Author Topic: Win32.Rbot.DZS..oo.exe..sorry to beat a dead horse (Read 1919 times)

jbug88 · « **on:** November 13, 2005, 12:24:05 AM »

I have seen a few other threads about this and here is my problem.
I get a virus detected message upon start up everytime.
Win32.Rbot.DZS..oo.exe
I have seen the other posts on this and it seems like all the links in the previuos threads were dead.
can somebody help me out??
I figured it was from limewire so I have already uninstalled it.
What's next??
Thanks in advance
-J-

Logfile of HijackThis v1.99.1
Scan saved at 9:23:37 PM, on 11/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\MsMovies\MsMovies.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\John_2\Local Settings\Temporary Internet Files\Content.IE5\J22WFB1K\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://acc.count-all.com/--/?newlx (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acc.count-all.com/-/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://acc.count-all.com/--/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://acc.count-all.com/---/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?newlx (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://acc.count-all.com/---/?newlx (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchdot.net
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
O1 - Hosts: 66.40.16.131 livesexlist.com
O1 - Hosts: 66.40.16.131 lanasbigboobs.com
O1 - Hosts: 66.40.16.131 thumbnailpost.com
O1 - Hosts: 66.40.16.131 adult-series.com
O1 - Hosts: 66.40.16.131 www.livesexlist.com
O1 - Hosts: 66.40.16.131 www.lanasbigboobs.com
O1 - Hosts: 66.40.16.131 www.thumbnailpost.com
O1 - Hosts: 66.40.16.131 www.adult-series.com
O1 - Hosts: 207.68.176.250 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\System32\lexpps.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://billing-a.mhi.Email Removed/netagent/objects/custappx2.CAB\' target=\'_blank\' rel=\'nofollow\'>http://billing-a.mhi.Email Removed/netagent/objects/custappx2.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab\' target=\'_blank\' rel=\'nofollow\'>http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O19 - User stylesheet: C:\WINDOWS\Web\win.def (file missing)
O19 - User stylesheet: C:\WINDOWS\default.css (file missing) (HKLM)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

guestolo · « **Reply #1 on:** November 13, 2005, 12:48:44 AM »

When I ask you too download a zip file, make sure you choose SAVE TO DISK rather than Open
You didn't save hijackthis to a permanent folder
Can you redownload hijackthis from my signature below and save it too a permanent folder on your harddrive
Only run hijackthis from this new location

Right click an empty spot on the desktop and left click NEW>>Folder
A new folder will be placed on the desktop, name it BFU

Download and save p2pnetwork.zip
[attachment=426:attachment]
Then UNZIP it to the BFU Folder

Download and save and then UNZIP to the BFU folder
BFU.zip
So you now have BFU.exe extracted

==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0
Don't run it yet

==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Download and Install
Ad-Aware SE Personal 1.06

Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Don't run a scan yet

Download and save too the desktop the Standalone version of CWShredder

Please print these instructions or save them instructions to a Notepad file and save it to your Desktop for reference
Close down all browser windows, including this one

Open CWShredder and click on the FIX button, let it complete the fix
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link I supplied for a more detailed explanation

In safe mode
Open the BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to p2pnetwork.bfu in the BFU folder
Right click p2pnetwork.bfu and choose Select
In Brute Force Uninstaller select Execute
Let it finish then Exit

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Do another scan with Hijackthis and put a check next to these entries:
Not all may be found, but tick any of the below that you see

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://acc.count-all.com/--/?newlx (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acc.count-all.com/-/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://acc.count-all.com/--/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://acc.count-all.com/---/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?newlx (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://acc.count-all.com/---/?newlx (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchdot.net
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
O1 - Hosts: 66.40.16.131 livesexlist.com
O1 - Hosts: 66.40.16.131 lanasbigboobs.com
O1 - Hosts: 66.40.16.131 thumbnailpost.com
O1 - Hosts: 66.40.16.131 adult-series.com
O1 - Hosts: 66.40.16.131 www.livesexlist.com
O1 - Hosts: 66.40.16.131 www.lanasbigboobs.com
O1 - Hosts: 66.40.16.131 www.thumbnailpost.com
O1 - Hosts: 66.40.16.131 www.adult-series.com
O1 - Hosts: 207.68.176.250 auto.search.msn.com

O19 - User stylesheet: C:\WINDOWS\Web\win.def (file missing)
O19 - User stylesheet: C:\WINDOWS\default.css (file missing) (HKLM)

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Open Ad-Aware 1.06
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

Restart back to Normal mode

Back in Windows
Post a fresh hijackthis log and the whole report from Ewido's

jbug88 · « **Reply #2 on:** November 13, 2005, 02:13:15 PM »

I appreciate the help.
I saved Hijackthis to a permanent folder and ran another scan
here it is..

Logfile of HijackThis v1.99.1
Scan saved at 11:12:34 AM, on 11/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MsMovies\MsMovies.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://acc.count-all.com/--/?newlx (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acc.count-all.com/-/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://acc.count-all.com/--/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://acc.count-all.com/---/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?newlx (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://acc.count-all.com/---/?newlx (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?newlx (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchdot.net
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
O1 - Hosts: 66.40.16.131 livesexlist.com
O1 - Hosts: 66.40.16.131 lanasbigboobs.com
O1 - Hosts: 66.40.16.131 thumbnailpost.com
O1 - Hosts: 66.40.16.131 adult-series.com
O1 - Hosts: 66.40.16.131 www.livesexlist.com
O1 - Hosts: 66.40.16.131 www.lanasbigboobs.com
O1 - Hosts: 66.40.16.131 www.thumbnailpost.com
O1 - Hosts: 66.40.16.131 www.adult-series.com
O1 - Hosts: 207.68.176.250 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://billing-a.mhi.Email Removed/netagent/objects/custappx2.CAB\' target=\'_blank\' rel=\'nofollow\'>http://billing-a.mhi.Email Removed/netagent/objects/custappx2.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab\' target=\'_blank\' rel=\'nofollow\'>http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O19 - User stylesheet: C:\WINDOWS\Web\win.def (file missing)
O19 - User stylesheet: C:\WINDOWS\default.css (file missing) (HKLM)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

guestolo · « **Reply #3 on:** November 13, 2005, 02:22:21 PM »

Thanks for the new log
I don't want to repeat myself, so can you now go do all the instructions I posted in my previous reply
Thanks

Guest · « **Reply #4 on:** November 14, 2005, 12:15:23 AM »

ok...here it is..
it seems like everything is working and pretty much back to normal.
stupid limewire.
you are a lifesaver!!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Logfile of HijackThis v1.99.1
Scan saved at 9:12:27 PM, on 11/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://billing-a.mhi.Email Removed/netagent/objects/custappx2.CAB\' target=\'_blank\' rel=\'nofollow\'>http://billing-a.mhi.Email Removed/netagent/objects/custappx2.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab\' target=\'_blank\' rel=\'nofollow\'>http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

does it look good??
-J-

guestolo · « **Reply #5 on:** November 14, 2005, 12:30:40 AM »

Can you run another scan with hijackthis a tick this entry

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

Click FIX CHECKED with all other windows closed, including this one

Reboot the computer

Did you save the Ewido report?
If so, could you post it after you do the above

Then we'll do some final cleanup

Guest · « **Reply #6 on:** November 15, 2005, 12:08:03 AM »

ok...current hijackthis report

Logfile of HijackThis v1.99.1
Scan saved at 9:04:41 PM, on 11/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://billing-a.mhi.Email Removed/netagent/objects/custappx2.CAB\' target=\'_blank\' rel=\'nofollow\'>http://billing-a.mhi.Email Removed/netagent/objects/custappx2.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab\' target=\'_blank\' rel=\'nofollow\'>http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

_______________________________
ewido report..limewire dl'ed a bunch of pron i never knew about!!!

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         8:40:37 PM, 11/13/2005
+ Report-Checksum:      88930718

+ Scan result:

   C:\Documents and Settings\John_2\Desktop\Adobe[1].PhotoShop.CS2.KeyGen.zip/start.exe -> TrojanDownloader.IstBar.ja : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\03wmvsoftcore.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\04mpgsoftcore.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\2 Ariana Is [censored]in And [censored] Squirts.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\3 Amee Donovan [censored] [censored]s Hard.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\3 Asian Cutie Pounded In Her [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\3 Cutie Teases [censored] With A Stiletto.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\3 Gia Beer Her [censored] And Anal Sex.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\3 Girl Nailed In Her [censored] And Butt.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\3 Hottie Wanting A Wild G Spot [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\3 Juicy [censored] Boned By A Long Cock.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\3 Kinky Honey Giving Wild Handjobs.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\3 Lesbias Finger Each Others [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\3 Teen [censored] [censored]s On Sofa & Cum.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\3 Tyler Faith Enjoys Her [censored] [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\3 Wild Foursome Orgy On The Beach.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\3 Wild Group Sex With Some Babes.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\3 Wild Mom Gets Slamed In The Ass.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\4 Attractive Blonde Toyin Hot [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\4 Five Lesbian Girls In Wild [censored] Fest.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\4 Wild Party And Some Wild [censored]ing.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\6 Blonde Teen Dildoing Sweet [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\6 Wild Babe [censored]in Two Huge Dildos.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\70 Year Granny Wild Threesum.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Alanis Having Wild Vip Sex.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Alluring Girl Gets Wild [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Amateur Gay Boys Sucking & Wild [censored]ing.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Amateur Gets Hairy [censored] [censored] Wild.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Amateur Gets Shaved [censored] [censored] Wild.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Amateur Girls Getting Wild At Drunken Gangbang Party.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Amateur Girls Take Cumshots At Wild Gangbang Party.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Amateur Lady Is Stuffing Her [censored] With Two Dildos.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Amee Donovan Gets [censored] [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\An Amazing And Sexy College Party Is Getting Wild.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Asian Babe In Glasses Gives Wild Handjob.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Asian Babes Are Taking A Wild [censored] Fisting Lesson.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Asian Babes Gives Handjobs & Wild Orgy.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Asian Gay Gives Blowjob & Wild Bed [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Asian Lily Thai [censored] Hammered.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Asian Massage Babe Gives Wild Oral [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Asian Mouth And [censored] [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Asian Tattood Babe Sucks For Wild Cumshot.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Asian Teen [censored] On Bed In [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Attractive Babes Licking [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Attractive Blonde Toying [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Babe Gives Wild Footjob On Sofa.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Babe Is Shaking Her Pretty Ass Like Girls Gone Wild.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Babe Posing Her [censored] And Masturbating In Outdoor.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Babes Lick Pink [censored] At Pool.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Babes On Beach Touching [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Babes Playing Wildly Sex Games.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Beautiful Lexi Gets Her First Internal [censored] Cumshot.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Becca Creampied Her Pink [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Big Ass Gets Wild Doggystyle.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Big Dick Drilling Cool [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Bigtit Teen Gets [censored] Pounded.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Black Chick Tickled [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Black Cock Inside Tight [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Black Dudes Ram A Latina [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blond Babe Gives Blowjob For Wild Cumshot.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blond Babe Gives Oral [censored] Till Wild Gag.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blond Nude Babe Gets Wild Snatch Bang.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blond Slim Babe Gives Wild Footjob On Bed.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blond Teen [censored] In Ass & Fingered [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blond Teen In Panties Fingering [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blonde Amateur Teenie Gets Her Wet [censored] [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blonde And Redhead Lesbos Licking [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blonde Dildo [censored]ing [censored] For Orgasm.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blonde Fingering [censored] For Orgasm.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blonde Fingers Her Pink [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blonde [censored] In [censored] For Squirt.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blonde [censored] In [censored] On Bed For Orgasm.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blonde [censored] In [censored] On Bed Hardcore.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blonde Gets Ass & Juicy [censored] Fingered.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blonde Gets Ass & [censored] Fingered.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blonde Gets Her Pink [censored] Stuffed With Hard Cock.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blonde Gets [censored] Fingered On Bed.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blonde In Stockings [censored] Fingered.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blonde Lesbo Gets [censored] & Ass Toy [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blonde Sucker [censored] Railed.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blonde Throat Nd [censored] Drilled.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Blonde Wildly [censored] On A Boat.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Brand New Meaning Of Team Work.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Brittany Skye Gets Wild [censored] In Park.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Brunette Babe Gets Tight [censored] [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Brunette [censored] In [censored] On Sofa.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Brunette On Sofa Fingering [censored] For Orgasm.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Brunette On Sofa [censored] In Bald [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Brunette On Sofa Gets Ass & [censored] Fingered.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Brunette Teen Fingering [censored] For Orgasm.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Brunette Teen Fingering [censored] On Bed.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Brunette Teen [censored] In [censored] For Orgasm.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Brunette Teen [censored] In Shaved [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Brunette Teen Gets [censored] Licked On Sofa.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Brunette Teen On Bed Gets [censored] Fingered.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Busty Asian Loni [censored] Pounded.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Busty Black Teen Gives Wild Handjob On Bed.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Busty Blond Amateur [censored] Wild.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Busty Blonde [censored] In [censored] For Orgasm.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Busty Blonde [censored] In [censored] Hardcore.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Busty Blonde [censored] [censored] On Bed.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Busty Cutie [censored]s On Bed For Wild Facial.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Busty Ebony Gets Her [censored] Pounded By A Big Cock.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Busty Gets Hard Sausage [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Busty Gianna Loves Monster Dick Inside Her [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Busty Indian Teen Gives Wild Titty[censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Busty Teen [censored] In [censored] Hardcore.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Busty, Cutie Teases Her [censored] With Her Stiletto Heel.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Cherry [censored] Slamed.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Chick Gets Jizzed On Her [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Chick Is Getting [censored] Till She Squirts From [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Chockolate Chick [censored] Wildly.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\College Girl Is Getting [censored] Hard At A Wild Frat Par ....zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\College Schoolgirl Gets [censored] Licked & Fingered.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Curly Teen Give Wet Blowjob For Wild Facial.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Cute 18yo Babe In Glasses Gets Wild Cumshot.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Cute Ass And [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Cute Brunette [censored] In [censored] For Orgasm.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Cute Brunette [censored] In [censored] Hardcore.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Cute Brunette On Sofa [censored] In [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Cute Chick Gets [censored] Fingered For Orgasm.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Cute Latin Teen Lickes Dick For Wild Facial.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Cute Redhead On Sofa [censored] In [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Cute Teen [censored] In Pink [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Cute Teen Gets Bald [censored] Licked & Fingered.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Daria And Jackie Get Involved In Some Wild Foreplay.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Dark Haired Teen Gets [censored] Licked.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Deepthroating Gay Gets Wild Anal [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Devon Busty Blonde Gets Her [censored] Licked.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Dildoing [censored] In Panties.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Dirty Dawg Gets [censored] Whipped By Experienced Gal.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Dirty Gay Gives Blowjob & Wild Anal [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Drunk Bitch At Wild Party.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Drunk Chicks Getting Nasty Banged On A Wild Hardcore Pa ....zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Drunken Girl Enjoys [censored]ing At Her Wild College Party.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Ebony Teen [censored] In [censored] For Orgasm.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Ebony Teen On Sofa [censored] Wild.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Euro Is Inserting A Golden Rod Into Her Sopping [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\European Redhead Masturbating [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\European Teen Vibrator [censored]ing [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Fiery Beauty Showing [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Five Fabulous Horny Beauties Doing A Wild Inter Racial ....zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\[censored]able Mommy [censored] Whacked.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Gay Amateur Gets Wild Anal Bang On Bed.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Girls Go Wild For A Chance To Shag His Beefy Cock.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Gorgeous Teen Gives Wild Footjob On Sofa.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Guy [censored]s Black [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Haven Blonde Teen [censored] Licked.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Haven Licking A Shaved [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Ho Wildly [censored] By Black Gang.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Hoe Wildly [censored] By Huge Dick.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Honey Slammed Wild Cock.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Hot Blonde Babe Giving A Great Blowjob And Enjoying Som ....zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Hot Sexy Babes At Wild Party.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Hot Teenie Eats Dick And Gets Her [censored] Pounded.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Hottie Inserts Sex Toy Deep In [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Huge Cock Slamming Tight [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Innocent Babe Sucking On Bed For Wild Gag.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Innocent Blonde [censored] In [censored] On Sofa.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Innocent Blonde Toying [censored] For Orgasm.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Innocent Brunette Fingering Ass & [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Innocent Busty Teen On Bed Fingering [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Japanese Hot Slut Spreading Big Hairy [censored] To Lover.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Japanese, Young Babe Riding Cock Like A Wild Cowboy.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Katja Kassin Enjoys The Blowjob And [censored] [censored]ing.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Kianna Hot Poolside [censored] Pump.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Kinky Gag Babe Gives Wild Blowjob On Sofa.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Kinky Gag Babe Gives Wild Deepthroat.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Kinky, Blonde Amateur Is Enjoying [censored]ing Wild Toys.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Latin Blonde Riding Dick For Wild Facial.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Latina Fingering [censored] While Bathing.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Lesbian African Black Ebony Lickes [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Lesbian Pornstar Licking Hot Indian [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Lesbians In Latex Rubber Fingering [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Lesbo Girls Eating Soft [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Maia Gets Wild On Gagging.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Malezia Gives Wild Licks.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Michelle Wild Busty Teen Gets [censored] Fingered [censored] [censored] ....zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Michelle Wild Busty Teen [censored] Fingering.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Michelle Wild Gets [censored] In The Ass And Then Spermed O ....zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Misty Prepares Her Sweet [censored] For Cum From Two Guys.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Nasty Babes Fingering And Licking [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Naughty Redhead Teen Whore Getting Wildly [censored] By A H ....zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Nude Gay Boy Gets Wild Doggystyle [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Nude Gay Students Sucking & Wild [censored]ing.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Old Moms [censored] Gets Thrashed.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Olivia Plays Wild Anal Cowgirl.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Oriental Teen Toying [censored] On Sofa.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Pale Bitch Fingering While Wild Footjob.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Pale Gay Student Gets Wild Doggystyle [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Pale Redhead Gets Wild [censored] Till Facial.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Paradise [censored] Getting Opened Up For Any Visitors.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Party Club Babes Wild And Kinky With The Party Boys.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Petite, Teen Hottie Gushing Tons Of Hot [censored] Juice.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Pink [censored] Lick And Fingering.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Pretty, Blonde Slut Toying Her Shaved [censored] Outdoors.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\[censored] Double Dildo Penetration.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\[censored] Spreading Strapon Action.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Raunchy Babe Gets Wild Jizz On Glasses.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Raunchy Gag Whore Gives Wild Footjob.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Redhead Milf Gets Her [censored] Stuffed With Fat Cock.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Scary Hairy Teen Has Wild Bush.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Schoolgirl Natalie Is Giving Up The [censored] For A Dream.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Schoolgirls Wild Banged.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Sexy Blonde Girl [censored] Squirts.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Sexy Chick Eats Ebony [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Sexy Fingering Her [censored]..zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Sexy Fisting Her [censored]..zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Sexy Mature Toying [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Sexy Milf Is Sucking And [censored]ing His Wild, Wild Willy.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Sexy Trinity Fingers Her Tight, Snapping Pink [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Sharon Wild Ass [censored] At Office.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Sharon Wild Sucks And [censored]s.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Shaved [censored] Pounded Hard.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Shayla Laveaux Is [censored] [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Shemale Outdoor [censored]ing [censored] Hardcore.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Shy Cutie Shows Her [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Sizzling Lesbo Couple Gone Wild Kinky At The Room.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Skinny College Teen [censored] In [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Sleeping Teen Gets Drilled In Her Young [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Slick Head Is Peeking Out A Hole For A Wild Cumshot.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Slim Babe Jerking Dick & Gets Wild Cumshot.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Slim Blond Gay Gets Wild Doggystyle [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Slim Gay Student Gives Wild Oral [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Solo Girl Masturbating [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Sweet Busty Gets [censored] Pounded.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Sweet Girl Getting Wild [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Sweet Teen Lesbians Eat [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Sweet Wild Housewife Sucking Great Cock In The Woodshed ....zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Tanned Babe In Glasses Gives Wild Handjob.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Tanned Nude Gay Student Gets Wild Bed Sex.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Tanned Slim Blond Babe Gets Wild Facial.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Tanned Teen Gets Wild Titty [censored] On Sofa.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Tattooed Amateur Dildo Is [censored]ing Her Shaved [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Teen Cutie Is Opening Up Her [censored] For A Hard Dick.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Teen Cutie Pokes Her [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Teen [censored] Getting Experience.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Teen [censored] Kitchen Licken.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Teen Spreads Her [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Teen Spreads [censored] Wide.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Threesome Having The Best Wild Sex Orgy Ever Seen On A ....zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Tight [censored] Teen [censored]ing.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Tranny Licking Wet [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Two Busty Big Tits Babes Taste Each Others Boobs And Li ....zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Two Hot Lesbo Teens Get Wild.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Two Lesbo Teens Cumming From Wild Strapon Action.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Two Preggo Babes And Their Hubbys Are Going Wild.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Two Sexy Teens Licking [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Two Wild Lesbo Hot Babes Licking And Kissing Each Other ....zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Upclose Look In Jaclins [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Virgin Lips Are Humped Wildly While Mom Cheers On.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wallflower Goes Wild When Brought Into A Backseat.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Whore Marie Is Getting Her Wild Finger[censored]ing Action.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Amateur Whore Gets Wild Cuntbang.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Anal Orgy With Horny Hoes.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Asian Schoolgirl.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Babe Gives Handjob & Boobs Cumshot.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Babe Having Party Sex.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Babe Is Riding On A Giant Sybian Machine Hard.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Babes Toying After Boxing.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Blonde Sucks Black Dick & Kinky Gag.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Bush Is Burning For Some Fresh Ass Cock Loving.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Cat Is Spreading Her Fresh [censored] And Is Nailed.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Cheating Housewifes On Public, Sucking Party.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Cheating Milf Banged Hard.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Curvaceous Babe Enjoys A Hardcore Ass Plunge.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Gag Redhead Sucking & Kinky Facial.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Gay Gets Sucked & Asshole Banging.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Gay Students [censored]ing Nude & Jerking.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Girls Flash Tits In A Party.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Group Sex With Babes.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Groupsex With Gals Licking Dicks Like Lollipops.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Houswife Blowjob.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Kelly Masturbating [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Lesbians Catfighting.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Lesbo Hot Babes Licking And Kissing Each Other Sof ....zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Milf Nailed Really Hard.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Milf Stroking A Huge Cock.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Slim Teen Sucking & Jerks For Facial.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Teen Humps A Fat Cock.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Teenie Gets Her Mouthful Of Hot, Sticky Semen.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Threesome Lesbians Orgy.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Toy Loving Slut Is Showing Off Her Bee Stung Lips.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Wench Is Stroking Her New Pet Until It Creams.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild Willy Pointing Towards The Dark Side Of Her Twat.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild, Amateur Babe Showing Off Her Perfect Boobies.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild, College, Redheaded Skank Spreads Puss Open.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild, Doggystyle And Cock Riding Mature Hardcore.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Wild, Teen Amateur Jerking On A Cock And Licks Cum.zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Young Schoolgirl Is [censored] In Her Tight, Pink [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Documents and Settings\John_2\Shared\Yummy Babe Shows Cunt And Masturbates [censored].zip/Video.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\41108900.asw -> Spyware.ImiBar : Cleaned with backup
   C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\41111562.asw -> Trojan.Imiserv.c : Cleaned with backup
   C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\41112503.asw -> Spyware.BargainBuddy.f : Cleaned with backup
   C:\Program Files\DownloadWare\Downloads\214.dat -> TrojanDropper.Small.ky : Cleaned with backup
   C:\Program Files\DownloadWare\Temp\cgs.exe -> TrojanDropper.Small.ky : Cleaned with backup
   C:\Program Files\start.exe -> TrojanDownloader.IstBar.ja : Cleaned with backup
   C:\Program Files\Support Software\SS2.DLL -> Spyware.MediaPops : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> Spyware.ShopNav : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0014397.exe -> Spyware.ShopNav : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0017581.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0017985.exe -> TrojanDropper.WinAD.h : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\mp3.plugin.exe -> Dialer.Generic : Cleaned with backup
   C:\WINDOWS\extract.exe -> Trojan.Imiserv.c : Cleaned with backup
   C:\WINDOWS\msbbi.exe -> Trojan.Imiserv.c : Cleaned with backup
   C:\WINDOWS\save.exe -> Adware.SaveNow : Cleaned with backu

guestolo · « **Reply #7 on:** November 15, 2005, 01:03:45 AM »

Can you post the bottom part of the Ewido report please
Everything below this line
C:\WINDOWS\save.exe -> Adware.SaveNow : Cleaned with backup

Don't post the top part of it again
I just want to make sure we got everything

Guest · « **Reply #8 on:** November 15, 2005, 09:11:01 PM »

C:\WINDOWS\save.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\wupdt.exe -> TrojanDownloader.OneClickNetSearch.e : Cleaned with backup

::Report End

that was it.

-J-

guestolo · « **Reply #9 on:** November 15, 2005, 09:19:03 PM »

OK, good

Can you do something please

Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

Navigate to this folder
C:\Documents and Settings\John_2\Shared <-folder
Any files you didn't manually download yourself to this folder
They should be .zip files
Remove them

Go back and hide hidden files and folders

If everything is running better, please do the following
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature

Once System Restore is reenabled

You should set up protection against future attacks
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"

You should consider updating to Service Pack 2 for Windows, it's important to keep up on all updates
Also, scan everything you download with an updated AV from your filesharing programs before you open it

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

jbug88 · « **Reply #10 on:** November 16, 2005, 12:19:03 PM »

I am checking this from work, so as soon as I get home I will do the last things you mentioned. Again, I truly appreciate all the help you have given me.

-J-

TheTechGuide Forum

News:

Author Topic: Win32.Rbot.DZS..oo.exe..sorry to beat a dead horse (Read 1919 times)

jbug88

Win32.Rbot.DZS..oo.exe..sorry to beat a dead horse

guestolo

Win32.Rbot.DZS..oo.exe..sorry to beat a dead horse

jbug88

Win32.Rbot.DZS..oo.exe..sorry to beat a dead horse

guestolo

Win32.Rbot.DZS..oo.exe..sorry to beat a dead horse

Guest

Win32.Rbot.DZS..oo.exe..sorry to beat a dead horse

guestolo

Win32.Rbot.DZS..oo.exe..sorry to beat a dead horse

Guest

Win32.Rbot.DZS..oo.exe..sorry to beat a dead horse

guestolo

Win32.Rbot.DZS..oo.exe..sorry to beat a dead horse

Guest

Win32.Rbot.DZS..oo.exe..sorry to beat a dead horse

guestolo

Win32.Rbot.DZS..oo.exe..sorry to beat a dead horse

jbug88

Win32.Rbot.DZS..oo.exe..sorry to beat a dead horse