HELP Needed with Smitfraud-C infection

T

tarix

New member
;) Please Help Me !!
my computer I've been infected by a malaware named Smitfraud-C wich Spybot search&destroy have identified as such.

I've run Spybot search&destroy and it recognized it and cleaned almost intirely it, although it couldn't remove it completly (even in safe mode) it always rest (or find) at least 1 infection that can't be removed even if i start Spybot search&destroy when the computer starts.

I've read the "BEFORE you POST" thread and downloaded HJT, below is the log. :( Please Help !!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:21:53, on 15-10-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\1\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netcabo.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: The Lynx Internet Radio Network Toolbar - {cb90f295-4524-4bd4-adb4-8dc333d67d6a} - C:\Program Files\The_Lynx_Internet_Radio_Network\tbThe_.dll
O2 - BHO: Torrent-Search Toolbar - {e0c7b854-d5ce-4db6-9804-be1438603d89} - C:\Program Files\Torrent-Search\tbTor0.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand203000013.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Torrent-Search Toolbar - {e0c7b854-d5ce-4db6-9804-be1438603d89} - C:\Program Files\Torrent-Search\tbTor0.dll
O3 - Toolbar: The Lynx Internet Radio Network Toolbar - {cb90f295-4524-4bd4-adb4-8dc333d67d6a} - C:\Program Files\The_Lynx_Internet_Radio_Network\tbThe_.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Program Files\Netcraft Toolbar\nctb.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\Casa\LOCALS~1\Temp\a.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [bCqf6PD0V0] C:\Documents and Settings\All Users\Application Data\dilupkzg\lqjinobu.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Add to Local Website Archive - C:\Documents and Settings\Casa\Application Data\aignes\Local Website Archive\config\iearc.htm
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Documents and Settings\Casa\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {298C0B4F-3330-4F82-A2B0-75CB87AC3E97} - C:\Program Files\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {298C0B4F-3330-4F82-A2B0-75CB87AC3E97} - C:\Program Files\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra button: Add to Local Website Archive - {651B27BB-07F3-46F6-91E2-73F48BDC7525} - C:\Program Files\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra button: Add to Local Website Archive - {BAD3887C-C44F-436A-BE7E-184C47E66D09} - C:\Program Files\Local Website Archive\wsarc.exe (HKCU)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 14135 bytes
 
Hi tarix

We will begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
 
Reports

Hi Shaba, thanks for your help, this is being quite anoying the last days :sad: sorry for the time delayed to answer but i'm a newbie in this things more complicated i didn't want to mess up more, so i did it step by step ;) and also i think were'r in diferent time zones.

Here are the reports you asked:


ComboFix 08-10-14.07 - Casa 2008-10-15 16:08:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.423 [GMT 1:00]
Executando de: C:\Documents and Settings\Casa\Desktop\ComboFix.exe
Comandos utilizados :: C:\Documents and Settings\Casa\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Criado um novo ponto de restauro
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Casa\Application Data\inst.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\msxml71.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-15 to 2008-10-15 ))))))))))))))))))))))))))))
.

2008-10-15 15:56 . 2008-10-15 15:56 <DIR> d-------- C:\spoolerlogs
2008-10-14 02:54 . 2008-10-14 02:54 <DIR> d-------- C:\Documents and Settings\Mãe\Application Data\MetaProducts
2008-10-14 02:54 . 2008-10-14 02:54 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\MetaProducts
2008-10-14 02:22 . 2008-10-14 02:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-14 02:21 . 2008-10-15 12:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\dilupkzg
2008-10-14 01:09 . 2008-10-14 02:14 4,438 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-13 03:09 . 2008-10-13 23:56 181 --a------ C:\WINDOWS\wininit.ini
2008-10-13 02:15 . 2008-10-13 02:15 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-16 03:08 . 2008-09-16 03:46 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 14:55 --------- d-----w C:\Program Files\Torrent-Search
2008-10-15 14:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-14 23:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-14 01:54 --------- d-----w C:\Program Files\Download Express
2008-10-14 01:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-14 01:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-13 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-13 00:44 --------- d-----w C:\Program Files\SpywareBlaster
2008-09-30 02:37 --------- d-----w C:\Program Files\Rainlendar2
2008-09-11 05:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-07 19:55 --------- d-----w C:\Documents and Settings\Casa\Application Data\Vso
2008-09-07 18:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2008-09-07 05:59 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-07 05:59 47,360 ----a-w C:\Documents and Settings\Casa\Application Data\pcouffin.sys
2008-09-07 05:59 --------- d-----w C:\Program Files\vso
2008-09-03 16:38 --------- d-----w C:\Program Files\Google
2008-08-31 22:02 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-31 21:54 --------- d-----w C:\Program Files\Java
2008-08-31 21:47 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-14 05:27 81,920 ----a-w C:\Documents and Settings\Casa\Application Data\ezpinst.exe
2008-04-04 02:51 14,290 ----a-w C:\Program Files\settings.dat
2008-03-21 16:12 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
Code: 
<pre>
----a-w        18,851,397 2008-03-23 16:38:13  C:\Documents and Settings\Casa\My Documents\Downloads\Internet Explorer 7.0.5730.11 (AIO)\Internet Explorer 7.0.5730.11 .exe
</pre>


------- Sigcheck -------

2005-03-02 01:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 10:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2003-11-08 13:00 1947904 0e8efb15746878a9b256e75267337233 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-04 06:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 01:34 2067712 73c6d7f370eee2330162a8dd3302159c C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-08-04 06:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-13 19:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
2007-02-28 09:38 2068480 bf7d3b9a67fdabb7ada4df7c0286b382 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

2005-03-02 02:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 10:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2003-11-08 13:00 2042240 b9080d97dbd631aadf9128f7316958d2 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 07:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 01:59 2190208 ba9c5fd985ba9de863f482b892b0e4ad C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-08-04 07:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-13 20:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
2007-02-28 10:10 2191232 cc208534f5463d154da324ae9eceac78 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\VITrans\ntoskrnl.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cb90f295-4524-4bd4-adb4-8dc333d67d6a}]
2008-03-13 11:30 1524248 --a------ C:\Program Files\The_Lynx_Internet_Radio_Network\tbThe_.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 13:04 97064 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2008-05-22 167936]
"Copernic Desktop Search 2"="C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" [2008-02-13 1583624]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-20 65536]
"VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2008-02-19 61440]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"PCTVRemote"="C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe" [2002-01-29 61440]
"Opware12"="C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" [2003-05-20 49152]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-09-26 35328]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-04 987187]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2005-07-27 184408]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"IME JPN 2007 Migration"="C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2007-08-23 66936]
"Microsoft Pinyin IME Migration"="C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2006-10-26 32560]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"bCqf6PD0V0"="C:\Documents and Settings\All Users\Application Data\dilupkzg\lqjinobu.exe" [N/A]

C:\Documents and Settings\Guest\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\Casa\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-04-04 575488]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.i420"= i420vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopIconToy]
--a------ 2008-04-26 17:19 450560 C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R0 u1pvdbs;SONY USB CAMERA Base Driver;C:\WINDOWS\system32\DRIVERS\u1pvdbs.sys [2001-11-27 6225]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 97928]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51 13560]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-31 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-02 76040]
R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-04-02 6369]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-04-27 93696]
R3 u1pvdsm;SONY USB CAMERA Video Capture Device;C:\WINDOWS\system32\DRIVERS\u1pvdsm.sys [2001-11-27 318419]
S3 tbHD;Philips PSC705 WDM Driver;C:\WINDOWS\system32\drivers\TBirdHD.sys [2002-06-04 336066]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{858adae0-63cc-11dd-99f3-00805a2069c9}]
\Shell\Auto\command - G:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Scan Suplementar -------
.
FireFox -: Profile - C:\Documents and Settings\Casa\Application Data\Mozilla\Firefox\Profiles\eavgd1xx.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 16:14:11
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...


C:\WINDOWS\TEMP\c1008365-ee78-4870-af4b-1ca971810976.tmp 0 bytes

Varredura completada com sucesso
arquivos/ficheiros ocultos: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

PROCESSOS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\Program Files\VisualTaskTips\VttHooks.dll
-> C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem203000013.dll
.
------------------------ Outros Processos em Execução ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Tempo para conclusão: 2008-10-15 16:25:51 - Máquina reiniciou
ComboFix-quarantined-files.txt 2008-10-15 15:25:22

Pré-execução: 3.118.997.504 bytes free
Pós execução: 3,028,475,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

240 --- E O F --- 2008-09-11 05:37:15


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:04, on 15-10-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Casa\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netcabo.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: The Lynx Internet Radio Network Toolbar - {cb90f295-4524-4bd4-adb4-8dc333d67d6a} - C:\Program Files\The_Lynx_Internet_Radio_Network\tbThe_.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand203000013.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: The Lynx Internet Radio Network Toolbar - {cb90f295-4524-4bd4-adb4-8dc333d67d6a} - C:\Program Files\The_Lynx_Internet_Radio_Network\tbThe_.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Program Files\Netcraft Toolbar\nctb.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKLM\..\Policies\Explorer\Run: [bCqf6PD0V0] C:\Documents and Settings\All Users\Application Data\dilupkzg\lqjinobu.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Add to Local Website Archive - C:\Documents and Settings\Casa\Application Data\aignes\Local Website Archive\config\iearc.htm
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Documents and Settings\Casa\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {298C0B4F-3330-4F82-A2B0-75CB87AC3E97} - C:\Program Files\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {298C0B4F-3330-4F82-A2B0-75CB87AC3E97} - C:\Program Files\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra button: Add to Local Website Archive - {651B27BB-07F3-46F6-91E2-73F48BDC7525} - C:\Program Files\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra button: Add to Local Website Archive - {BAD3887C-C44F-436A-BE7E-184C47E66D09} - C:\Program Files\Local Website Archive\wsarc.exe (HKCU)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 13116 bytes


thanks again for your help ;)
 
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

uninstall-man.jpg


5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
 
saved list

I shaba, thought you were offline, i'm glad you're here
Here is what you asked (i hope i've done it whright :red: )

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
3D Windows XP Screen Saver
7-Zip 4.57
Adaptec UDF Reader
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Photoshop Elements 6.0
Adobe Reader 8.1.2
Alt-Tab Task Switcher Powertoy for Windows XP
AM-DeadLink 3.2
Any FLV Player 2.0.0
Applian FLV Player
APSW In A Flash
Ashampoo WinOptimizer 5.00
AudioPix
AVG Free 8.0
Biometric Screensaver
BookmarkSync v2.3.2
BootSkin
Calculator Powertoy for Windows XP
CCleaner (remove only)
Classic Menu 3.x for Office 2007
ClearType Tuning Control Panel Applet
Collectorz.com Book Collector
ConvertXtoDVD 3.2.0.52
Copernic Agent Basic
Copernic Desktop Search 2
CubeDesktop 1.1.3
Desktop Icon Toy 3.2
Dicionário eletrônico Houaiss
Disco de recordações HP
Diskeeper Professional Edition
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DLL Toys International Edition 2004 R4
doPDF 6.0 printer
DScaler 4.1.10
DVD Decrypter (Remove Only)
DVD Shrink 3.2
E.M. Free PowerPoint Video Converter 1.0
eMusic - 50 Free MP3 offer
FLiP 3
Folder Size for Windows
Freeciv 2.0.9 (GTK+ client)
FreeRIP v2.60
GetPix (remove only)
getPlus(R)_ocx
Google Earth
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Photo and Imaging 2.1 - Scanjet 36X0 Series
Image Resizer Powertoy for Windows XP
ImTOO MP4 Video Converter
IncrediMail Xe
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Jigsaw Puzzle Lite (remove only)
K-Lite Codec Pack 3.2.5 Full
Kyodai Mahjongg 2006 v1.42
LightScribe System Software 1.10.23.1
Local Website Archive 2.1.0
LogonStudio
Magic ISO Maker v5.4 (build 0251)
Magic ISO Maker v5.4 (build 0256)
MagicDisc 2.6.93
MagicDisc 2.7.105
Magnifier Powertoy for Windows XP
Media Library Management Wizard
Messenger Plus! Live
MetaProducts Download Express
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office IME (Chinese (Simplified)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office IME (Japanese) 2007
Microsoft Office IME (Korean) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Bulgarian) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (Chinese (Simplified)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (Croatian) 2007
Microsoft Office Proof (Czech) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Estonian) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Greek) 2007
Microsoft Office Proof (Gujarati) 2007
Microsoft Office Proof (Hebrew) 2007
Microsoft Office Proof (Hindi) 2007
Microsoft Office Proof (Hungarian) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Japanese) 2007
Microsoft Office Proof (Kannada) 2007
Microsoft Office Proof (Korean) 2007
Microsoft Office Proof (Latvian) 2007
Microsoft Office Proof (Lithuanian) 2007
Microsoft Office Proof (Marathi) 2007
Microsoft Office Proof (Norwegian (Bokmål)) 2007
Microsoft Office Proof (Norwegian (Nynorsk)) 2007
Microsoft Office Proof (Polish) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Punjabi) 2007
Microsoft Office Proof (Romanian) 2007
Microsoft Office Proof (Russian) 2007
Microsoft Office Proof (Serbian (Latin)) 2007
Microsoft Office Proof (Slovak) 2007
Microsoft Office Proof (Slovenian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proof (Tamil) 2007
Microsoft Office Proof (Telugu) 2007
Microsoft Office Proof (Thai) 2007
Microsoft Office Proof (Turkish) 2007
Microsoft Office Proof (Ukrainian) 2007
Microsoft Office Proof (Urdu) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Kit 2007
Microsoft Office Proofing Tools Kit 2007
Microsoft Office ProofMUI (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! for Windows XP
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft® Winter Fun Pack 2004 for Windows® XP
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Moyea FLV Downloader version 1.15.0.15
Moyea FLV Player version 1.5.2.7
Moyea FLV to Video Converter Pro version 1.29.2.11
Mozilla Firefox (2.0.0.2)
MSXML 4.0 SP2 (KB936181)
MV2Player (remove only)
Nero 8
neroxml
Netcraft Toolbar
OmniPage Pro 12.0
PCTV
PDFCreator
PDFCreator Toolbar
Personal License Update Wizard for Windows Media Player
Philips PSC703 V1.89 Update Driver (ENG)
Philips PSC705 V1.89 Update Driver (ENG)
Pinnacle TRex
Plus! MP3 Audio Converter LE
PowerDVD
Rainlendar2 (remove only)
Rhapsody Player Engine
Sandboxie 3.26
save2pc Pro 3.25
ScanSoft RealSpeak
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Simple Sudoku 4.2
Skype™ 3.6
Smooth Program Scheduler 1.0
Software para Impressoras EPSON
Sonic Foundry ACID 2.0c
SONY USB CAMERA Installer
Speed DVD Creator 4.0.41
Speed Video Converter 3.1.1
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.1
Styler
SubtitleCreator
Switch
SyncToy
The_Lynx_Internet_Radio_Network Toolbar
Timershot Powertoy for Windows XP
Total Video Converter 3.11 070908
Tweak UI
Unlocker 1.8.7
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb956080)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
VCRedistSetup
VideoLAN VLC media player 0.8.6d
Virtual Desktop Manager Powertoy for Windows XP
Vista Transformation Pack 8.0
Vista/XP Virtual Desktops
Visual Task Tips 3.1
VisualSubSync (remove only)
WebSite-Watcher 4.40
Winamp (remove only)
Windows Desktop Search 3.01
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Series TweakMP PowerToy
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Creativity Fun Packs - Windows XP Power Toys
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Windows XP Video Screensaver Powertoy
WinNc 2000
WinPcap 4.0
WinRAR archiver
WinZip 11.2

thanks
 
Uninstall via add/remove programs:

eMusic - 50 Free MP3 offer
Java(TM) 6 Update 4
Java(TM) 6 Update 5

Open notepad and copy/paste the text in the codebox below into it:

Code: 
DirLook::
C:\Program Files\Torrent-Search

Folder::
C:\Documents and Settings\All Users\Application Data\dilupkzg

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"bCqf6PD0V0"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{858adae0-63cc-11dd-99f3-00805a2069c9}]

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
Reports

Hi Shaba, thanks again, the computer didn't rebot and here are the log files you asked:

ComboFix 08-10-14.07 - Casa 2008-10-15 18:31:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.270 [GMT 1:00]
Executando de: C:\Documents and Settings\Casa\Desktop\ComboFix.exe
Comandos utilizados :: C:\Documents and Settings\Casa\Desktop\CFScript.txt
* Criado um novo ponto de restauro
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\dilupkzg

.
(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-15 to 2008-10-15 ))))))))))))))))))))))))))))
.

2008-10-15 15:56 . 2008-10-15 15:56 <DIR> d-------- C:\spoolerlogs
2008-10-14 02:54 . 2008-10-14 02:54 <DIR> d-------- C:\Documents and Settings\Mãe\Application Data\MetaProducts
2008-10-14 02:54 . 2008-10-14 02:54 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\MetaProducts
2008-10-14 02:22 . 2008-10-14 02:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-14 01:09 . 2008-10-14 02:14 4,438 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-13 03:09 . 2008-10-13 23:56 181 --a------ C:\WINDOWS\wininit.ini
2008-10-13 02:15 . 2008-10-13 02:15 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-16 03:08 . 2008-09-16 03:46 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 17:25 --------- d-----w C:\Program Files\Java
2008-10-15 17:23 --------- d-----w C:\Program Files\Winamp
2008-10-15 15:16 7,886,336 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-10-15 14:53 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-14 23:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-14 01:54 --------- d-----w C:\Program Files\Download Express
2008-10-14 01:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-14 01:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-13 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-13 00:44 --------- d-----w C:\Program Files\SpywareBlaster
2008-10-10 07:58 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-10-10 07:58 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-10-01 14:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-09-30 02:37 --------- d-----w C:\Program Files\Rainlendar2
2008-09-11 05:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-08 22:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-07 19:55 --------- d-----w C:\Documents and Settings\Casa\Application Data\Vso
2008-09-07 18:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2008-09-07 05:59 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-07 05:59 47,360 ----a-w C:\Documents and Settings\Casa\Application Data\pcouffin.sys
2008-09-07 05:59 --------- d-----w C:\Program Files\vso
2008-09-03 16:38 --------- d-----w C:\Program Files\Google
2008-08-31 22:02 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-31 21:47 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-18 11:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-04-14 05:27 81,920 ----a-w C:\Documents and Settings\Casa\Application Data\ezpinst.exe
2008-04-04 02:51 14,290 ----a-w C:\Program Files\settings.dat
2008-03-21 16:12 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
Code: 
<pre>
----a-w        18,851,397 2008-03-23 16:38:13  C:\Documents and Settings\Casa\My Documents\Downloads\Internet Explorer 7.0.5730.11 (AIO)\Internet Explorer 7.0.5730.11 .exe
</pre>


(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\Torrent-Search ----

C:\Program Files\Torrent-Search\


------- Sigcheck -------

2005-03-02 01:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 10:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2003-11-08 13:00 1947904 0e8efb15746878a9b256e75267337233 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-04 06:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 01:34 2067712 73c6d7f370eee2330162a8dd3302159c C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2004-08-04 06:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-13 19:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
2007-02-28 09:38 2068480 bf7d3b9a67fdabb7ada4df7c0286b382 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

2005-03-02 02:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 10:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2003-11-08 13:00 2042240 b9080d97dbd631aadf9128f7316958d2 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 07:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 01:59 2190208 ba9c5fd985ba9de863f482b892b0e4ad C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-08-04 07:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-13 20:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
2007-02-28 10:10 2191232 cc208534f5463d154da324ae9eceac78 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\VITrans\ntoskrnl.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-15_16.24.35.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-15 15:54:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_754.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cb90f295-4524-4bd4-adb4-8dc333d67d6a}]
2008-03-13 11:30 1524248 --a------ C:\Program Files\The_Lynx_Internet_Radio_Network\tbThe_.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 13:04 97064 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2008-08-24 4067328]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2008-05-22 167936]
"Copernic Desktop Search 2"="C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" [2008-02-13 1583624]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-20 65536]
"VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2008-02-19 61440]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"PCTVRemote"="C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe" [2002-01-29 61440]
"Opware12"="C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" [2003-05-20 49152]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-09-26 35328]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-04 987187]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2005-07-27 184408]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"IME JPN 2007 Migration"="C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE" [2007-08-23 66936]
"Microsoft Pinyin IME Migration"="C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2006-10-26 32560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]

C:\Documents and Settings\Guest\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\Casa\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-04-04 575488]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.i420"= i420vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopIconToy]
--a------ 2008-04-26 17:19 450560 C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R0 u1pvdbs;SONY USB CAMERA Base Driver;C:\WINDOWS\system32\DRIVERS\u1pvdbs.sys [2001-11-27 6225]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 97928]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51 13560]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-31 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-02 76040]
R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 53032]
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys [2002-04-02 6369]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-04-27 93696]
R3 u1pvdsm;SONY USB CAMERA Video Capture Device;C:\WINDOWS\system32\DRIVERS\u1pvdsm.sys [2001-11-27 318419]
S3 tbHD;Philips PSC705 WDM Driver;C:\WINDOWS\system32\drivers\TBirdHD.sys [2002-06-04 336066]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 18:34:20
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
Tempo para conclusão: 2008-10-15 18:38:49
ComboFix-quarantined-files.txt 2008-10-15 17:37:46
ComboFix2.txt 2008-10-15 15:26:00

Pré-execução: 3.047.534.592 bytes free
Pós execução: 3,033,747,456 bytes free

206 --- E O F --- 2008-09-11 05:37:15



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:17, on 15-10-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Casa\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netcabo.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: The Lynx Internet Radio Network Toolbar - {cb90f295-4524-4bd4-adb4-8dc333d67d6a} - C:\Program Files\The_Lynx_Internet_Radio_Network\tbThe_.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand203000013.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: The Lynx Internet Radio Network Toolbar - {cb90f295-4524-4bd4-adb4-8dc333d67d6a} - C:\Program Files\The_Lynx_Internet_Radio_Network\tbThe_.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Program Files\Netcraft Toolbar\nctb.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Add to Local Website Archive - C:\Documents and Settings\Casa\Application Data\aignes\Local Website Archive\config\iearc.htm
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Documents and Settings\Casa\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {298C0B4F-3330-4F82-A2B0-75CB87AC3E97} - C:\Program Files\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {298C0B4F-3330-4F82-A2B0-75CB87AC3E97} - C:\Program Files\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra button: Add to Local Website Archive - {651B27BB-07F3-46F6-91E2-73F48BDC7525} - C:\Program Files\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra button: Add to Local Website Archive - {BAD3887C-C44F-436A-BE7E-184C47E66D09} - C:\Program Files\Local Website Archive\wsarc.exe (HKCU)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 13040 bytes
 
Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
 
hi shaba, sorry to bother you :sad:
I've two disks on my computer, one removable (40Gb) and one internal (80Gb)just for archive. Right now they are about 90% full (i'm planing to buy 2 other ones bigger to replace them) since I'm already runing out of space, I'm already runing the full computer scan for about 3 hours and it's not even in the midle yet (it's scaning the C disk yet)
are you sure you want both discs to be scanned?
if so i'll continue (maybe i'll have to restart tomorow since it'll be quite anoying to sleep earing the noise of the computer in the night) and post the log here tomorow night, is that allright for you? :)
 
reports

Hi Shaba, sorry for de delayed on this reports but as you can see it took more than 7 hours to do the scan. :rolleyes:
Here it goes the report from kaspery (it look likes i'll have to do a scan with my avg antivirus ) and a fresh hijackThis log.
thanks for the help !!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, October 16, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, October 16, 2008 08:52:28
Records in database: 1315286
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
M:\

Scan statistics:
Files scanned: 134131
Threat name: 44
Infected objects: 343
Suspicious objects: 0
Duration of the scan: 07:17:57


File name / Threat name / Threats count
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Casa\Desktop\11\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Casa\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Abnardella_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Adventureous_spirit_Buy_IncreaseSpermCount.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Alidatulian_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Beck_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Boggs_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Buddy1237-Lose-10poundsIn10days.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_DIET_SENSATION.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_ExplodingOrgasm-BiggerLoads.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Buy_ExplodingOrgasms.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_GUARANTEEDENLARGER.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_HERBALVIAGRA.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_LASTLONGER.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_LAST_LONGER.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_MultiOrgasms.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_PERMANENT_ENLARG.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_SPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Carminaherrera_click-onlineRX.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Carminaherrera_click_LAST-LONGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Chantal_89_click-onlineRX.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\click-WeightLossSensation.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Conejobustos_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Farris_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Frankmadero_click-sdrfs.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Frtrus.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Gcaldera31_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Hamlin_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Hogue_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Jesines-Lose-10poundsIn10days.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Jlaws27_click-EXPLODING-ORGASMS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Kim_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Krmuska182_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Krmuska182_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Lorettab4_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Lori_last_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mackey_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mayram56_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mgaby11_click-onlineRX.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mmary84_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Moreno_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\OpenThisHTML_3DayDeliveryRXmed.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\OpenThisHTML_FastDeliveryRXmed.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Osborne_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Paulomarques84_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Paulomarques84_click-ONLINE_PHARM.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Perlunix_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pmc49_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pmc49_click_PERMANENTGrowth.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pompier80_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Remacost_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Saeconsultores_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Saeconsultores_click-onlineRX.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Saeconsultores_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Sbrittonga_click-onlineRX.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Shannon_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Stahl_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Toan_alex_nguyen_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Unforgiv3n_click-BiggerLoads.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Unforgiv3n_click-onlineRX.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Wellsburggirl_Buy_Last-Longer.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Yutsc_click_LASTLONGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Zerosklero-Lose-10poundsIn10days.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{01C8D34D-DF5D-463E-8CD2-E911826231F2}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{075899CB-20B2-407F-904B-BF952A5230CC}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{0E7C65B6-CD51-4DC4-A2BC-6CDB5A7D09C6}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{2D60A64E-E25D-4FB9-86AE-F16EB0D0A9FB}\Chantal_89_click-onlineRX.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{354C5E39-0E90-477C-9217-82998227E73E}\BUY_SPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{36822013-9908-42E6-B647-752E27CB4752}\Lorettab4_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{5C402DBB-BC46-4548-B3E5-5E947B4E3501}\Saeconsultores_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{65D1C754-A492-454A-99E1-48B877843A87}\Saeconsultores_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{71B68522-D715-4062-9184-B142BCA1CC1A}\Buy_Rx_Here.html Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{8A3E94EC-ECAE-4D43-8E1D-40FEE42FAABA}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{927AE709-00FF-4BE0-A7F7-2D4FFBA9D24E}\Lori_last_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{93E04E5C-84C0-468E-A5FC-05BE0728B3BC}\BUY_YOURSPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{95FB89A0-A70A-4725-A645-469075A9D098}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{AC624000-90DF-48E1-AA27-2BA3CED1D596}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{C018DE05-6F18-4C56-886F-F1693CC9AD28}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{C4F9D6B9-045C-4316-9147-AF9B9C114589}\BUY_MultiOrgasms.HTM Infected: Trojan.JS.Redirector.b 1
C:\Documents and Settings\Casa\My Documents\Downloads\Acronis Disk Director Server v10.0 Build 2169 [h33t] [Original]\diskdirectorserver100b2169en1.rar Infected: Trojan-Downloader.Win32.Delf.mmt 1
C:\Documents and Settings\Casa\My Documents\Downloads\Moyea.FLV.To.Video.Converter.Pro.v1.29.2.11.WinAll.Regged-PALACE\FLV2Video_Install.exe Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Casa\My Documents\Downloads\Moyea.FLV.To.Video.Converter.Pro.v1.29.2.11.WinAll.Regged-PALACE\FLV2Video_Install.exe Infected: Trojan.Win32.Pakes.cgn 1
C:\Films\subtitles\the chronicles of narnia - the lion, the witch, and the wardrobe part 1e 2 .sub portuguese\the chronicles of narnia - the lion, the witch, and the wardrobe part 1.sub portuguese.zip Infected: Trojan-Downloader.WMA.Wimad.d 1
D:\DISCO C E DESKTOP\Disco C.zip Infected: Trojan.JS.Redirector.b 28
D:\DISCO C E DESKTOP\IncrediMail Transferred Data\IncrediMail Data.cab Infected: Trojan.JS.Redirector.b 3
D:\DISCO C E DESKTOP\IncrediMail Transferred Data\IncrediMail Data1.cab Infected: Trojan.JS.Redirector.b 3
D:\DISCO C E DESKTOP\IncrediMail Transferred Data\IncrediMail Data2.cab Infected: Trojan.JS.Redirector.b 3
D:\DISCO C E DESKTOP\IncrediMail Transferred Data\IncrediMail Data3.cab Infected: Trojan.JS.Redirector.b 3
D:\Films\subtitles\the chronicles of narnia - the lion, the witch, and the wardrobe part 1e 2 .sub portuguese\the chronicles of narnia - the lion, the witch, and the wardrobe part 1.sub portuguese.zip Infected: Trojan-Downloader.WMA.Wimad.d 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Abnardella_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Alidatulian_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Beck_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Boggs_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Buddy1237-Lose-10poundsIn10days.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_DIET_SENSATION.HTM Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_ExplodingOrgasm-BiggerLoads.HTM Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Buy_ExplodingOrgasms.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_GUARANTEEDENLARGER.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_HERBALVIAGRA.HTM Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_LASTLONGER.HTM Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_LAST_LONGER.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_MultiOrgasms.HTM Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_PERMANENT_ENLARG.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_SPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Carminaherrera_click_LAST-LONGER.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\click-WeightLossSensation.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Conejobustos_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Farris_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Frankmadero_click-sdrfs.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Frtrus.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Gcaldera31_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Hamlin_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Hogue_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Jesines-Lose-10poundsIn10days.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Jlaws27_click-EXPLODING-ORGASMS.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Kim_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Krmuska182_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Lorettab4_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Lori_last_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mackey_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mmary84_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Moreno_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\OpenThisHTML_3DayDeliveryRXmed.HTM Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\OpenThisHTML_FastDeliveryRXmed.HTM Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Osborne_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Paulomarques84_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Paulomarques84_click-ONLINE_PHARM.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Perlunix_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pmc49_click_PERMANENTGrowth.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pompier80_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Remacost_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Saeconsultores_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Shannon_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Stahl_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Toan_alex_nguyen_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Unforgiv3n_click-BiggerLoads.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Wellsburggirl_Buy_Last-Longer.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Yutsc_click_LASTLONGER.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Zerosklero-Lose-10poundsIn10days.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{01C8D34D-DF5D-463E-8CD2-E911826231F2}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{075899CB-20B2-407F-904B-BF952A5230CC}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{0E7C65B6-CD51-4DC4-A2BC-6CDB5A7D09C6}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{354C5E39-0E90-477C-9217-82998227E73E}\BUY_SPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{36822013-9908-42E6-B647-752E27CB4752}\Lorettab4_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{8A3E94EC-ECAE-4D43-8E1D-40FEE42FAABA}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{927AE709-00FF-4BE0-A7F7-2D4FFBA9D24E}\Lori_last_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{93E04E5C-84C0-468E-A5FC-05BE0728B3BC}\BUY_YOURSPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{95FB89A0-A70A-4725-A645-469075A9D098}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{AC624000-90DF-48E1-AA27-2BA3CED1D596}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{C018DE05-6F18-4C56-886F-F1693CC9AD28}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{C4F9D6B9-045C-4316-9147-AF9B9C114589}\BUY_MultiOrgasms.HTM Infected: Trojan.JS.Redirector.b 1
D:\Incredimail\IM.zip Infected: Trojan.JS.Redirector.b 42
D:\Incredimail\IncrediMail Data2.cab Infected: Trojan.JS.Redirector.b 8
D:\Programas\Longhorn\RockXP4.zip Infected: not-a-virus:PSWTool.Win32.PWDump.2 2
D:\Programas\Longhorn\RockXP4.zip Infected: not-a-virus:PSWTool.Win32.RAS.a 1
D:\Programas\Programas\bsplayer\bsplayer141.832.exe Infected: not-a-virus:AdTool.Win32.WhenU.a 1
D:\Programas\Programas\desktop search tools\vmntoolbox.exe Infected: not-a-virus:AdWare.Win32.BHO.byo 1
D:\Programas\Programas\FTP Servers\aceftp3\aceftp3free.exe Infected: not-a-virus:AdWare.Win32.BHO.ajt 1
D:\Programas\Programas\games\PacMan\FishTales.exe Infected: not-a-virus:AdTool.Win32.WhenU.a 1
D:\Programas\Programas\games\PacMan\FishTales.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\Programas\Programas\games\PacMan\Magic_Pets.exe Infected: not-a-virus:AdTool.Win32.WhenU.a 1
D:\Programas\Programas\games\PacMan\Magic_Pets.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\Programas\Programas\games\PacMan\PacManic.exe Infected: not-a-virus:AdTool.Win32.WhenU.a 1
D:\Programas\Programas\games\PacMan\PacManic.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\Programas\Programas\games\PacMan\PacManic_Christmas.exe Infected: not-a-virus:AdTool.Win32.WhenU.a 1
D:\Programas\Programas\games\PacMan\PacManic_Christmas.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\Programas\Programas\games\Screensaver\Amazon_Waterfall_Screensaver\Amazon_Waterfall_Screensaver.exe Infected: not-a-virus:AdTool.Win32.WhenU.a 1
D:\Programas\Programas\games\Screensaver\Amazon_Waterfall_Screensaver\Amazon_Waterfall_Screensaver.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\Programas\Programas\games\Screensaver\Aquarium_Screensaver\Aquarium_Screensaver.exe Infected: not-a-virus:AdTool.Win32.WhenU.a 1
D:\Programas\Programas\games\Screensaver\Aquarium_Screensaver\Aquarium_Screensaver.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\Programas\Programas\games\Screensaver\Christmas_Night_Screensaver\Christmas_Night_Screensaver.exe Infected: not-a-virus:AdTool.Win32.WhenU.a 1
D:\Programas\Programas\games\Screensaver\Christmas_Night_Screensaver\Christmas_Night_Screensaver.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\Programas\Programas\games\Screensaver\Sea_Castle_Screensaver\Sea_Castle_Screensaver.exe Infected: not-a-virus:AdTool.Win32.WhenU.a 1
D:\Programas\Programas\games\Screensaver\Sea_Castle_Screensaver\Sea_Castle_Screensaver.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\Programas\Programas\ie 7\ie7\Add Ons\vmntoolbox.exe Infected: not-a-virus:AdWare.Win32.BHO.byo 1
D:\Programas\Programas\incredimail\PhotoJoy\PhotoJoy_Install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.o 1
D:\Programas\Programas\MSN\Msn Live Messenger 8\Setup.exe Infected: not-a-virus:AdWare.Win32.180Solutions.as 1
D:\Programas\Programas\MSN\Msn Live Messenger 8\SmileyCentralPFSetup2.1.50.3-3.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.as 1
D:\Programas\Programas\Screensavers\sinstaller2(2).exe Infected: not-a-virus:AdWare.Win32.Comet.ac 1
D:\Programas\Programas\Stardock\themes\105063.exe Infected: not-a-virus:AdWare.Win32.EZula.z 1
D:\Programas\Programas\Stardock\themes\tcf1464.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\Programas\Programas\Stardock\themes\tcf1464.exe Infected: not-a-virus:AdWare.Win32.Gator.3103 1
D:\Programas\Programas\Stardock\themes\tcf1464.exe Infected: not-a-virus:AdWare.Win32.EZula.z 1
D:\Programas\Programas\Stardock\themes\tcf1464.exe Infected: Trojan-Dropper.Win32.Agent.pd 1
D:\Programas\Programas\Varios\mailpv.zip Infected: not-a-virus:PSWTool.Win32.MailPassView.e 1
D:\Programas\Programas\Varios\MSN-Password-Recovery-setup.exe Infected: not-a-virus:PSWTool.Win32.MSNPassword.e 1
D:\Programas\Vista\Vista\5\Vista Transformation Pack 5.5.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a 2
D:\Programas\Vista\Vista\6\vtp6(1).zip Infected: not-a-virus:RiskTool.Win32.CloseApp.e 2
D:\Programas\Vista\Vista\6\vtp6(1).zip Infected: Trojan-Spy.Win32.Agent.ehl 1
D:\Programas\Vista\Vista\6\vtp6.zip Infected: not-a-virus:RiskTool.Win32.CloseApp.e 2
D:\Programas\Vista\Vista\6\vtp6.zip Infected: Trojan-Spy.Win32.Agent.ehl 1
D:\Programas\Vista\Vista\6\vtp61.zip Infected: not-a-virus:RiskTool.Win32.CloseApp.e 2
D:\Programas\Vista\Vista\6\vtp61.zip Infected: Trojan-Spy.Win32.Agent.ehl 1
D:\Programas\Vista\Vista\unziped\Vista Transformation Pack 3.0.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a 2
D:\Programas\Vista\Vista\unziped2\Vista Transformation Pack 3.0.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a 2
D:\Programas\Vista\Vista\unziped2\Vista Transformation Pack 4.0.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a 2
D:\Programas\Vista\Vista\Vista Transformation Pack\Vista Transformation Pack.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a 2
D:\Programas\Vista\Vista\Vista Transformation Pack\Vista_Transformation_Pack_4.0.rar Infected: not-a-virus:RiskTool.Win32.CloseApp.a 2
D:\Programas\Vista\Vista\Vista Transformation Pack\vtp3.zip Infected: not-a-virus:RiskTool.Win32.CloseApp.a 2
D:\Programas\Vista\Vista\Vista Transformation Pack\vtp4.zip Infected: not-a-virus:RiskTool.Win32.CloseApp.a 2
D:\Programas\Vista\Vista\vitrans.zip Infected: not-a-virus:RiskTool.Win32.CloseApp.a 2
D:\Programas\Vista\Vista\vitrans2.0.zip Infected: not-a-virus:RiskTool.Win32.CloseApp.a 2
D:\Programas\Vista\Vista\vitrans_lite.zip Infected: not-a-virus:RiskTool.Win32.CloseApp.a 2
D:\Programas\Vista\Vista\vtp5_5.zip Infected: not-a-virus:RiskTool.Win32.CloseApp.a 2
D:\Programas\Vista\Vista\vtp6(1)\Vista Transformation Pack 6.0.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.e 2
D:\Programas\Vista\Vista\vtp6(1)\Vista Transformation Pack 6.0.exe Infected: Trojan-Spy.Win32.Agent.ehl 1
D:\Programas\Vista\Vista\vtp6(1)\vtp6.zip Infected: not-a-virus:RiskTool.Win32.CloseApp.e 2
D:\Programas\Vista\Vista\vtp6(1)\vtp6.zip Infected: Trojan-Spy.Win32.Agent.ehl 1
D:\Programas\Vista\Vista\vtp6(1).zip Infected: not-a-virus:RiskTool.Win32.CloseApp.e 2
D:\Programas\Vista\Vista\vtp6(1).zip Infected: Trojan-Spy.Win32.Agent.ehl 1
D:\Programas\Vista\Vista\vtp6.zip Infected: not-a-virus:RiskTool.Win32.CloseApp.e 2
D:\Programas\Vista\Vista\vtp6.zip Infected: Trojan-Spy.Win32.Agent.ehl 1
D:\Programas\Vista\Vista\vtp8\extras\FastAero\FastAero_0751f_eng0.121 Infected: Trojan-Downloader.Win32.Banload.tvg 1
D:\Shared Folder\Completos\Programs\Microsoft\Windows\Descodificador Tvcabo Para Winxp Compativel Com Pinnacle.ace Infected: Trojan.Win32.VB.ef 6
D:\Shared Folder\Completos\Programs\Microsoft\Windows\Descodificador Tvcabo Para Winxp Compativel Com Pinnacle.ace Infected: not-a-virus:AdWare.Win32.Aureate.a 5
D:\Shared Folder\Completos\Programs\Microsoft\Windows\Descodificador Tvcabo Para Winxp Compativel Com Pinnacle.zip Infected: Trojan.Win32.VB.ef 4
D:\Shared Folder\Completos\Programs\Microsoft\Windows\Descodificador Tvcabo Para Winxp Compativel Com Pinnacle.zip Infected: not-a-virus:AdWare.Win32.Aureate.a 5

The selected area was scanned.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:20:16, on 17-10-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Documents and Settings\Casa\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netcabo.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: The Lynx Internet Radio Network Toolbar - {cb90f295-4524-4bd4-adb4-8dc333d67d6a} - C:\Program Files\The_Lynx_Internet_Radio_Network\tbThe_.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand203000013.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: The Lynx Internet Radio Network Toolbar - {cb90f295-4524-4bd4-adb4-8dc333d67d6a} - C:\Program Files\The_Lynx_Internet_Radio_Network\tbThe_.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Program Files\Netcraft Toolbar\nctb.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [IME JPN 2007 Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE /Preload
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: Add to Local Website Archive - C:\Documents and Settings\Casa\Application Data\aignes\Local Website Archive\config\iearc.htm
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Documents and Settings\Casa\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {298C0B4F-3330-4F82-A2B0-75CB87AC3E97} - C:\Program Files\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {298C0B4F-3330-4F82-A2B0-75CB87AC3E97} - C:\Program Files\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra button: Add to Local Website Archive - {651B27BB-07F3-46F6-91E2-73F48BDC7525} - C:\Program Files\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra button: Add to Local Website Archive - {BAD3887C-C44F-436A-BE7E-184C47E66D09} - C:\Program Files\Local Website Archive\wsarc.exe (HKCU)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 12747 bytes
 
(it look likes i'll have to do a scan with my avg antivirus )
..............................................................................

But I'll wait do do so until you tell me to
Thanks Again :) !!!
 
Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Abnardella_click-PERMANENTENLARGER.htm I
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Adventureous_spirit_Buy_IncreaseSpermCount.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Alidatulian_click-PERMANENTENLARGER.htm Infected: 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Beck_Buy_PermanentEnlarger.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Boggs_Buy_HERBALVIAGRA.HTML  
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Buddy1237-Lose-10poundsIn10days.htm Infected: 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_DIET_SENSATION.HTM
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_ExplodingOrgasm-BiggerLoads.HTM Infected: 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Buy_ExplodingOrgasms.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_GUARANTEEDENLARGER.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_HERBALVIAGRA.HTM
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_LASTLONGER.HTM 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_LAST_LONGER.HTML
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_MultiOrgasms.HTM 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_PERMANENTENLARG.HTM 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_PERMANENT_ENLARG.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_SPERMCOUNT.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Carminaherrera_click-onlineRX.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Carminaherrera_click_LAST-LONGER.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Chantal_89_click-onlineRX.htm
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\click-WeightLossSensation.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Conejobustos_10POUNDSIN10DAYSDIET.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Farris_Buy_PermanentEnlarger.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Frankmadero_click-sdrfs.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Frtrus.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Gcaldera31_Buy_PermanentEnlarger.HTML
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Hamlin_Buy_PermanentEnlarger.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Hogue_Buy_PermanentEnlarger.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Jesines-Lose-10poundsIn10days.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Jlaws27_click-EXPLODING-ORGASMS.htm
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Kim_Buy_PermanentEnlarger.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Krmuska182_click-BIGGERLOADS.htm
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Krmuska182_click-PERMANENTENLARGER.htm
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Lorettab4_click-PERMANENTENLARGER.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Lori_last_click-PERMANENTENLARGER.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mackey_Buy_HERBALVIAGRA.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mayram56_click-BIGGERLOADS.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mgaby11_click-onlineRX.htm
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mmary84_click-PERMANENTENLARGER.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Moreno_Buy_PermanentEnlarger.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\OpenThisHTML_3DayDeliveryRXmed.HTM 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\OpenThisHTML_FastDeliveryRXmed.HTM 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Osborne_Buy_PermanentEnlarger.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Paulomarques84_10POUNDSIN10DAYSDIET.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Paulomarques84_click-ONLINE_PHARM.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Perlunix_click-PERMANENTENLARGER.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pmc49_click-BIGGERLOADS.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pmc49_click_PERMANENTGrowth.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pompier80_click-BIGGERLOADS.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Remacost_10POUNDSIN10DAYSDIET.HTML
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Saeconsultores_click-BIGGERLOADS.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Saeconsultores_click-onlineRX.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Saeconsultores_click-PERMANENTENLARGER.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Sbrittonga_click-onlineRX.htm Infected: 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Shannon_Buy_PermanentEnlarger.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Stahl_Buy_HERBALVIAGRA.HTML
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Toan_alex_nguyen_10POUNDSIN10DAYSDIET.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Unforgiv3n_click-BiggerLoads.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Unforgiv3n_click-onlineRX.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Wellsburggirl_Buy_Last-Longer.HTML
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Yutsc_click_LASTLONGER.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Zerosklero-Lose-10poundsIn10days.htm
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{01C8D34D-DF5D-463E-8CD2-E911826231F2}\BUY_PERMANENTENLARG.HTM 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{075899CB-20B2-407F-904B-BF952A5230CC}\BUY_PERMANENTENLARG.HTM 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{0E7C65B6-CD51-4DC4-A2BC-6CDB5A7D09C6}\BUY_PERMANENTENLARG.HTM
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{2D60A64E-E25D-4FB9-86AE-F16EB0D0A9FB}\Chantal_89_click-onlineRX.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{354C5E39-0E90-477C-9217-82998227E73E}\BUY_SPERMCOUNT.HTML
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{36822013-9908-42E6-B647-752E27CB4752}\Lorettab4_click-PERMANENTENLARGER.htm
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{5C402DBB-BC46-4548-B3E5-5E947B4E3501}\Saeconsultores_click-BIGGERLOADS.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{65D1C754-A492-454A-99E1-48B877843A87}\Saeconsultores_click-PERMANENTENLARGER.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{71B68522-D715-4062-9184-B142BCA1CC1A}\Buy_Rx_Here.html 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{8A3E94EC-ECAE-4D43-8E1D-40FEE42FAABA}\BUY_PERMANENTENLARG.HTM
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{927AE709-00FF-4BE0-A7F7-2D4FFBA9D24E}\Lori_last_click-PERMANENTENLARGER.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{93E04E5C-84C0-468E-A5FC-05BE0728B3BC}\BUY_YOURSPERMCOUNT.HTML
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{95FB89A0-A70A-4725-A645-469075A9D098}\BUY_PERMANENTENLARG.HTM
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{AC624000-90DF-48E1-AA27-2BA3CED1D596}\BUY_PERMANENTENLARG.HTM
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{C018DE05-6F18-4C56-886F-F1693CC9AD28}\BUY_PERMANENTENLARG.HTM 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{C4F9D6B9-045C-4316-9147-AF9B9C114589}\BUY_MultiOrgasms.HTM Infected:
C:\Documents and Settings\Casa\My Documents\Downloads\Acronis Disk Director Server v10.0 Build 2169 [h33t] [Original]\diskdirectorserver100b2169en1.rar I
C:\Documents and Settings\Casa\My Documents\Downloads\Moyea.FLV.To.Video.Converter.Pro.v1.29.2.11.WinAll.Regged-PALACE
C:\Documents and Settings\Casa\My Documents\Downloads
C:\Films\subtitles\the chronicles of narnia - the lion, the witch, and the wardrobe part 1e 2 .sub portuguese\the chronicles of narnia - the lion, the witch, and the wardrobe part 1.sub portuguese.zip Infected: Trojan-Downloader.WMA.Wimad.d 1
D:\DISCO C E DESKTOP\Disco C.zip 
D:\DISCO C E DESKTOP\IncrediMail Transferred Data\IncrediMail Data.cab 
D:\DISCO C E DESKTOP\IncrediMail Transferred Data\IncrediMail Data1.cab 
D:\DISCO C E DESKTOP\IncrediMail Transferred Data\IncrediMail Data2.cab 
D:\DISCO C E DESKTOP\IncrediMail Transferred Data\IncrediMail Data3.cab 
D:\Films\subtitles\the chronicles of narnia - the lion, the witch, and the wardrobe part 1e 2 .sub portuguese\the chronicles of narnia - the lion, the witch, and the wardrobe part 1.sub portuguese.zip 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Abnardella_click-PERMANENTENLARGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Alidatulian_click-PERMANENTENLARGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Beck_Buy_PermanentEnlarger.HTML Infected: 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Boggs_Buy_HERBALVIAGRA.HTML Infected: 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Buddy1237-Lose-10poundsIn10days.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_DIET_SENSATION.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_ExplodingOrgasm-BiggerLoads.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Buy_ExplodingOrgasms.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_GUARANTEEDENLARGER.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_HERBALVIAGRA.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_LASTLONGER.HTM
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_LAST_LONGER.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_MultiOrgasms.HTM
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_PERMANENTENLARG.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_PERMANENT_ENLARG.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_SPERMCOUNT.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Carminaherrera_click_LAST-LONGER.htm I
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\click-WeightLossSensation.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Conejobustos_10POUNDSIN10DAYSDIET.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Farris_Buy_PermanentEnlarger.HTML Infected: 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Frankmadero_click-sdrfs.htm Infected: 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Frtrus.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Gcaldera31_Buy_PermanentEnlarger.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Hamlin_Buy_PermanentEnlarger.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Hogue_Buy_PermanentEnlarger.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Jesines-Lose-10poundsIn10days.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Jlaws27_click-EXPLODING-ORGASMS.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Kim_Buy_PermanentEnlarger.HTML Infected: 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Krmuska182_click-PERMANENTENLARGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Lorettab4_click-PERMANENTENLARGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Lori_last_click-PERMANENTENLARGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mackey_Buy_HERBALVIAGRA.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mmary84_click-PERMANENTENLARGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Moreno_Buy_PermanentEnlarger.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\OpenThisHTML_3DayDeliveryRXmed.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\OpenThisHTML_FastDeliveryRXmed.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Osborne_Buy_PermanentEnlarger.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Paulomarques84_10POUNDSIN10DAYSDIET.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Paulomarques84_click-ONLINE_PHARM.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Perlunix_click-PERMANENTENLARGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pmc49_click_PERMANENTGrowth.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pompier80_click-BIGGERLOADS.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Remacost_10POUNDSIN10DAYSDIET.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Saeconsultores_click-PERMANENTENLARGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Shannon_Buy_PermanentEnlarger.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Stahl_Buy_HERBALVIAGRA.HTML
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Toan_alex_nguyen_10POUNDSIN10DAYSDIET.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Unforgiv3n_click-BiggerLoads.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Wellsburggirl_Buy_Last-Longer.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Yutsc_click_LASTLONGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Zerosklero-Lose-10poundsIn10days.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{01C8D34D-DF5D-463E-8CD2-E911826231F2}\BUY_PERMANENTENLARG.HTM
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{075899CB-20B2-407F-904B-BF952A5230CC}\BUY_PERMANENTENLARG.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{0E7C65B6-CD51-4DC4-A2BC-6CDB5A7D09C6}\BUY_PERMANENTENLARG.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{354C5E39-0E90-477C-9217-82998227E73E}\BUY_SPERMCOUNT.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{36822013-9908-42E6-B647-752E27CB4752}\Lorettab4_click-PERMANENTENLARGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{8A3E94EC-ECAE-4D43-8E1D-40FEE42FAABA}\BUY_PERMANENTENLARG.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{927AE709-00FF-4BE0-A7F7-2D4FFBA9D24E}\Lori_last_click-PERMANENTENLARGER.htm
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{93E04E5C-84C0-468E-A5FC-05BE0728B3BC}\BUY_YOURSPERMCOUNT.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{95FB89A0-A70A-4725-A645-469075A9D098}\BUY_PERMANENTENLARG.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{AC624000-90DF-48E1-AA27-2BA3CED1D596}\BUY_PERMANENTENLARG.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{C018DE05-6F18-4C56-886F-F1693CC9AD28}\BUY_PERMANENTENLARG.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{C4F9D6B9-045C-4316-9147-AF9B9C114589}\BUY_MultiOrgasms.HTM
D:\Incredimail\IM.zip 
D:\Programas\Programas\bsplayer\bsplayer141.832.exe 
D:\Programas\Programas\desktop search tools\vmntoolbox.exe 
D:\Programas\Programas\FTP Servers\aceftp3\aceftp3free.exe 
D:\Programas\Programas\games\PacMan
D:\Programas\Programas\games\Screensaver\Amazon_Waterfall_Screensaver
D:\Programas\Programas\games\Screensaver\Aquarium_Screensaver
D:\Programas\Programas\games\Screensaver\Christmas_Night_Screensaver
D:\Programas\Programas\games\Screensaver\Sea_Castle_Screensaver
D:\Programas\Programas\ie 7\ie7\Add Ons\vmntoolbox.exe 
D:\Programas\Programas\incredimail\PhotoJoy\PhotoJoy_Install.exe 
D:\Programas\Programas\MSN\Msn Live Messenger 8\Setup.exe 
D:\Programas\Programas\MSN\Msn Live Messenger 8\SmileyCentralPFSetup2.1.50.3-3.exe 
D:\Programas\Programas\Screensavers\sinstaller2(2).exe 
D:\Programas\Programas\Stardock\themes\105063.exe 
D:\Programas\Programas\Stardock\themes\tcf1464.exe 
D:\Programas\Programas\Varios\mailpv.zip Infected: not-a-virus:PSWTool.Win32.MailPassView.e 1
D:\Programas\Programas\Varios\MSN-Password-Recovery-setup.exe 
D:\Shared Folder\Completos\Programs\Microsoft\Windows\Descodificador Tvcabo Para Winxp Compativel Com Pinnacle.ace 
D:\Shared Folder\Completos\Programs\Microsoft\Windows\Descodificador Tvcabo Para Winxp Compativel Com Pinnacle.zip
  • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
 
MoveIt Report

Hi Shaba, Here's what you asked

Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Abnardella_click-PERMANENTENLARGER.htm I> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Adventureous_spirit_Buy_IncreaseSpermCount.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Alidatulian_click-PERMANENTENLARGER.htm Infected: > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Beck_Buy_PermanentEnlarger.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Boggs_Buy_HERBALVIAGRA.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Buddy1237-Lose-10poundsIn10days.htm Infected: > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_DIET_SENSATION.HTM> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_ExplodingOrgasm-BiggerLoads.HTM Infected: > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Buy_ExplodingOrgasms.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_GUARANTEEDENLARGER.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_HERBALVIAGRA.HTM> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_LASTLONGER.HTM > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_LAST_LONGER.HTML> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_MultiOrgasms.HTM > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_PERMANENTENLARG.HTM > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_PERMANENT_ENLARG.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_SPERMCOUNT.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Carminaherrera_click-onlineRX.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Carminaherrera_click_LAST-LONGER.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Chantal_89_click-onlineRX.htm> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\click-WeightLossSensation.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Conejobustos_10POUNDSIN10DAYSDIET.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Farris_Buy_PermanentEnlarger.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Frankmadero_click-sdrfs.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Frtrus.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Gcaldera31_Buy_PermanentEnlarger.HTML> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Hamlin_Buy_PermanentEnlarger.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Hogue_Buy_PermanentEnlarger.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Jesines-Lose-10poundsIn10days.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Jlaws27_click-EXPLODING-ORGASMS.htm> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Kim_Buy_PermanentEnlarger.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Krmuska182_click-BIGGERLOADS.htm> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Krmuska182_click-PERMANENTENLARGER.htm> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Lorettab4_click-PERMANENTENLARGER.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Lori_last_click-PERMANENTENLARGER.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mackey_Buy_HERBALVIAGRA.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mayram56_click-BIGGERLOADS.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mgaby11_click-onlineRX.htm> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mmary84_click-PERMANENTENLARGER.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Moreno_Buy_PermanentEnlarger.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\OpenThisHTML_3DayDeliveryRXmed.HTM > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\OpenThisHTML_FastDeliveryRXmed.HTM > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Osborne_Buy_PermanentEnlarger.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Paulomarques84_10POUNDSIN10DAYSDIET.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Paulomarques84_click-ONLINE_PHARM.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Perlunix_click-PERMANENTENLARGER.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pmc49_click-BIGGERLOADS.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pmc49_click_PERMANENTGrowth.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pompier80_click-BIGGERLOADS.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Remacost_10POUNDSIN10DAYSDIET.HTML> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Saeconsultores_click-BIGGERLOADS.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Saeconsultores_click-onlineRX.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Saeconsultores_click-PERMANENTENLARGER.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Sbrittonga_click-onlineRX.htm Infected: > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Shannon_Buy_PermanentEnlarger.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Stahl_Buy_HERBALVIAGRA.HTML> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Toan_alex_nguyen_10POUNDSIN10DAYSDIET.HTML > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Unforgiv3n_click-BiggerLoads.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Unforgiv3n_click-onlineRX.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Wellsburggirl_Buy_Last-Longer.HTML> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Yutsc_click_LASTLONGER.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Zerosklero-Lose-10poundsIn10days.htm> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{01C8D34D-DF5D-463E-8CD2-E911826231F2}\BUY_PERMANENTENLARG.HTM > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{075899CB-20B2-407F-904B-BF952A5230CC}\BUY_PERMANENTENLARG.HTM > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{0E7C65B6-CD51-4DC4-A2BC-6CDB5A7D09C6}\BUY_PERMANENTENLARG.HTM> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{2D60A64E-E25D-4FB9-86AE-F16EB0D0A9FB}\Chantal_89_click-onlineRX.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{354C5E39-0E90-477C-9217-82998227E73E}\BUY_SPERMCOUNT.HTML> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{36822013-9908-42E6-B647-752E27CB4752}\Lorettab4_click-PERMANENTENLARGER.htm> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{5C402DBB-BC46-4548-B3E5-5E947B4E3501}\Saeconsultores_click-BIGGERLOADS.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{65D1C754-A492-454A-99E1-48B877843A87}\Saeconsultores_click-PERMANENTENLARGER.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{71B68522-D715-4062-9184-B142BCA1CC1A}\Buy_Rx_Here.html > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{8A3E94EC-ECAE-4D43-8E1D-40FEE42FAABA}\BUY_PERMANENTENLARG.HTM> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{927AE709-00FF-4BE0-A7F7-2D4FFBA9D24E}\Lori_last_click-PERMANENTENLARGER.htm > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{93E04E5C-84C0-468E-A5FC-05BE0728B3BC}\BUY_YOURSPERMCOUNT.HTML> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{95FB89A0-A70A-4725-A645-469075A9D098}\BUY_PERMANENTENLARG.HTM> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{AC624000-90DF-48E1-AA27-2BA3CED1D596}\BUY_PERMANENTENLARG.HTM> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{C018DE05-6F18-4C56-886F-F1693CC9AD28}\BUY_PERMANENTENLARG.HTM > in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{C4F9D6B9-045C-4316-9147-AF9B9C114589}\BUY_MultiOrgasms.HTM Infected:> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\My Documents\Downloads\Acronis Disk Director Server v10.0 Build 2169 [h33t] [Original]\diskdirectorserver100b2169en1.rar I> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\My Documents\Downloads\Moyea.FLV.To.Video.Converter.Pro.v1.29.2.11.WinAll.Regged-PALACE> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Casa\My Documents\Downloads> in the current context!
Error: Unable to interpret <C:\Films\subtitles\the chronicles of narnia - the lion, the witch, and the wardrobe part 1e 2 .sub portuguese\the chronicles of narnia - the lion, the witch, and the wardrobe part 1.sub portuguese.zip Infected: Trojan-Downloader.WMA.Wimad.d 1> in the current context!
Error: Unable to interpret <D:\DISCO C E DESKTOP\Disco C.zip > in the current context!
Error: Unable to interpret <D:\DISCO C E DESKTOP\IncrediMail Transferred Data\IncrediMail Data.cab > in the current context!
Error: Unable to interpret <D:\DISCO C E DESKTOP\IncrediMail Transferred Data\IncrediMail Data1.cab > in the current context!
Error: Unable to interpret <D:\DISCO C E DESKTOP\IncrediMail Transferred Data\IncrediMail Data2.cab > in the current context!
Error: Unable to interpret <D:\DISCO C E DESKTOP\IncrediMail Transferred Data\IncrediMail Data3.cab > in the current context!
Error: Unable to interpret <D:\Films\subtitles\the chronicles of narnia - the lion, the witch, and the wardrobe part 1e 2 .sub portuguese\the chronicles of narnia - the lion, the witch, and the wardrobe part 1.sub portuguese.zip > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Abnardella_click-PERMANENTENLARGER.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Alidatulian_click-PERMANENTENLARGER.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Beck_Buy_PermanentEnlarger.HTML Infected: > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Boggs_Buy_HERBALVIAGRA.HTML Infected: > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Buddy1237-Lose-10poundsIn10days.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_DIET_SENSATION.HTM > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_ExplodingOrgasm-BiggerLoads.HTM > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Buy_ExplodingOrgasms.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_GUARANTEEDENLARGER.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_HERBALVIAGRA.HTM > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_LASTLONGER.HTM> in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_LAST_LONGER.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_MultiOrgasms.HTM> in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_PERMANENTENLARG.HTM > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_PERMANENT_ENLARG.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_SPERMCOUNT.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Carminaherrera_click_LAST-LONGER.htm I> in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\click-WeightLossSensation.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Conejobustos_10POUNDSIN10DAYSDIET.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Farris_Buy_PermanentEnlarger.HTML Infected: > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Frankmadero_click-sdrfs.htm Infected: > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Frtrus.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Gcaldera31_Buy_PermanentEnlarger.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Hamlin_Buy_PermanentEnlarger.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Hogue_Buy_PermanentEnlarger.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Jesines-Lose-10poundsIn10days.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Jlaws27_click-EXPLODING-ORGASMS.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Kim_Buy_PermanentEnlarger.HTML Infected: > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Krmuska182_click-PERMANENTENLARGER.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Lorettab4_click-PERMANENTENLARGER.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Lori_last_click-PERMANENTENLARGER.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mackey_Buy_HERBALVIAGRA.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mmary84_click-PERMANENTENLARGER.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Moreno_Buy_PermanentEnlarger.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\OpenThisHTML_3DayDeliveryRXmed.HTM > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\OpenThisHTML_FastDeliveryRXmed.HTM > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Osborne_Buy_PermanentEnlarger.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Paulomarques84_10POUNDSIN10DAYSDIET.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Paulomarques84_click-ONLINE_PHARM.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Perlunix_click-PERMANENTENLARGER.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pmc49_click_PERMANENTGrowth.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pompier80_click-BIGGERLOADS.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Remacost_10POUNDSIN10DAYSDIET.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Saeconsultores_click-PERMANENTENLARGER.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Shannon_Buy_PermanentEnlarger.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Stahl_Buy_HERBALVIAGRA.HTML> in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Toan_alex_nguyen_10POUNDSIN10DAYSDIET.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Unforgiv3n_click-BiggerLoads.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Wellsburggirl_Buy_Last-Longer.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Yutsc_click_LASTLONGER.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Zerosklero-Lose-10poundsIn10days.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{01C8D34D-DF5D-463E-8CD2-E911826231F2}\BUY_PERMANENTENLARG.HTM> in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{075899CB-20B2-407F-904B-BF952A5230CC}\BUY_PERMANENTENLARG.HTM > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{0E7C65B6-CD51-4DC4-A2BC-6CDB5A7D09C6}\BUY_PERMANENTENLARG.HTM > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{354C5E39-0E90-477C-9217-82998227E73E}\BUY_SPERMCOUNT.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{36822013-9908-42E6-B647-752E27CB4752}\Lorettab4_click-PERMANENTENLARGER.htm > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{8A3E94EC-ECAE-4D43-8E1D-40FEE42FAABA}\BUY_PERMANENTENLARG.HTM > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{927AE709-00FF-4BE0-A7F7-2D4FFBA9D24E}\Lori_last_click-PERMANENTENLARGER.htm> in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{93E04E5C-84C0-468E-A5FC-05BE0728B3BC}\BUY_YOURSPERMCOUNT.HTML > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{95FB89A0-A70A-4725-A645-469075A9D098}\BUY_PERMANENTENLARG.HTM > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{AC624000-90DF-48E1-AA27-2BA3CED1D596}\BUY_PERMANENTENLARG.HTM > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{C018DE05-6F18-4C56-886F-F1693CC9AD28}\BUY_PERMANENTENLARG.HTM > in the current context!
Error: Unable to interpret <D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{C4F9D6B9-045C-4316-9147-AF9B9C114589}\BUY_MultiOrgasms.HTM> in the current context!
Error: Unable to interpret <D:\Incredimail\IM.zip > in the current context!
Error: Unable to interpret <D:\Programas\Programas\bsplayer\bsplayer141.832.exe > in the current context!
Error: Unable to interpret <D:\Programas\Programas\desktop search tools\vmntoolbox.exe > in the current context!
Error: Unable to interpret <D:\Programas\Programas\FTP Servers\aceftp3\aceftp3free.exe > in the current context!
Error: Unable to interpret <D:\Programas\Programas\games\PacMan> in the current context!
Error: Unable to interpret <D:\Programas\Programas\games\Screensaver\Amazon_Waterfall_Screensaver> in the current context!
Error: Unable to interpret <D:\Programas\Programas\games\Screensaver\Aquarium_Screensaver> in the current context!
Error: Unable to interpret <D:\Programas\Programas\games\Screensaver\Christmas_Night_Screensaver> in the current context!
Error: Unable to interpret <D:\Programas\Programas\games\Screensaver\Sea_Castle_Screensaver> in the current context!
Error: Unable to interpret <D:\Programas\Programas\ie 7\ie7\Add Ons\vmntoolbox.exe > in the current context!
Error: Unable to interpret <D:\Programas\Programas\incredimail\PhotoJoy\PhotoJoy_Install.exe > in the current context!
Error: Unable to interpret <D:\Programas\Programas\MSN\Msn Live Messenger 8\Setup.exe > in the current context!
Error: Unable to interpret <D:\Programas\Programas\MSN\Msn Live Messenger 8\SmileyCentralPFSetup2.1.50.3-3.exe > in the current context!
Error: Unable to interpret <D:\Programas\Programas\Screensavers\sinstaller2(2).exe > in the current context!
Error: Unable to interpret <D:\Programas\Programas\Stardock\themes\105063.exe > in the current context!
Error: Unable to interpret <D:\Programas\Programas\Stardock\themes\tcf1464.exe > in the current context!
Error: Unable to interpret <D:\Programas\Programas\Varios\mailpv.zip Infected: not-a-virus:PSWTool.Win32.MailPassView.e 1> in the current context!
Error: Unable to interpret <D:\Programas\Programas\Varios\MSN-Password-Recovery-setup.exe > in the current context!
Error: Unable to interpret <D:\Shared Folder\Completos\Programs\Microsoft\Windows\Descodificador Tvcabo Para Winxp Compativel Com Pinnacle.ace > in the current context!
Error: Unable to interpret <D:\Shared Folder\Completos\Programs\Microsoft\Windows\Descodificador Tvcabo Para Winxp Compativel Com Pinnacle.zip> in the current context!

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10172008_140346
 
My bad, there was something missing.

Please add files:: to its own line before first entry and try again, please.
 
request

Hi Shaba, sorry but did't understood the last request, :sad: can you explain better please? thanks :)
 
Sure :)

Please do this:

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    :files
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Abnardella_click-PERMANENTENLARGER.htm I
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Adventureous_spirit_Buy_IncreaseSpermCount.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Alidatulian_click-PERMANENTENLARGER.htm Infected: 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Beck_Buy_PermanentEnlarger.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Boggs_Buy_HERBALVIAGRA.HTML  
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Buddy1237-Lose-10poundsIn10days.htm Infected: 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_DIET_SENSATION.HTM
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_ExplodingOrgasm-BiggerLoads.HTM Infected: 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Buy_ExplodingOrgasms.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_GUARANTEEDENLARGER.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_HERBALVIAGRA.HTM
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_LASTLONGER.HTM 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_LAST_LONGER.HTML
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_MultiOrgasms.HTM 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_PERMANENTENLARG.HTM 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_PERMANENT_ENLARG.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_SPERMCOUNT.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Carminaherrera_click-onlineRX.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Carminaherrera_click_LAST-LONGER.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Chantal_89_click-onlineRX.htm
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\click-WeightLossSensation.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Conejobustos_10POUNDSIN10DAYSDIET.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Farris_Buy_PermanentEnlarger.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Frankmadero_click-sdrfs.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Frtrus.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Gcaldera31_Buy_PermanentEnlarger.HTML
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Hamlin_Buy_PermanentEnlarger.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Hogue_Buy_PermanentEnlarger.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Jesines-Lose-10poundsIn10days.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Jlaws27_click-EXPLODING-ORGASMS.htm
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Kim_Buy_PermanentEnlarger.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Krmuska182_click-BIGGERLOADS.htm
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Krmuska182_click-PERMANENTENLARGER.htm
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Lorettab4_click-PERMANENTENLARGER.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Lori_last_click-PERMANENTENLARGER.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mackey_Buy_HERBALVIAGRA.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mayram56_click-BIGGERLOADS.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mgaby11_click-onlineRX.htm
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mmary84_click-PERMANENTENLARGER.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Moreno_Buy_PermanentEnlarger.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\OpenThisHTML_3DayDeliveryRXmed.HTM 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\OpenThisHTML_FastDeliveryRXmed.HTM 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Osborne_Buy_PermanentEnlarger.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Paulomarques84_10POUNDSIN10DAYSDIET.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Paulomarques84_click-ONLINE_PHARM.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Perlunix_click-PERMANENTENLARGER.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pmc49_click-BIGGERLOADS.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pmc49_click_PERMANENTGrowth.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pompier80_click-BIGGERLOADS.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Remacost_10POUNDSIN10DAYSDIET.HTML
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Saeconsultores_click-BIGGERLOADS.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Saeconsultores_click-onlineRX.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Saeconsultores_click-PERMANENTENLARGER.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Sbrittonga_click-onlineRX.htm Infected: 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Shannon_Buy_PermanentEnlarger.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Stahl_Buy_HERBALVIAGRA.HTML
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Toan_alex_nguyen_10POUNDSIN10DAYSDIET.HTML 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Unforgiv3n_click-BiggerLoads.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Unforgiv3n_click-onlineRX.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Wellsburggirl_Buy_Last-Longer.HTML
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Yutsc_click_LASTLONGER.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Zerosklero-Lose-10poundsIn10days.htm
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{01C8D34D-DF5D-463E-8CD2-E911826231F2}\BUY_PERMANENTENLARG.HTM 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{075899CB-20B2-407F-904B-BF952A5230CC}\BUY_PERMANENTENLARG.HTM 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{0E7C65B6-CD51-4DC4-A2BC-6CDB5A7D09C6}\BUY_PERMANENTENLARG.HTM
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{2D60A64E-E25D-4FB9-86AE-F16EB0D0A9FB}\Chantal_89_click-onlineRX.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{354C5E39-0E90-477C-9217-82998227E73E}\BUY_SPERMCOUNT.HTML
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{36822013-9908-42E6-B647-752E27CB4752}\Lorettab4_click-PERMANENTENLARGER.htm
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{5C402DBB-BC46-4548-B3E5-5E947B4E3501}\Saeconsultores_click-BIGGERLOADS.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{65D1C754-A492-454A-99E1-48B877843A87}\Saeconsultores_click-PERMANENTENLARGER.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{71B68522-D715-4062-9184-B142BCA1CC1A}\Buy_Rx_Here.html 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{8A3E94EC-ECAE-4D43-8E1D-40FEE42FAABA}\BUY_PERMANENTENLARG.HTM
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{927AE709-00FF-4BE0-A7F7-2D4FFBA9D24E}\Lori_last_click-PERMANENTENLARGER.htm 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{93E04E5C-84C0-468E-A5FC-05BE0728B3BC}\BUY_YOURSPERMCOUNT.HTML
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{95FB89A0-A70A-4725-A645-469075A9D098}\BUY_PERMANENTENLARG.HTM
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{AC624000-90DF-48E1-AA27-2BA3CED1D596}\BUY_PERMANENTENLARG.HTM
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{C018DE05-6F18-4C56-886F-F1693CC9AD28}\BUY_PERMANENTENLARG.HTM 
C:\Documents and Settings\Casa\Local Settings\Application Data\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{C4F9D6B9-045C-4316-9147-AF9B9C114589}\BUY_MultiOrgasms.HTM Infected:
C:\Documents and Settings\Casa\My Documents\Downloads\Acronis Disk Director Server v10.0 Build 2169 [h33t] [Original]\diskdirectorserver100b2169en1.rar I
C:\Documents and Settings\Casa\My Documents\Downloads\Moyea.FLV.To.Video.Converter.Pro.v1.29.2.11.WinAll.Regged-PALACE
C:\Documents and Settings\Casa\My Documents\Downloads
C:\Films\subtitles\the chronicles of narnia - the lion, the witch, and the wardrobe part 1e 2 .sub portuguese\the chronicles of narnia - the lion, the witch, and the wardrobe part 1.sub portuguese.zip Infected: Trojan-Downloader.WMA.Wimad.d 1
D:\DISCO C E DESKTOP\Disco C.zip 
D:\DISCO C E DESKTOP\IncrediMail Transferred Data\IncrediMail Data.cab 
D:\DISCO C E DESKTOP\IncrediMail Transferred Data\IncrediMail Data1.cab 
D:\DISCO C E DESKTOP\IncrediMail Transferred Data\IncrediMail Data2.cab 
D:\DISCO C E DESKTOP\IncrediMail Transferred Data\IncrediMail Data3.cab 
D:\Films\subtitles\the chronicles of narnia - the lion, the witch, and the wardrobe part 1e 2 .sub portuguese\the chronicles of narnia - the lion, the witch, and the wardrobe part 1.sub portuguese.zip 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Abnardella_click-PERMANENTENLARGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Alidatulian_click-PERMANENTENLARGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Beck_Buy_PermanentEnlarger.HTML Infected: 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Boggs_Buy_HERBALVIAGRA.HTML Infected: 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Buddy1237-Lose-10poundsIn10days.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_DIET_SENSATION.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_ExplodingOrgasm-BiggerLoads.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Buy_ExplodingOrgasms.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_GREAT_MALENLARGER.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_GUARANTEEDENLARGER.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_HERBALVIAGRA.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_LASTLONGER.HTM
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_LAST_LONGER.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_MultiOrgasms.HTM
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_PERMANENTENLARG.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_PERMANENT_ENLARG.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_SPERMCOUNT.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Carminaherrera_click_LAST-LONGER.htm I
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\click-WeightLossSensation.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Conejobustos_10POUNDSIN10DAYSDIET.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Farris_Buy_PermanentEnlarger.HTML Infected: 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Frankmadero_click-sdrfs.htm Infected: 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Frtrus.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Gcaldera31_Buy_PermanentEnlarger.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Hamlin_Buy_PermanentEnlarger.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Hogue_Buy_PermanentEnlarger.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Jesines-Lose-10poundsIn10days.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Jlaws27_click-EXPLODING-ORGASMS.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Kim_Buy_PermanentEnlarger.HTML Infected: 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Krmuska182_click-PERMANENTENLARGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Lorettab4_click-PERMANENTENLARGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Lori_last_click-PERMANENTENLARGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mackey_Buy_HERBALVIAGRA.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Mmary84_click-PERMANENTENLARGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Moreno_Buy_PermanentEnlarger.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\OpenThisHTML_3DayDeliveryRXmed.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\OpenThisHTML_FastDeliveryRXmed.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Osborne_Buy_PermanentEnlarger.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Paulomarques84_10POUNDSIN10DAYSDIET.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Paulomarques84_click-ONLINE_PHARM.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Perlunix_click-PERMANENTENLARGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pmc49_click_PERMANENTGrowth.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Pompier80_click-BIGGERLOADS.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Remacost_10POUNDSIN10DAYSDIET.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Saeconsultores_click-PERMANENTENLARGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Shannon_Buy_PermanentEnlarger.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Stahl_Buy_HERBALVIAGRA.HTML
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Toan_alex_nguyen_10POUNDSIN10DAYSDIET.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Unforgiv3n_click-BiggerLoads.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Wellsburggirl_Buy_Last-Longer.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Yutsc_click_LASTLONGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\Zerosklero-Lose-10poundsIn10days.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{01C8D34D-DF5D-463E-8CD2-E911826231F2}\BUY_PERMANENTENLARG.HTM
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{075899CB-20B2-407F-904B-BF952A5230CC}\BUY_PERMANENTENLARG.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{0E7C65B6-CD51-4DC4-A2BC-6CDB5A7D09C6}\BUY_PERMANENTENLARG.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{354C5E39-0E90-477C-9217-82998227E73E}\BUY_SPERMCOUNT.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{36822013-9908-42E6-B647-752E27CB4752}\Lorettab4_click-PERMANENTENLARGER.htm 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{8A3E94EC-ECAE-4D43-8E1D-40FEE42FAABA}\BUY_PERMANENTENLARG.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{927AE709-00FF-4BE0-A7F7-2D4FFBA9D24E}\Lori_last_click-PERMANENTENLARGER.htm
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{93E04E5C-84C0-468E-A5FC-05BE0728B3BC}\BUY_YOURSPERMCOUNT.HTML 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{95FB89A0-A70A-4725-A645-469075A9D098}\BUY_PERMANENTENLARG.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{AC624000-90DF-48E1-AA27-2BA3CED1D596}\BUY_PERMANENTENLARG.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{C018DE05-6F18-4C56-886F-F1693CC9AD28}\BUY_PERMANENTENLARG.HTM 
D:\Incredimail\IM\IM\Identities\{BE1587C5-0527-4641-BFA4-3A646EDD576F}\Message Store\Attachments\{C4F9D6B9-045C-4316-9147-AF9B9C114589}\BUY_MultiOrgasms.HTM
D:\Incredimail\IM.zip 
D:\Programas\Programas\bsplayer\bsplayer141.832.exe 
D:\Programas\Programas\desktop search tools\vmntoolbox.exe 
D:\Programas\Programas\FTP Servers\aceftp3\aceftp3free.exe 
D:\Programas\Programas\games\PacMan
D:\Programas\Programas\games\Screensaver\Amazon_Waterfall_Screensaver
D:\Programas\Programas\games\Screensaver\Aquarium_Screensaver
D:\Programas\Programas\games\Screensaver\Christmas_Night_Screensaver
D:\Programas\Programas\games\Screensaver\Sea_Castle_Screensaver
D:\Programas\Programas\ie 7\ie7\Add Ons\vmntoolbox.exe 
D:\Programas\Programas\incredimail\PhotoJoy\PhotoJoy_Install.exe 
D:\Programas\Programas\MSN\Msn Live Messenger 8\Setup.exe 
D:\Programas\Programas\MSN\Msn Live Messenger 8\SmileyCentralPFSetup2.1.50.3-3.exe 
D:\Programas\Programas\Screensavers\sinstaller2(2).exe 
D:\Programas\Programas\Stardock\themes\105063.exe 
D:\Programas\Programas\Stardock\themes\tcf1464.exe 
D:\Programas\Programas\Varios\mailpv.zip Infected: not-a-virus:PSWTool.Win32.MailPassView.e 1
D:\Programas\Programas\Varios\MSN-Password-Recovery-setup.exe 
D:\Shared Folder\Completos\Programs\Microsoft\Windows\Descodificador Tvcabo Para Winxp Compativel Com Pinnacle.ace 
D:\Shared Folder\Completos\Programs\Microsoft\Windows\Descodificador Tvcabo Para Winxp Compativel Com Pinnacle.zip
  • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
 
log files request

Hi Shaba, i have'd folowed yours instructions but the first time i runed on MovIt the computer stalled and coul'nt produce any log. I've runed it again and pruduce it this :

Files moved on Reboot...
D:\DISCO C E DESKTOP\Disco C.zip moved successfully.

meanwile i've gone to C:\_OTMoveIt\MovedFiles and noticed that it as only the last log i've sent to you yesterday and that that folder is about 12.8Gb Big, isn't that to much? It's about 1/3 of the capacity of C: (my c disk as only about 950Mb free space now and I wonder if that was the reason for it to stall and "freeze" the programs when runing them !?) Should I delete that folder and reapet the process again?
Thanks
 
Yes you can do that.

But if otmoveit3 fails, you can delete those files manually (unless you need some of them).
 
You must log in or register to reply here.
Back
Top