All those scans look good so just some finishing off to do:
The infection wasn't detected by many scanners so I'd like you to upload the removed files for analysis.
Please download Suspicious File Packer to your Desktop.
Right-click sfp.zip, choose Extract All... and extract sfp.exe to your Desktop
Double-click sfp.exe to start the program
Copy and Paste the following file list into the text box of the program:
C:\_OTMoveIt\MovedFiles\Documents and Settings\All Users\Start Menu\Programs\Startup\sleep.exe
C:\_OTMoveIt\MovedFiles\Documents and Settings\All Users\Start Menu\Programs\Startup\winsup.exe
A file called requested-files[YYYY-MM-DD_MM_ss].cab will appear on your Desktop - I will give you instructions for uploading this file by Private Message.
Next, clean up with OTMoveIt:
- Double-click OTMoveIt to start the program
- Close all other programs apart from OTMoveIt as this step will require a reboot
- On the OTMoveIt main screen, press the CleanUp! button
- Say Yes to the prompt and then allow the program to reboot your computer.
Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm
Re-hide hidden/system files and folders:
Click Start -> My Computer
Select the Tools menu, click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Do not show hidden files and folders
CHECK the Hide extensions for known file types option
CHECK the Hide protected operating system files (recommended) option
Assuming that all went well, I think at this stage your computer is clean of malware here are some tips to help you keep your machine clean:
Operating system vulnerabilities can easily be exploited by malware so please ensure your operating system is automatically kept up to date by using Windows Update:
Go to Start->Control Panel->Automatic Updates
Select Automatic and select a suitable schedule
Also, check that your antivirus and antispyware programs are set to automatically update daily.
You have a good antivirus package installed, however I recommend you also install antispyware software with real-time capabilities - this will protect you from a wider range of malware and also that it will protect you from system changes and spyware while you are working, not just removing malware after it has been installed. There are a range of paid-for and free packages available, a free one I can recommend is Windows Defender, available here:
http://www.microsoft.com/athome/securit ... fault.mspx
Spywareblaster is a free program which prevents the download and installation of Internet Explorer ActiveX based malware by immunizing your system against it. You can download Spywareblaster from here and a tutorial to help you get started is available here.
Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins orActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.
Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.
Find out more about how to prevent infection in the future
Please post back to let me know that you have read this, and if there are any further issues.