Please check SAS, MBAM, HJT logs for my sisters computer.

[lectrocrew]

I'm trying to get her PC up to date and don't want to miss anything, {she's picky about her stuff} 
Thanks,
Mike

[recovering disk space -- attachment deleted by admin]

[Broni]

*** Download, and run  CTFMON-Remover: http://www.gerhard-schlager.at/en/projects/ctfmonremover/
The CTFMON-Remover helps you removing the annoying CTFMON.EXE from your Windows operating system. The program is easy to use and displays whether the CTFMON.EXE is installed and running or not. If it was found then you can remove it within seconds. Just in case that you need the CTFMON sometime in the future there is also an option to restore the original one.
Note:The CTFMON.EXE is among other things responsible for changing the language schema of your keyboard (e.g. for switching between the German and English keyboard layout). So in case you are using this feature you shouldn't remove or disable the CTFMON.EXE!

1. Print this post out, since you won't have an access to it, at some point.

2. Close all windows, except for HijackThis.

3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases [marked with *], no actual program will be removed):

- O2 - BHO: SXG Advisor - {27FA94FE-6919-4161-A20B-84E67E15DD88} - (no file)
- *O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
- *O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
- *O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
- *O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
- *O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
- *O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
- *O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
- *O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
- O4 - Global Startup: Newsflash.lnk = ?
- *O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
- *O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
- O21 - SSODL: bgrlsmn - {7CB27A4C-1283-4FDD-8542-926E4C5C435B} - (no file)
- O21 - SSODL: adsoowf - {347C4224-5BC3-4D07-A035-DE9CF8CB4673} - (no file)

4. Click on Fix checked button.

5. Restart computer.

6. Post new HijackThis log.

[lectrocrew]

Thanks Broni!!!
Log attatched

[recovering disk space -- attachment deleted by admin]

[Broni]

Your computer is clean

1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version.
Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html.
Run CCleaner.

2. Turn off System Restore:

- Windows XP:
   1. Click Start.
   2. Right-click the My Computer icon, and then click Properties.
   3. Click the System Restore tab.
   4. Check "Turn off System Restore".
   5. Click Apply.   
   6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
   7. Click OK.
- Windows Vista:
   1. Click Start.
   2. Right-click the Computer icon, and then click Properties.
   3. Click on System Protection under the Tasks column on the left side
   4. Click on Continue on the "User Account Control" window that pops up
   5. Under the System Protection tab, find Available Disks
   6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
   7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
   8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. (optional) Download, and install free version of ThreatFire: http://www.threatfire.com/. It'll give you an extra protection against malwares. It won't interfere with your antivirus program

6. Read "So how did I get infected in the first place?": http://www.castlecops.com/postlite7736-.html

7. Let me know, how your computer is doing.

[lectrocrew]

Done. Computer is running good. I also had previously run CC Cleaner when I followed
 http://www.computerhope.com/forum/index.php/topic,46313.0.html

 but the link you gave had a bit different directions (I think?) so I ran it again accordingly.
 I have made some changes since my last post including installing Trend Micro Internet Security (full version 14.70.1014), uninstalled AVG anti-virus (free version 7.5),
 installed Secunia PSI - (secured 7of 8 insecure programs and reinstalled new version of "insecure" Open Office & "end of life" Apple Quicktime,
and I also installed Win Zip.
 Can you check my latest HJT file and tell me which boxes to check in order to prevent the new programs from starting when Windows starts.

 Also, is the CTFMON Remover suposed to have a 'Yes' in the 4th item, "Is the CTFMON.EXE already replaced", as seen in the
 http://i243.photobucket.com/albums/ff1/letrocrew/CTFMONEXEsreenshot.jpg

HJT log attached.

[recovering disk space -- attachment deleted by admin]

[lectrocrew]

 Also, is the CTFMON Remover suposed to have a 'Yes' in the 4th item, "Is the CTFMON.EXE already replaced", as seen in the
 http://i243.photobucket.com/albums/ff1/letrocrew/CTFMONEXEsreenshot.jpg

Never mind, I figured it out. Now the first 3 are "No" and the last is "Yes".
Sorry, I'm pretty slow sometimes! 

[Broni]

*** You need to click on "Deactivate" button in order to kill ctfmon.exe

*** Download, and run QuickTime Killer: http://www.softpedia.com/get/System/Launchers-Shutdown-Tools/QuickTime-Killer.shtml
QuickTime Killer will remove QuickTime from start up and kill any running QuickTime processes. This application runs silently at start up and closes itself as soon as it takes care of QuickTime

*** Following entries can be safely "fixed" by HJT:
- O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
- O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
- O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (it shouldn't show, if QuickTime Killer used already)
- O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
- O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (it shouldn't show if CTFMON-Remover used already)
- O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
- O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present (to be fixed if not done intentionally)

[lectrocrew]

Done and she's running like a top.
Once again, you guy's are great!
Thank you so much!!! 

[Broni]

Cool