phishing scam

Hey traveler760,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.


Note: I closed your other thread that you said was solved.

So my questions are:

1) What's going on?

After looking over your HJT log, there is nothing suspicious, so we will need to take a deeper look at your computer.

2) how do I get that Cyberefender file and any remnant I wouldn't recognize off my computer? It seems I spend more time logging back in from crashes than anything else.

Once I take a deeper look at your system with the Tool I am going to have you run, I will help you to re,ove the Cyberdefender File.

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Hi spysentinel. This is NEW INFO on my phishing scam post. I clicked uninstall on the cyberdefender file and let the computer try for about 3 hours. Then the cyberdefender wizard appeared and uninstalled the program. I don't know if there are remnants. Their business practices have been at best sleazy and I am out $300.00 for nothing. Ie Avast. It is not on my system. netzero doesn't need to be as I do not use them anymore. As for the phishing scam, if it is still going on, it has become much more subtle. I need more time to see. My biggest problem now seems to be downloading. I did not get to choose what I downloaded, I took what I could get without a crash. I have Antivir. What do I do with the quarantined Trojans? I have Hijackthis, antimalwarebytes, registry mechanic, regcure, spyblasters and spydoctor. So I am a bit confused about your instructions. Click here was to download Hijackthis, which i already have. Can I download the same program twice? Is RSIT.exe an option with that program or do I try to download it? I will try and see what happens. Thank you for the help and patience with a new user who understands none of this. I just want my computer to be protected. How do I get this to the waiting room to reply to your comments? I tried and failed to install RSIT.exe.
MORE NEW INFO: The phishing scam still seems to be going: yesterday, I could not log out of gmail because it thought I had modified a draft. Finally, I got error 500 and was told to go to [email protected]. That got me to google blogs. Today, I got the blue screen of death when I turned the computer on. I turned it off and on again and am now running in safe mode with networking. I entered gmail.com and got mail.com. (typo? maybe, but I am being careful and yesterday's event was not a typo}. I will now try to follow your instructions. I wonder if Registry Mechanic is part of my problem--it often prevents me from shutting down. I will now try to follow your instructions. I'm getting worried.

NEW UPDATE: I tried twice to go through the entire process of dowloading RSIT 2 or 3 times. Internet Explorer quit every time, then restarted. I got no option to save RSIT to my desktop. It is in my notepad. When I use the edit function, , I can select and cut the file, but this window closes. Then, the only option available on the edit menu is paste. I leave my cursor here and reopen the window, but every edit function I use just closes this window. I tried every way I could think of and failed. Downloading has been one of my biggest problems--I usually don't get this far. How do I get the program on my desktop? How do I get it to you? I tried again twice using Mozilla Firefox--I'm not sure it has ever let me download. It crashed the system twice while scanning for viruses, which is typical.

CYBERDEFENDER PUT THEIR FILE BACK ON MY COMPUTER! I do not have the program, I do not have my refund. How do I stop this, get, and keep that file off my computer? I am becoming increasingly convinced it is the problem. If you do not hear from me again it is because it took me 4 hours to log in. I believe they are determined to crash my computer completely. I can't even reinstall the operating system.

Edited by traveler760, 24 February 2009 - 03:46 AM.

Hi traveler760

Click here was to download Hijackthis, which i already have.

Click here is to install RSIT which is a different tool from HJT, although it will install HJT if you dont have it, and if you do it renames it then posts a log along with the RSIT Log.

Is RSIT.exe an option with that program or do I try to download it?

same thing I posted above, go ahead and download it

Thank you for the help and patience with a new user who understands none of this.

you're welcome, glad I can help

How do I get this to the waiting room to reply to your comments?

You do not have to post in the waiting room anymore I closed that topic, just post everything I ask for in this topic.

The RSIT link doesn't work for me. This just keeps getting worse. More info at the end of my original post.

Lets see if we can trick the bad guys:



Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Hi spysentinel,
I'm working on it. I tried Link 1 - 2 or 3 times until I was convinced I had it (it is on my dektop), then it said some files can't be created and won't run. Gotta get some sleep. Will try to continue tomorrow. When I tried Link 2, Combofix found several viruses, then I got the message to disable the COMODO antivirus, which I did. It appears that Link 2 is going to keep trying unsuccessfully to install (while trying to install it, COMBOFIX found 3 viruses before I got the message to disable COMODO antivirus).

Before all that, after trying for 4 hours both to log in and to reinstall my os, I finally got in, hoping to do a system restore back to Feb 5, when Cyberdefender was installed. I could only go as far back as Feb 10, so I had to reinstall most of my antimalware (taking what the computer would let me download). I have Spywarebusters, Spywareblasters, Antimalwarebytes, Hijackthis, ERUNT, and COMODO, Regcure, Registy mechanic, Uniblue and I think that's all. I didn't choose all the the last 3 deliberately--they were part of trying to uninstall and reinstall Spware Doctor because I had no choice.--new topic. The Combo-fix icon is on my desktop. I'll try Link 3 tomorrow. The computer is a bit faster. Mozilla Firefox still won't let me download, but Explorer often quits, restarts, and lets me finish.

Out of curiosity, I first installed COMODO in advanced mode. Yikes. But I did see that the Cyberdefender is sending out info, and so is AOL, another file I cannot uninstall. It came with the computer. It is not my ISP. COMODO is now in beginner's mode and still a challenge, but impressive. Things are better but there's too much I don't know to leave things to chance at this point. Thank you again. If you can help me start computing normally (after 3 mos. of error messages, crashes, and logging back in), I will definately donate what I can, which won't be nearly enough to end the nightmare I'm having with this computer. Thank you. I'll let you know what happens when I try Link 3. If that fails, I'll try link 2 again.

Thanks for the update, let me know what happens!

Hi Spysentinel,

I haven't been doing too well lately. I will followup ASAP. Am trying link 3 now.

Links 2 and 3 almost install then just keep trying at about 99%. Windows says Please close all applications, restart your computer and try again. Are there any applications running that I may be unaware of? Before, I got a short combination of combo-fix and anti-malwarebytes. Then my hand slipped and I lost it. Am trying to open Combo-fix from the desktop with the same result:99%. When I normally start up, I get these 3 messages:
1) Unable to locate component application rtl100bpl not found.
2) Error opening C\Program Files\ERUNT\ERUNT.LOC (the computer put in only one backslash after C)
3) PC Tools Tray Application has stopped working. Windows will close the program.
At one time it told me to delete all addons and toolbars. There are now 2 Cyberdefender files on my computer: one is a toolbar.
I tried to reinstall all of the above except Cyberdefender which I try daily to uninstall. Combofix is still trying at 99% from the desktop. This is all I can get you: (I wonder if it will tell why I can't install RSIT)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:05, on 2/25/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Users\Metta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOSE81OH\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Metta.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~9b83f9c5-64b6-4afa-88b7-e1d67c25764a} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: RetailMeNot Toolbar - {9b83f9c5-64b6-4afa-88b7-e1d67c25764a} - C:\Program Files\RetailMeNot\tbReta.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: RetailMeNot Toolbar - {9b83f9c5-64b6-4afa-88b7-e1d67c25764a} - C:\Program Files\RetailMeNot\tbReta.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1230231830\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\Windows\system32\cssdll32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9866165923480) (gupdate1c9866165923480) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 7898 bytes

Edited by traveler760, 02 March 2009 - 05:26 PM.

Does ComboFix produce any logs? If so post them

Edited by SpySentinel, 02 March 2009 - 07:38 PM.

Ihaven't yet been able to get a combofix log. All I get, even from the desktop file is the green loading bar. All of them load up to 99% and get stuck. I have let them keep trying more than once, but they just can't get that last 1%. I can go through and keep trying, but have tried many times already. The desktop one surprises me. I thought it loaded.

I decided to start from the top! I feel like I just climbed mount Everest. HERE IS MY RSIT LOG! OR IT'S FARTHER DOWN, THIS LOOKS LIKE ONE I THOUGHT I LOST. An edit will tell where it is.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Metta at 2009-03-02 21:26:53
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 98 GB (70%) free of 140 GB
Total RAM: 2038 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:31 PM, on 3/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\aol\1230231830\ee\aolsoftware.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\p2phost.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Users\Metta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\573MSBQD\Belvedere%200.3[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Metta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JVIW5JL\RSIT[1].exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\Metta.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~9b83f9c5-64b6-4afa-88b7-e1d67c25764a} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1230231830\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\Windows\system32\cssdll32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9866165923480) (gupdate1c9866165923480) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 9201 bytes

======Scheduled tasks folder======

C:\Windows\tasks\ErrorEasy Scheduled Scan.job
C:\Windows\tasks\ErrorRepairTool Scan.job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachine.job
C:\Windows\tasks\PCConfidential.job
C:\Windows\tasks\PCErrorFix Scheduled Scan.job
C:\Windows\tasks\RegCure.job
C:\Windows\tasks\User_Feed_Synchronization-{DCBAA44A-8900-4D18-BADC-7C65E5730317}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
PCCBHO.CPCCBHO - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll [2008-04-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-02-03 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-24 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-25 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\windows\system32\BAE.dll [2006-01-31 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-24 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-04-26 865840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-30 30192]
"HostManager"=C:\Program Files\Common Files\AOL\1230231830\ee\AOLSoftware.exe [2006-09-25 50736]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-02-03 185896]
"COMODO SafeSurf"=C:\Program Files\COMODO\SafeSurf\cssurf.exe [2009-02-24 278264]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-02-27 1851128]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-24 148888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2008-01-18 40072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-25 39408]
"Uniblue RegistryBooster 2009"=c:\program files\uniblue\registrybooster\StartRegistryBooster.exe [2008-08-26 99624]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2007-02-27 1310720]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe 1 []
"CollaborationHost"=C:\Windows\system32\p2phost.exe [2008-01-20 192000]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952]

C:\Users\Metta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\Windows\system32\cssdll32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-02-27 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\atashost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-03-02 15:13:36 ----D---- C:\32788R22FWJFW
2009-03-02 12:28:50 ----D---- C:\Program Files\eMusic
2009-03-02 10:30:31 ----A---- C:\Windows\system32\msxml.dll
2009-03-02 10:30:30 ----A---- C:\Windows\system32\STKIT432.DLL
2009-03-01 02:13:23 ----D---- C:\Program Files\mail.com
2009-02-28 08:46:17 ----D---- C:\Users\Metta\AppData\Roaming\PeerNetworking
2009-02-28 08:39:22 ----A---- C:\Windows\system32\wmp.dll
2009-02-28 08:39:21 ----A---- C:\Windows\system32\spwmp.dll
2009-02-28 08:39:21 ----A---- C:\Windows\system32\dxmasf.dll
2009-02-28 08:39:20 ----A---- C:\Windows\system32\wmploc.DLL
2009-02-27 19:47:33 ----D---- C:\Program Files\Freeze.com
2009-02-27 19:47:14 ----D---- C:\Program Files\Common Files\Winferno
2009-02-27 19:47:14 ----A---- C:\Windows\system32\WINUTIL5.DLL
2009-02-27 19:47:14 ----A---- C:\Windows\system32\WINLCTL5.DLL
2009-02-27 19:46:45 ----D---- C:\Program Files\Winferno
2009-02-27 19:45:32 ----A---- C:\Windows\system32\is-OUSFG.tmp
2009-02-27 19:27:06 ----D---- C:\Program Files\iMesh Applications
2009-02-27 19:09:22 ----D---- C:\Program Files\BearShare Applications
2009-02-27 18:49:12 ----D---- C:\Program Files\Blubster
2009-02-27 17:54:53 ----D---- C:\Users\Metta\AppData\Roaming\WeatherBug
2009-02-27 17:31:18 ----D---- C:\Program Files\Free Offers from Freeze.com
2009-02-27 17:31:15 ----D---- C:\Users\Metta\AppData\Roaming\MailWasherPro
2009-02-27 17:31:13 ----D---- C:\Program Files\FireTrust
2009-02-27 17:23:51 ----D---- C:\ProgramData\Wyyo
2009-02-27 17:23:51 ----D---- C:\Program Files\Wyyo
2009-02-26 20:07:58 ----D---- C:\Users\Metta\AppData\Roaming\Template
2009-02-26 20:04:37 ----A---- C:\Bug.txt
2009-02-26 19:46:15 ----D---- C:\32788R22FWJFW.0.tmp
2009-02-26 19:44:35 ----A---- C:\Windows\system32\cmd.execf
2009-02-26 14:11:29 ----D---- C:\Program Files\Common Files\Software Update Utility
2009-02-26 14:11:26 ----D---- C:\Program Files\AOL Toolbar
2009-02-26 14:04:43 ----D---- C:\Program Files\AOL Radio Toolbar
2009-02-26 12:08:56 ----D---- C:\Program Files\Common Files\PC Tools
2009-02-26 12:07:30 ----D---- C:\ProgramData\PC Tools
2009-02-25 11:42:59 ----D---- C:\Program Files\RegCure
2009-02-25 10:22:45 ----D---- C:\Program Files\Common Files\Windows Live
2009-02-25 01:04:59 ----D---- C:\Program Files\Registry Mighty
2009-02-24 23:06:23 ----A---- C:\Windows\system32\cssdll32.dll
2009-02-24 22:54:38 ----D---- C:\ProgramData\Comodo
2009-02-24 22:54:37 ----A---- C:\Windows\system32\guard32.dll
2009-02-24 22:54:33 ----D---- C:\Program Files\COMODO
2009-02-24 21:17:27 ----D---- C:\Program Files\Sunbelt Software
2009-02-24 19:03:04 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-02-24 19:02:43 ----D---- C:\Users\Metta\AppData\Roaming\SUPERAntiSpyware.com
2009-02-24 19:02:43 ----D---- C:\Program Files\SUPERAntiSpyware
2009-02-24 18:59:49 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-24 18:08:04 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-24 18:08:04 ----A---- C:\Windows\system32\infocardapi.dll
2009-02-24 18:08:02 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-02-24 18:08:02 ----A---- C:\Windows\system32\icardres.dll
2009-02-24 18:08:02 ----A---- C:\Windows\system32\icardagt.exe
2009-02-24 18:08:01 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-02-24 18:07:59 ----A---- C:\Windows\system32\PresentationHost.exe
2009-02-24 17:58:33 ----A---- C:\Windows\system32\dfshim.dll
2009-02-24 17:58:29 ----A---- C:\Windows\system32\mscoree.dll
2009-02-24 17:58:28 ----A---- C:\Windows\system32\netfxperf.dll
2009-02-24 17:58:10 ----A---- C:\Windows\system32\mscorier.dll
2009-02-24 17:58:03 ----A---- C:\Windows\system32\mscories.dll
2009-02-24 16:49:41 ----D---- C:\Windows\BDOSCAN8
2009-02-24 14:17:35 ----D---- C:\Windows\ERDNT
2009-02-24 14:11:34 ----D---- C:\Program Files\ERUNT
2009-02-24 12:10:32 ----A---- C:\Windows\system32\javaws.exe
2009-02-24 12:10:32 ----A---- C:\Windows\system32\javaw.exe
2009-02-24 12:10:32 ----A---- C:\Windows\system32\java.exe
2009-02-24 12:10:32 ----A---- C:\Windows\system32\deploytk.dll
2009-02-24 05:01:36 ----A---- C:\Windows\system32\EncDec.dll
2009-02-24 05:01:35 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-24 05:00:13 ----A---- C:\Windows\system32\mshtml.dll
2009-02-24 05:00:12 ----A---- C:\Windows\system32\wininet.dll
2009-02-24 05:00:12 ----A---- C:\Windows\system32\urlmon.dll
2009-02-24 05:00:12 ----A---- C:\Windows\system32\mstime.dll
2009-02-24 05:00:12 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-24 05:00:12 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-24 05:00:12 ----A---- C:\Windows\system32\iertutil.dll
2009-02-24 05:00:12 ----A---- C:\Windows\system32\ieframe.dll
2009-02-24 01:51:21 ----HDC---- C:\ProgramData\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-02-23 21:44:25 ----D---- C:\ProgramData\SiteAdvisor
2009-02-23 21:40:45 ----D---- C:\Program Files\McAfee.com
2009-02-23 21:40:37 ----D---- C:\Program Files\McAfee
2009-02-23 20:54:57 ----D---- C:\ProgramData\McAfee
2009-02-23 20:42:44 ----D---- C:\ProgramData\ATTToolbar
2009-02-23 20:42:38 ----D---- C:\Users\Metta\AppData\Roaming\ATTToolbar
2009-02-23 17:52:27 ----D---- C:\rsit
2009-02-22 19:11:30 ----D---- C:\ProgramData\DriverScanner
2009-02-22 19:11:30 ----D---- C:\Program Files\Uniblue(63)
2009-02-22 19:06:44 ----HDC---- C:\ProgramData\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2009-02-18 20:36:02 ----D---- C:\Users\Metta\AppData\Roaming\FlySuite
2009-02-17 23:46:02 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-02-17 22:37:06 ----D---- C:\Users\Metta\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-02-17 22:15:18 ----D---- C:\ProgramData\NOS
2009-02-16 18:26:29 ----D---- C:\Users\Metta\AppData\Roaming\PC Tools
2009-02-16 18:26:29 ----D---- C:\Program Files\Spyware Doctor(62)
2009-02-16 17:38:38 ----D---- C:\Program Files\SpywareGuard
2009-02-16 04:29:09 ----D---- C:\Program Files\Trend Micro
2009-02-15 18:04:46 ----D---- C:\Program Files\Windows Live Safety Center
2009-02-15 16:36:37 ----D---- C:\Program Files\Microsoft
2009-02-14 18:09:17 ----D---- C:\Program Files\Adobe(5)
2009-02-13 07:33:14 ----D---- C:\Users\Metta\AppData\Roaming\Thunderbird
2009-02-13 07:33:01 ----D---- C:\Program Files\Mozilla Thunderbird
2009-02-11 18:22:47 ----D---- C:\Program Files\SpyZooka
2009-02-11 16:24:25 ----D---- C:\Program Files\Registry Mechanic
2009-02-11 15:49:31 ----D---- C:\Program Files\SpywareBlaster
2009-02-10 18:59:16 ----D---- C:\Users\Metta\AppData\Roaming\Uniblue
2009-02-10 18:49:48 ----D---- C:\Program Files\Uniblue
2009-02-10 18:36:11 ----HDC---- C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-02-10 13:11:10 ----D---- C:\Users\Metta\AppData\Roaming\VersionTracker Pro
2009-02-10 13:10:47 ----D---- C:\Program Files\TechTracker
2009-02-05 13:15:41 ----D---- C:\Windows\pss
2009-02-05 12:45:14 ----D---- C:\Users\Metta\AppData\Roaming\Malwarebytes
2009-02-05 12:45:08 ----D---- C:\ProgramData\Malwarebytes
2009-02-05 12:45:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-05 12:30:36 ----A---- C:\Users\Metta\AppData\Roaming\SetValue.bat
2009-02-05 12:30:36 ----A---- C:\Users\Metta\AppData\Roaming\GetValue.vbs
2009-02-05 12:30:35 ----A---- C:\Windows\system32\tmp.txt
2009-02-05 12:29:58 ----A---- C:\rapport.txt
2009-02-05 12:27:09 ----A---- C:\Windows\system32\WS2Fix.exe
2009-02-05 12:27:09 ----A---- C:\Windows\system32\VCCLSID.exe
2009-02-05 12:27:09 ----A---- C:\Windows\system32\VACFix.exe
2009-02-05 12:27:09 ----A---- C:\Windows\system32\swxcacls.exe
2009-02-05 12:27:09 ----A---- C:\Windows\system32\swsc.exe
2009-02-05 12:27:09 ----A---- C:\Windows\system32\swreg.exe
2009-02-05 12:27:09 ----A---- C:\Windows\system32\SrchSTS.exe
2009-02-05 12:27:09 ----A---- C:\Windows\system32\Process.exe
2009-02-05 12:27:09 ----A---- C:\Windows\system32\o4Patch.exe
2009-02-05 12:27:09 ----A---- C:\Windows\system32\IEDFix.exe
2009-02-05 12:27:09 ----A---- C:\Windows\system32\IEDFix.C.exe
2009-02-05 12:27:09 ----A---- C:\Windows\system32\dumphive.exe
2009-02-05 12:27:09 ----A---- C:\Windows\system32\Agent.OMZ.Fix.exe
2009-02-05 12:27:09 ----A---- C:\Windows\system32\404Fix.exe
2009-02-05 11:09:49 ----A---- C:\Windows\system32\atsckernel.exe
2009-02-05 11:09:48 ----A---- C:\Windows\system32\atashost.exe
2009-02-05 11:08:08 ----D---- C:\ProgramData\Webex
2009-02-03 16:50:21 ----D---- C:\ProgramData\Skype
2009-02-03 16:46:16 ----D---- C:\Program Files\Common Files\xing shared
2009-02-03 16:46:03 ----A---- C:\Windows\system32\rmoc3260.dll
2009-02-03 16:45:57 ----D---- C:\Program Files\Real
2009-02-03 16:45:57 ----A---- C:\Windows\system32\pndx5032.dll
2009-02-03 16:45:57 ----A---- C:\Windows\system32\pndx5016.dll
2009-02-03 16:45:56 ----A---- C:\Windows\system32\pncrt.dll
2009-02-03 16:45:53 ----D---- C:\Program Files\Common Files\Real
2009-02-03 16:45:52 ----D---- C:\Users\Metta\AppData\Roaming\Real
2009-02-03 16:40:11 ----N---- C:\Windows\system32\vxblock.dll
2009-02-03 16:40:11 ----N---- C:\Windows\system32\pxwave.dll
2009-02-03 16:40:11 ----N---- C:\Windows\system32\pxmas.dll
2009-02-03 16:40:11 ----N---- C:\Windows\system32\pxhpinst.exe
2009-02-03 16:40:11 ----N---- C:\Windows\system32\pxdrv.dll
2009-02-03 16:40:11 ----N---- C:\Windows\system32\px.dll
2009-02-03 16:40:04 ----D---- C:\Program Files\Picasa2

======List of files/folders modified in the last 1 months======

2009-03-02 21:27:23 ----D---- C:\Windows\Temp
2009-03-02 16:30:23 ----D---- C:\Windows\Tasks
2009-03-02 15:39:05 ----D---- C:\Windows\System32
2009-03-02 15:39:05 ----D---- C:\Windows\inf
2009-03-02 15:39:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-03-02 15:37:27 ----AD---- C:\ProgramData\TEMP
2009-03-02 12:28:50 ----D---- C:\Program Files
2009-03-02 12:13:37 ----D---- C:\Windows\system32\Tasks
2009-03-01 10:54:17 ----D---- C:\WINDOWS
2009-03-01 00:16:10 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-28 12:04:25 ----SHD---- C:\System Volume Information
2009-02-28 11:58:35 ----SHD---- C:\Windows\Installer
2009-02-28 11:58:24 ----D---- C:\Program Files\Java
2009-02-28 11:58:23 ----D---- C:\Program Files\Common Files
2009-02-28 11:41:40 ----D---- C:\ProgramData\Google
2009-02-28 11:24:27 ----D---- C:\Program Files\Google
2009-02-28 09:53:36 ----SD---- C:\Users\Metta\AppData\Roaming\Microsoft
2009-02-28 08:58:29 ----D---- C:\Windows\system32\drivers
2009-02-28 08:58:27 ----D---- C:\Windows\system32\catroot
2009-02-28 08:56:26 ----D---- C:\Windows\winsxs
2009-02-28 08:56:26 ----D---- C:\Program Files\Windows Media Player
2009-02-28 08:45:35 ----D---- C:\Windows\Debug
2009-02-28 08:44:56 ----D---- C:\Program Files\Common Files\microsoft shared
2009-02-28 08:38:22 ----D---- C:\Windows\system32\catroot2
2009-02-28 05:14:26 ----D---- C:\Program Files\Mozilla Firefox
2009-02-28 05:02:58 ----D---- C:\Program Files\Microsoft Money 2007
2009-02-27 17:23:51 ----HD---- C:\ProgramData
2009-02-27 16:28:15 ----HD---- C:\TEMP
2009-02-27 16:11:25 ----D---- C:\Program Files\Common Files\Motive
2009-02-27 14:56:30 ----D---- C:\ProgramData\Google Updater
2009-02-26 22:20:34 ----D---- C:\ProgramData\AOL
2009-02-26 12:43:07 ----D---- C:\Program Files\Spyware Doctor
2009-02-25 18:18:14 ----D---- C:\Windows\system32\Macromed
2009-02-25 12:24:22 ----D---- C:\Windows\Prefetch
2009-02-25 11:09:51 ----A---- C:\Windows\ntbtlog.txt
2009-02-25 10:09:55 ----SD---- C:\ProgramData\Microsoft
2009-02-24 22:28:18 ----D---- C:\Windows\system32\Msdtc
2009-02-24 22:28:13 ----D---- C:\Windows\system32\wbem
2009-02-24 22:27:37 ----D---- C:\Windows\system32\config
2009-02-24 22:27:28 ----D---- C:\Windows\system32\spool
2009-02-24 22:27:28 ----D---- C:\Windows\system32\CodeIntegrity
2009-02-24 22:27:28 ----D---- C:\Windows\SMINST
2009-02-24 22:27:28 ----D---- C:\Windows\registration
2009-02-24 19:27:27 ----D---- C:\Windows\Microsoft.NET
2009-02-24 19:27:18 ----RSD---- C:\Windows\assembly
2009-02-24 19:15:40 ----D---- C:\Program Files\REALTEK USB Wireless LAN Driver
2009-02-24 18:44:06 ----D---- C:\Windows\rescache
2009-02-24 18:22:38 ----D---- C:\Windows\ehome
2009-02-24 18:22:38 ----D---- C:\Program Files\Windows Mail
2009-02-24 18:22:33 ----D---- C:\Windows\system32\XPSViewer
2009-02-24 18:22:33 ----D---- C:\Windows\system32\en-US
2009-02-24 16:49:43 ----SD---- C:\Windows\Downloaded Program Files
2009-02-24 04:43:53 ----RSD---- C:\Windows\Media
2009-02-24 04:43:53 ----D---- C:\Windows\system32\migration
2009-02-24 04:43:53 ----D---- C:\Program Files\Internet Explorer
2009-02-24 04:43:39 ----D---- C:\Program Files\Common Files\Adobe
2009-02-24 04:43:39 ----D---- C:\Program Files\AOL 9.0
2009-02-24 04:43:37 ----D---- C:\Program Files\Adobe
2009-02-24 00:40:41 ----D---- C:\Windows\system32\LogFiles
2009-02-20 11:06:00 ----D---- C:\Windows\system32\WDI
2009-02-18 18:20:16 ----RSD---- C:\Windows\Fonts
2009-02-17 22:37:36 ----D---- C:\ProgramData\Adobe
2009-02-17 22:37:05 ----D---- C:\Users\Metta\AppData\Roaming\Adobe
2009-02-13 07:33:14 ----D---- C:\Users\Metta\AppData\Roaming\Mozilla
2009-02-11 20:56:17 ----A---- C:\Windows\system32\mrt.exe
2009-02-10 04:59:15 ----D---- C:\Program Files\Common Files\Napster Shared
2009-02-05 13:01:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-05 13:01:38 ----D---- C:\ProgramData\Napster
2009-02-04 17:21:04 ----A---- C:\Windows\win.ini
2009-02-03 22:55:35 ----D---- C:\ProgramData\NetZero

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2006-10-04 2432]
R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2009-02-27 108560]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2009-02-24 28688]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2009-02-27 68112]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 32256]
R2 CDAVFS;CDAVFS; C:\Windows\system32\DRIVERS\CDAVFS.sys [2009-02-04 67424]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-08 1161888]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 moufiltr;Mouse Filter; C:\Windows\system32\DRIVERS\moufiltr.sys [2007-01-09 6144]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-01-20 142848]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2009-01-13 346112]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-06-23 62464]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-01-29 650240]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-04-26 186680]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-29 33588]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S3 ATWPKT2;ATWPKT2; \??\C:\Windows\system32\drivers\ATWPKT2.SYS [2007-04-13 25136]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-01 1302492]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2009-01-26 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; C:\Windows\system32\drivers\MREMP50a64.sys []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2009-01-26 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; C:\Windows\system32\drivers\MRESP50a64.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-01 2589184]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-01 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-04 9216]
R2 atashost;WebEx Service Host for Support Center; C:\Windows\system32\atashost.exe [2009-02-05 20376]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-02-27 700152]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-01-26 303104]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2007-01-29 90112]
S2 gupdate1c9866165923480;Google Update Service (gupdate1c9866165923480); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-25 182768]
S3 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S3 GameConsoleService;GameConsoleService; C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe [2007-08-29 181800]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-30 30192]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]

-----------------EOF-----------------

Edited by traveler760, 02 March 2009 - 11:38 PM.

Is this it? I clicked where you originally put "here" and this is what I got with no prompts--I clicked and the log was produced. I changed the setting on COMODO. Now I don't know where the Hijack this file is. Maybe they are both above. I sure hope so. Now I know what to do--hopefully it'll work again. I can reproduce a Hijackthis log if you need it. It needs an update I think. That's why I don't see it. It was dated 2/25.
There are now 2 cyberedefender files on my system, and a LOT of others I can't uninstall. Some, like Error Easy, are gone. Because of the error messages, I thought I uninstalled ERUNT, but apparently it's still on the system.
Are we there yet?

Edited by traveler760, 03 March 2009 - 12:03 AM.

Ok try this:

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.

I ran drweb-cureit 3 times. it gave no option for a quick scan or later for any drives, just my desktop. No green or red dots or options to remove files. But all 3 times I got the message "program is either in unknown format or damaged. Cannot open C\User\Metta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.1E5LGSV2GO2drweb-cureit[1].exe".
Yesterday, there was no way to log onto my computer except to reload the os. Now it says I have 0-2 MB of space in the C drive. Meanwhile the D drive is less full than it was before. The computer keeps prompting me to remove unnecessary programs from the C drive, but there are no programs to remove. I don't know if there's a connection, but I know I have a big problem. I contacted the manufacturer of my computer and was told a huge percentage of help calls were from people having trouble with Cyberdefender. For $200.00, they'll help, but Cyberdefender has that money because I wanted to keep my computer safe. I don't know where the cyberdefender program is. There's almost nothing left in the C drive and the computer says I need 300 mb to do a system restore. Is there a connection or is this a separate topic? It's definately urgent. I don't think I have room to reinstall my anti-malware programs. Even the screen now looks more like the kind you get after you recover from an error. The phishing is still an issue to a lesser degree.

Edited by traveler760, 06 March 2009 - 02:40 PM.