Trojan Packed Win32.Krap.ag

batman2000

So Im looking for some advice, ASJ you've helped me before !!

This came up on a AV scan with Kaspersky Trojan Packed Win32 Krap.ag
Kaspersky tried deleting it:
Status: Suspicious (events: 6)
13/11/2009 18:51:37 Suspicious legal software that can be used by criminals for damaging your computer or personal data PDM.Suspicious driver installation C:\USERS\ANDY\APPDATA\LOCAL\TEMP\~LI2CF9.TMP High
13/11/2009 18:51:41 Suspicious legal software that can be used by criminals for damaging your computer or personal data PDM.Suspicious driver installation C:\USERS\ANDY\APPDATA\LOCAL\TEMP\IS-K57TT.TMP\STKCS-FOR-PACK-EFIGSPCJH-PATCH-ANY-10.TMP High
13/11/2009 18:52:32 Suspicious legal software that can be used by criminals for damaging your computer or personal data PDM.Keylogger C:\USERS\ANDY\APPDATA\LOCAL\TEMP\IS-K57TT.TMP\STKCS-FOR-PACK-EFIGSPCJH-PATCH-ANY-10.TMP Medium
13/11/2009 22:20:59 Suspicious legal software that can be used by criminals for damaging your computer or personal data PDM.Keylogger kernel mode memory patch Medium
16/11/2009 17:44:44 Suspicious legal software that can be used by criminals for damaging your computer or personal data PDM.Keylogger E:\UNREAL TOURNAMENT 3\BINARIES\UT3.EXE Medium
01/12/2009 10:52:49 Suspicious legal software that can be used by criminals for damaging your computer or personal data PDM.Suspicious driver installation C:\USERS\ANDY\APPDATA\LOCAL\TEMP\IS-C0DHM.TMP\MBAM-SETUP.TMP High
Status: Deleted (events: 5)
01/12/2009 10:08:01 Deleted Trojan program Trojan.Win32.FraudPack.abvq c:\Windows\SysWOW64\sshnas.dll High
01/12/2009 10:37:10 Deleted Trojan program Packed.Win32.Krap.ag C:\Documents and Settings\Andy\AppData\Local\Mozilla\Firefox\Profiles\g11uvd96.default\Cache\182C7218d01 High
01/12/2009 10:37:05 Deleted Trojan program Packed.Win32.Krap.ag C:\Documents and Settings\Andy\AppData\Local\Temp\a.exe High
01/12/2009 10:37:14 Deleted Trojan program Packed.Win32.Krap.ag C:\Documents and Settings\Andy\AppData\Local\Temp\b.exe High
01/12/2009 10:45:36 Deleted Trojan program Packed.Win32.Krap.ag C:\Documents and Settings\Andy\AppData\Local\Mozilla\Firefox\Profiles\g11uvd96.default\Cache\182C7218d01 High


So I then ran Malware Bytes and it deteced a 3 threats and I think it removed them when I re-booted my PC and re-scaned there were no infected items. Is there anything else I should do..?

Malwarebytes' Anti-Malware 1.41
Database version: 3267
Windows 6.1.7600

01/12/2009 10:59:17
mbam-log-2009-12-01 (10-59-17).txt

Scan type: Quick Scan
Objects scanned: 107854
Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


**************************************************
Malwarebytes' Anti-Malware 1.41
Database version: 3267
Windows 6.1.7600

01/12/2009 11:14:23
mbam-log-2009-12-01 (11-14-23).txt

Scan type: Quick Scan
Objects scanned: 108107
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:

batman2000

I also used SuperAntiSpyware and it detected just cookies (160)
I was unable to download Hijackthis

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/01/2009 at 01:02 PM

Application Version : 4.31.1000

Core Rules Database Version : 4324
Trace Rules Database Version: 2180

Scan type : Complete Scan
Total Scan Time : 01:04:04

Memory items scanned : 700
Memory threats detected : 0
Registry items scanned : 8429
Registry threats detected : 0
File items scanned : 64910
File threats detected : 160

Adware.Tracking Cookie

ActorSeeksJob

hi

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  /md5stop
  %systemroot%\*. /mp /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

batman2000

I know ASJ you prefer them txt files copy and pasted into a reply post, but when I do boards.ie doesnt respond and hangs. I have attached the TXT files. IF you need them pasted I can try again tomorrow.

Cheers

batman2000

OTL Extras logfile created on: 01/12/2009 15:23:16 - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\Andy\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.32 Gb Available Physical Memory | 82.98% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 264.73 Gb Free Space | 56.84% Space Free | Partition Type: NTFS
Drive | 931.51 Gb Total Space | 225.96 Gb Free Space | 24.26% Space Free | Partition Type: NTFS
Drive E: | 465.75 Gb Total Space | 234.93 Gb Free Space | 50.44% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDY-PC
Current User Name: Andy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [TVersity] -- "C:\Program Files (x86)\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [TVersity] -- "C:\Program Files (x86)\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5324EDAC-DED3-3A65-6881-84B4B8A8A7F9}" = ATI Catalyst Install Manager
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C1BAE0DA-5BEE-68E4-7FFB-DFCDCBE95602}" = ccc-utility64
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0722CFC8-FB86-B21D-57D2-8CB1E4AFF39E}" = CCC Help Danish
"{0842768F-A173-8B9D-EEDD-DB89B0BC75D9}" = Catalyst Control Center HydraVision Full
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16980C05-BF0D-4F02-B32F-D4345ACC8B3B}" = Boson NetSim for CCNP BETA 3
"{16AEDA59-36F3-D016-830A-CCAF0B308ECD}" = CCC Help English
"{1B66C6A6-A833-18B6-A644-0D89F6E7CD83}" = ccc-core-static
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2FF281F1-4C2F-0D07-BCF0-2CA8E493A671}" = CCC Help Chinese Traditional
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{380EBAEB-DDAF-B6F3-2551-03351C611264}" = CCC Help Italian
"{3B206713-B5A9-8997-97D3-7D3BAEF0D863}" = CCC Help Thai
"{3EB2B92A-49F5-CE65-37B1-8D3E95178228}" = Catalyst Control Center Graphics Full Existing
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{44FF51BA-F614-73F9-BCE5-10D1EA3CCBBF}" = CCC Help Finnish
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{491E59D3-4E72-6276-52CA-D9658C941B01}" = CCC Help Turkish
"{4A381195-A058-D453-EC4C-A27D438A236C}" = CCC Help Czech
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{644FCC7C-63F5-5EE1-258D-30A5FD195891}" = HydraVision
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6EA12203-3A1F-D36E-001A-EEED26D69C08}" = CCC Help Korean
"{6F083009-8E47-004F-8459-FEC59389BC4B}" = CCC Help Portuguese
"{702563CE-516C-40CF-B69C-A4E2A8FC8F14}" = OviMPlatform
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F77542B-C7D0-9A23-7817-018F2C7AC066}" = CCC Help Norwegian
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82E16F2D-804A-4990-BEEF-C9DB44AE844B}" = Nokia Ovi Suite
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4E293-3356-851A-A92B-F7417E33EA6B}" = Catalyst Control Center Graphics Full New
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8C1BC366-81DD-4050-B2DC-88287C90E915}" = Boson NetSim for CCNP 7.0
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D58A2D8-3F73-4239-2BFA-45C33C6994B9}" = CCC Help Dutch
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Premium
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{9EEFDD22-6CBA-8BBC-A46F-A0175CC071D3}" = CCC Help Swedish
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF595D08-64AC-428B-8FB8-EEC70CCB8803}" = Ovi Desktop Sync Engine
"{B2D91AD2-056B-EE87-D196-81F9834551DA}" = CCC Help Polish
"{BBD19BBF-9ABD-F856-5AA1-58A31C3000D3}" = Catalyst Control Center Core Implementation
"{BD202930-5F70-4B35-B875-1E28604F328D}" = Logitech Communications Manager
"{C08C8FCE-6EAB-97E4-403C-5ED67C475B53}" = CCC Help Spanish
"{C3D2EE61-7B29-000E-FFB2-9ECACDC142BD}" = CCC Help Japanese
"{C4B045DB-C2C0-4A05-8DA5-754B4733EE31}" = Nokia Ovi One Touch Access
"{C70DCDB3-04F7-F325-5BB2-D646C77342A1}" = CCC Help German
"{CA947F32-E30F-79C0-497C-AA923CA87E6E}" = Catalyst Control Center Localization All
"{CCEC07F5-49FC-3CEA-C5DB-5E8311CD9F8C}" = CCC Help French
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D2A1367C-2C73-7B44-BCC4-C8CFEA0BA870}" = CCC Help Chinese Standard
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D3EF3D90-CB56-5A6A-6F51-8A3A308A39A8}" = CCC Help Greek
"{D8E339C9-D9DC-94D3-7731-DFEEA6D2277C}" = CCC Help Russian
"{E0112FF2-FB01-1442-9365-EAC63B08729D}" = Catalyst Control Center Graphics Previews Vista
"{E3EEBF5A-C102-E6CA-9194-2A4A86D74C81}" = CCC Help Hungarian
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF18BFA9-45A1-235F-6F6C-F78D3ED37437}" = Catalyst Control Center Graphics Light
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F839F4CD-FA17-CB5D-5422-AB846989EE18}" = Catalyst Control Center Graphics Previews Common
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"Capture NX 2" = Capture NX 2
"Direct MIDI to MP3 Converter_is1" = Direct MIDI to MP3 Converter version 6.1.1.34
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.27022)
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster
"InstallShield_{16980C05-BF0D-4F02-B32F-D4345ACC8B3B}" = Boson NetSim for CCNP BETA 3
"InstallShield_{8C1BC366-81DD-4050-B2DC-88287C90E915}" = Boson NetSim for CCNP 7.0
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3019
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"RealPlayer 12.0" = RealPlayer
"S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = CertExams.com CCNA Network Simulator
"Switch" = Switch Sound File Converter
"TomTom HOME" = TomTom HOME 2.7.2.1825
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server" = TVersity Media Server 1.7.2.1 Beta
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/11/2009 10:52:24 | Computer Name = Andy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: NokiaOviSuite.exe, version: 2.0.1.35, time
stamp: 0x4ae6f13b Faulting module name: ole32.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdac7 Exception code: 0xc0000005 Fault offset: 0x0002f2bf Faulting process
id: 0x214 Faulting application start time: 0x01ca6d150f3bd64f Faulting application
path: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe Faulting module
path: C:\Windows\syswow64\ole32.dll Report Id: f940160c-d908-11de-8c81-001a4d4be73b

Error - 24/11/2009 20:30:21 | Computer Name = Andy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16404,
time stamp: 0x4a765771 Faulting module name: NaturalLanguage6.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdfcc Exception code: 0xc0000005 Fault offset: 0x0000000000008cf9
Faulting
process id: 0x750 Faulting application start time: 0x01ca6d10da10c6f0 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\System32\NaturalLanguage6.dll
Report
Id: b63eb5f1-d959-11de-8c81-001a4d4be73b

Error - 25/11/2009 12:14:42 | Computer Name = Andy-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 25/11/2009 23:01:25 | Computer Name = Andy-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 26/11/2009 11:26:17 | Computer Name = Andy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmprph.exe, version: 12.0.7600.16385, time
stamp: 0x4a5bd018 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
stamp: 0x4a5be02b Exception code: 0xc0000005 Fault offset: 0x000000000004d174 Faulting
process id: 0xe24 Faulting application start time: 0x01ca6eacc7fbe068 Faulting application
path: C:\Program Files\Windows Media Player\wmprph.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 0a05f1fe-daa0-11de-bb14-001a4d4be73b

Error - 26/11/2009 13:11:03 | Computer Name = Andy-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 27/11/2009 07:50:25 | Computer Name = Andy-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 28/11/2009 17:14:07 | Computer Name = Andy-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 30/11/2009 09:15:39 | Computer Name = Andy-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 01/12/2009 10:09:04 | Computer Name = Andy-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 01/12/2009 09:09:53 | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7034
Description = The TVersityMediaServer service terminated unexpectedly. It has done
this 1 time(s).

Error - 01/12/2009 09:10:58 | Computer Name = Andy-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 01/12/2009 09:10:58 | Computer Name = Andy-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 01/12/2009 09:11:52 | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 01/12/2009 09:14:28 | Computer Name = Andy-PC | Source = BROWSER | ID = 8032
Description =

Error - 01/12/2009 09:36:27 | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7034
Description = The TVersityMediaServer service terminated unexpectedly. It has done
this 1 time(s).

Error - 01/12/2009 09:37:24 | Computer Name = Andy-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 01/12/2009 09:37:24 | Computer Name = Andy-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 01/12/2009 09:38:09 | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 01/12/2009 09:40:25 | Computer Name = Andy-PC | Source = BROWSER | ID = 8032
Description =


< End of report >

ActorSeeksJob

not seeing much

update mbam run a quick scan post that log


do the same for kaspersky


and do this

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

batman2000

Thanks ASJ:
Malware

Malwarebytes' Anti-Malware 1.41
Database version: 3278
Windows 6.1.7600

02/12/2009 16:14:07
mbam-log-2009-12-02 (16-14-07).txt

Scan type: Quick Scan
Objects scanned: 108677
Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

batman2000

GMER:
Not all the boxes we ticked at the side, it can up with an error
C:\Windows\System32\config\system The sytem cannot find the specified file.

Is that because Im running W7 64 bit

Kaspersky:
Scan with no threats found.
Also, How would you rate Kaspersky??

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-02 16:26:49
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D9C817EF-3AB4-B963-9328-BC44CDD03CFB}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D9C817EF-3AB4-B963-9328-BC44CDD03CFB}@oaijpnbcoajcmjafjbdpipjfmfojfb 0x6B 0x61 0x6D 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D9C817EF-3AB4-B963-9328-BC44CDD03CFB}@naokdikekdhgbokepedgkaabihki 0x6B 0x61 0x6D 0x6B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D9C817EF-3AB4-B963-9328-BC44CDD03CFB}@oamingnacloafpigdcllbglmdcagab 0x64 0x61 0x68 0x6B ...

---- EOF - GMER 1.0.15 ----

ActorSeeksJob

kaspersky is the best by far

Your logs are clean


Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

1. Create a new Restore Point

• Click on the Start button to open your Start Menu.
• Click on the Control Panel menu option.
• Click on the System and Maintenance menu option.
• Click on the System menu option.
• Click on System Protection in the left-hand task list.
• Create the manual restore point you should click on the Create button. When you press this button a prompt will appear asking you to provide a title for this manual restore point.
• Type in a title for the manual restore point and press the Create button.
• Close the System window after you have been advised that the procedure has been successfully completed.

.
2. Clear your existing system restore points except for the new clean restore point you just created:

• Go to Start > Run and type in cleanmgr
• Select the More options tab
• Next to System Restore click Clean up
• This will remove all restore points except the new one you just created.

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html



Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
  Here
  
  
  If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  • NoScript - for blocking ads and other potential website attacks
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
  
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
  
• FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  
  
• Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
  
  
• Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

batman2000

Thanks ASJ,


Restore Point
I have some queries on what you described about the restore point. Probably because I'm running Windows 7 64bit. The method looks different. I have attached a scren shot.

Adobe
Also my system says I have Adobe Reader 9.2. Is there a conflict somwhere where you are seeing an older version of Adobe?
Screen shot attached

I also forgot to attach a Windows Defender Screenshot for Nov 30th. Defender now reports no malicious items

Thanks for all your help

batman2000

Just for completeness. Here is the Hijack this logfile (I wasn't working before this)

ActorSeeksJob

that looks fine

I don't work on Windows 7 machines at all, that's why the system restore instructions weren't precise

Don't worry about Adobe Reader, that's fine also

batman2000

No worries ASJ, the instructions were clear as always, just some slight variations !

I wasn't sure about deleting previous system restore points as the dialog box said all restore points would be deleted so I didn't do it !!!

Thanks for the help
batman