProgramFiles%\Freeprod Toolbar\" "%ProgramFiles%\Cas\" "%ProgramFiles%\CasStub\" "%ProgramFiles%\CMSystem\" "%ProgramFiles%\Yazzle Sudoku\" %WinDir%\bsx32\ %WinDir%\etb\) do if exist %%D dir %%D