Hello,

I just installed Avast today updated and decided to do a full scan, it found some malware from memory was located in my system32 folder C:\WINDOWS\system32\Metapath.exe i believe it was a
Win32.Malware-Gen

After removal with Avast i proceeded to download MBAM to be sure and scanned as advised by sticky post.

Here is the log:

Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org

Database version: 4674

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

23/09/2010 2:50:51 PM
mbam-log-2010-09-23 (14-50-51).txt

Scan type: Quick scan
Objects scanned: 143344
Time elapsed: 6 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) → Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) → Bad: (1) Good: (0) → Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
.

I would appreciate any help or suggestions in this matter as this PC holds a lot of personal information.

If you scan again, with avast! and MBAM, do they come up clean ?

you may also run SuperAntiSpyware 4.43.1000 http://filehippo.com/download_superantispyware/
it will detect lots of cookies, nothing to worri about, just let SAS remove them

Please download and run ThreatExpert Memory Scanner

Thanks for the speedy reply guys,

I am undertaking the tasks now, and would it be fine to use Spybot Search & destroy rather than SAS?
im familiar with both.

nope, SpyBot is no good, used to be but not anymore…

Threat Expert Memory Scanner Report:
Scan details:
Scan started: Thursday, September 23, 2010 16:07:59
Scan time: 04 minutes, 40 seconds
Number of memory objects scanned: 5068
processes: 30
modules: 1347
heap pages: 3691
Number of suspicious memory objects detected: 0
Number of malicious memory objects detected: 0
Overall Risk Level: Safe
Summary of the detected threat characteristics:
No suspicious characteristics detected.
Summary of the detected memory objects:
No suspicious memory objects detected

MBAM Came up with nothing,

Starting SAS and Avast! now.

Starting SAS and Avast! now.

Wouldn’t dream of it

Avast! found the file again, but it was in the System restore, i assume i should just turn system restore off and restart my pc?

Yep, Turn off system restore, reboot, then turn it back on.

Have to leave computer for the moment, i will be back to resume the process soon.

Just a heads up!

If you want another opinion run an online scann with NOD32.

http://www.eset.com/online-scanner

Hello, guys im back, The SAS Scan found 279 Tracking cookies, and 2 Trojans of which were to do with a program called XPsystempad.

Will do the online test now.

EDIT forgot to mention that SAS was able to remove all of the above without any problems.

Did the Online Scan, found nothing.

Feeling safe again.