Trojan.cycler malware unable to remove with malwarebytes

[MelissaRappl]

I am having problems removing a trojan.cycler virus that malwarebytes has identifed but cannot remove. I have disabled my system resore and deleted all old restore points. Additionally, I have ran cccleaner to empty temp/deleted files.

I am including my RSIT Tool results. Any help or advise for me on this issue is greatly appreciated! I am a new user, so if I have any forum fouls please let me know! Just looking for help. Thanks!

info.txt logfile of random's system information tool 1.06 2010-06-30 09:37:51

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

10-11 Web Alert-->C:\Windows\wnUninstall.exe "10-11 Web Alert"

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL

Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 9.3.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}

Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Broadcom ASF Management Applications-->MsiExec.exe /I{5D338E26-0DA6-44E3-8D2E-61B63384B76E}

Broadcom Management Programs-->MsiExec.exe /X{D6771E19-1BB6-43B1-811E-ECC5A4613579}

Business-in-a-Box-->C:\Program Files\Business-in-a-Box\Installer.exe /u

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Citrix Presentation Server Client-->MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}

Dell ETS Factory Installation-->C:\Program Files\InstallShield Installation Information\{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}\setup.exe -runfromtemp -l0x0009 -removeonly

Dell System Customization Wizard-->MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}

Free RAR Extract Frog-->C:\Program Files\Free RAR Extract Frog\uninstall.exe

GoodSearch Toolbar-->MsiExec.exe /I{C7004E03-00B1-49F0-930D-2D436F0A838E}

Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Intel® Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe

iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}

Java 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

Kaseya Agent-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48C76121-4F90-11D5-9884-0050BA85A903}\Setup.exe" UNINSTALL

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

McAfee AntiSpyware Enterprise Module-->"C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS

McAfee VirusScan Enterprise-->MsiExec.exe /X{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}

Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}

Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}

Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server Native Client-->MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}

Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}

Microsoft SQL Server VSS Writer-->MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MyVisionX-->C:\Program Files\InstallShield Installation Information\{68FF4E69-53DC-485C-ADD9-E56FF9A406F8}\setup.exe -runfromtemp -l0x0009 -removeonly

NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI

PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall

QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}

Ranger for MVX v2.2.93-->C:\Program Files\Silver Bullet Technology\Ranger\uninst_MVX.exe

Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}

Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}

Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}

Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}

Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}

Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}

Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}

Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}

Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}

Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}

Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}

Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}

Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}

Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Outlook 2007 Junk Email Filter (kb981726)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2C69BACE-1151-41C0-8C8D-F6026D510BD4}

URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"

User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"

VNC Enterprise Edition E4.4.3-->"C:\Program Files\RealVNC\VNC4\unins000.exe"

WebEx-->C:\PROGRA~2\WebEx\atcliun.exe

Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: VirusScan Enterprise + AntiSpyware Enterprise

AS: Windows Defender (disabled) (outdated)

AS: VirusScan Enterprise + AntiSpyware Enterprise

======System event log======

Computer Name: Scheel_K.lmef.org

Event Code: 1003

Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001AA039994C. The following error occurred:

The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Record Number: 126250

Source Name: Microsoft-Windows-Dhcp-Client

Time Written: 20100630134325.000000-000

Event Type: Warning

User:

Computer Name: Scheel_K.lmef.org

Event Code: 5703

Message: The Netlogon service could not read a mailslot message from The system cannot find the path specified. due to the following error:

03000000

Record Number: 126283

Source Name: NETLOGON

Time Written: 20100630134438.000000-000

Event Type: Warning

User:

Computer Name: Scheel_K.lmef.org

Event Code: 10010

Message: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Record Number: 126416

Source Name: Microsoft-Windows-DistributedCOM

Time Written: 20100630134851.000000-000

Event Type: Error

User:

Computer Name: Scheel_K.lmef.org

Event Code: 4

Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Record Number: 126431

Source Name: Microsoft-Windows-SpoolerWin32SPL

Time Written: 20100630135117.000000-000

Event Type: Warning

User:

Computer Name: Scheel_K.lmef.org

Event Code: 4

Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Record Number: 126432

Source Name: Microsoft-Windows-SpoolerWin32SPL

Time Written: 20100630135117.000000-000

Event Type: Warning

User:

=====Application event log=====

Computer Name: Scheel_K.lmef.org

Event Code: 5007

Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Record Number: 20217

Source Name: WerSvc

Time Written: 20100630002826.000000-000

Event Type: Error

User:

Computer Name: Scheel_K.lmef.org

Event Code: 1000

Message: Faulting application iexplore.exe, version 8.0.6001.18702, time stamp 0x49b3ad2e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000374, fault offset 0x000af1c9, process id 0xa90, application start time 0x01cb17f30754a667.

Record Number: 20223

Source Name: Application Error

Time Written: 20100630012619.000000-000

Event Type: Error

User:

Computer Name: Scheel_K.lmef.org

Event Code: 0

Message:

Record Number: 20226

Source Name: Broadcom ASF IP and SMBIOS Mailbox Monitor

Time Written: 20100630134437.000000-000

Event Type: Error

User:

Computer Name: Scheel_K.lmef.org

Event Code: 5007

Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Record Number: 20259

Source Name: WerSvc

Time Written: 20100630135314.000000-000

Event Type: Error

User:

Computer Name: Scheel_K.lmef.org

Event Code: 1000

Message: Faulting application iexplore.exe, version 8.0.6001.18702, time stamp 0x49b3ad2e, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000374, fault offset 0x000af1c9, process id 0x15f4, application start time 0x01cb185f6a66437d.

Record Number: 20286

Source Name: Application Error

Time Written: 20100630143443.000000-000

Event Type: Error

User:

=====Security event log=====

Computer Name: Scheel_K.lmef.org

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys

Record Number: 154532

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100628234258.507828-000

Event Type: Audit Failure

User:

Computer Name: Scheel_K.lmef.org

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys

Record Number: 154533

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100628234259.030880-000

Event Type: Audit Failure

User:

Computer Name: Scheel_K.lmef.org

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys

Record Number: 154534

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100628234259.162893-000

Event Type: Audit Failure

User:

Computer Name: Scheel_K.lmef.org

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys

Record Number: 154535

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100628234259.302907-000

Event Type: Audit Failure

User:

Computer Name: Scheel_K.lmef.org

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys

Record Number: 154536

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100628234259.413918-000

Event Type: Audit Failure

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel

"PROCESSOR_REVISION"=0f02

"NUMBER_OF_PROCESSORS"=2

"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

"DEFLOGDIR"=C:\ProgramData\McAfee\DesktopProtection

"VSEDEFLOGDIR"=C:\ProgramData\McAfee\DesktopProtection

-----------------EOF-----------------

[gtyhfy]

Hello,

Are the logs you posted in the following link and the one above come from the same computer ?

http://forums.malwarebytes.org/index.php?showtopic=56025

If yes, please stick on that topic and stop asking around.

Otherwise, if it is another computer, please read carefully and follow the directions below.

• If you have already submitted for assistance at one of the other support sites on the Internet, then you should not post a new topic here and stay working with the helper from that site until the issue is resolved.
  
• Please print out, read, and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
  
• One of the expert helpers there will give you one-on-one assistance when one becomes available.
  
• After posting your new topic, make sure under options (top right of your topic screen), you select Track this topic and choose one of the Email options (prefer Immediate Email Notification) so that you're alerted when someone has replied to your post.
  
• Please be patient when waiting for an expert help as the expert helpers can get a bit busy.
  
• Please try not to post back (bump) your topic within the first 48 hours. Expert helpers will find the topics which has a zero post count first. If you bump your topic, expert helpers may think the topic is replied and jump to other posts.
  If there is no reply from any experts after 48 hours, you can reply the topic for asking help again or send a Private Message to a Moderator asking for assistance.
  
• Please do not alter the system (eg install or uninstall any software, conduct some fixes, use any removal/scanning tool) after posting unless it is told by the expert helper. Using these other tools often makes the cleanup task more difficult and time consuming.
  

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here for a prioritized support. Please remember to quote your cleverbridge Reference Number from the confirmation e-mail when requesting assistance.

Thank You

PS Please use the "ADDREPLY" button at bottom of forum window instead of other ones when you start replying so that it will be easy to read by everyone.

Edit - modifying a sentence to better reflect the idea.

[MelissaRappl]

Hello,

Are the logs you posted in the following link and the one above come from the same computer ?

http://forums.malwarebytes.org/index.php?showtopic=56025

If yes, please stick on that topic and stop asking around.

Otherwise, if it is another computer, please read carefully and follow the directions below.

• If you have already submitted for assistance at one of the other support sites on the Internet, then you should not post a new topic here and stay working with the helper from that site until the issue is resolved.
  
• Please print out, read, and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
  
• One of the expert helpers there will give you one-on-one assistance when one becomes available.
  
• After posting your new topic, make sure under options (top right of your topic screen), you select Track this topic and choose one of the Email options (prefer Immediate Email Notification) so that you're alerted when someone has replied to your post.
  
• Please be patient when waiting for an expert help as the expert helpers can get a bit busy.
  
• Please try not to post back (bump) your topic within the first 48 hours. Expert helpers will find the topics which has a zero post count first. If you bump your topic, expert helpers may think the topic is replied and jump to other posts.
  If there is no reply from any experts after 48 hours, you can reply the topic for asking help again or send a Private Message to a Moderator asking for assistance.
  
• Please do not alter the system (eg install or uninstall any software, conduct some fixes, use any removal/scanning tool) after posting unless it is told by the expert helper. Using these other tools often makes the cleanup task more difficult and time consuming.
  

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here for a prioritized support. Please remember to quote your cleverbridge Reference Number from the confirmation e-mail when requesting assistance.

Thank You

PS Please use the "ADDREPLY" button at bottom of forum window instead of other ones when you start replying so that it will be easy to read by everyone.

Edit - modifying a sentence to better reflect the idea.

I was told to repost so that is what I did. He didn't want me to post under that thread, I was to start a new post as directed. If I could help that would be great. Thanks.

[MelissaRappl]

Sorry, I now clicked the add reply button I was told to start a new thread that is the reason for the post. Should there be something else I should do to get help?

Melissa

[gtyhfy]

Hello Melissa,

Yes, you do it right for that post (or maybe a moderator have spilt the post). As the expert helpers do not analyse any logs here, so the thing you need to do now is to have enough patience to wait an expert helper to analyse the log you posted in the Malware Removal - HijackThis Logs (I mean this one: http://forums.malwarebytes.org/index.php?showtopic=56025)

Just to add little information here, there is a policy at the removal forum that every case should have a new topic, so that the expert helpers will not be confused within a topic with 2 different cases -

If you're infected and need help start your own new post, do not reply in another users post.

Therefore a moderator will send a PM and tell you to post a new case (next time).

Remember to do the following on that topic:

make sure under options (top right of your topic screen), you select Track this topic and choose one of the Email options (prefer Immediate Email Notification) so that you're alerted when someone has replied to your post.

Yep, keep the habit of using "ADDREPLY" button unless you want to quote a speech. You know, I need to scroll a bit more so as to read your reply

[MelissaRappl]

Thanks so much. In my message the person said he was going to have the post you are referring to deleted and I was to make a new post. I am more than happy to wait for assistance, just want to make sure my post doesn't get deleted.

[Firefox]

I see you have already posted in the Hijackthis section HERE, wait for an expert to help you there