I did a quickscan and mbam had a Hijack.DisplayProperties (where as SAS log only had tracking cookie), so I am not sure what is still left and request help in cleaning up my system in case there is still something left. A HijackThis run (whose log now got overwritten by a subsequent run and thus lost) showed a leftover startup item for this dll and I asked it to be removed (note that the dll was already cleaned up a few reboots before), so not sure how it came back (or may be HJT failed to remove it). HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Ĭ:\WINDOWS\sotsqlsr.dll () -> Delete on reboot.Ĭ:\Documents and Settings\darah\Local Settings\Temp\pdfupd.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.Ĭ:\temp (Trojan.Dropper) -> Quarantined and deleted successfully.Īfter a reboot, mbam had nothing and when I ran SUPERAntiSpyware it found more:Ĭ:\Documents and and and and and and and and VOLUME INFORMATION\_RESTORE\RP336\A0053560.EXEĪfter a couple of days, I just rebooted my system and there was an error that a C:\WINDOWS\egejecuxiq.dll couldn't be run, which is exactly the same dll that was identified as malware and was cleaned up. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages () -> Data: sotsqlsr.dll -> Quarantined and deleted successfully. Time elapsed: 2 hour(s), 34 minute(s), 34 second(s)Ĭ:\WINDOWS\sotsqlsr.dll (Trojan.Hiloti) -> Delete on reboot.