tetonbob

Somehow in all that, I failed to ask for a new HJT log. Please follow these instructions, and at the end, post a new HJT log, and a new Uninstall List.

Those questionable files you found are junk, and can be deleted, as can the Kaspersky finds. Do it in safe mode, as part of this fix.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Be sure to protect this system against the WMF exploit. No sense in trying to clean if this patch is not applied. See the link in my signature.

See this page for instructions on how to clear java's cache.

CLEAR & RESET SYSTEM RESTORE'S CACHE

Go to Start >> Run - type control sysdm.cpl,,4 & press Enter

* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Delete these files/folders

C:\Program Files\CMAPP
C:\WINDOWS\SYSTEM32\bwklcfan.exe
C:\WINDOWS\SYSTEM32\lanbruns.exe
C:\WINDOWS\SYSTEM32\vuwaqtf.exe


Next, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.