Posted 27 April 2010 - 01:57 AM
Well, I have it under control.
Because I was under time pressure to get it resolved, I didn't keep detailed notes, but here is what I did (from memory):
Essentially listing that which led me forward. Some attempts to use Live CD forms of scanners were unsuccessful. (Avira, ESET).
Booted using UBCD4win -
My current CD was a week old, so wasn't sure of definitions, but attempted Malwarebytes and Avira - both had errors (not sure why - have used Avira before from this CD)
Used EZPCFix to delete all temporary files, System Restore, Prefetch
Used Remote Registry editer to make TaskManager available
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current\Version\Policies\System\DisableTaskMgr (edited Dword to change from 0 to 1)
Restarted in Safe Mode, used Ctrl_Alt-Del to launch TaskManager, then used the 'start a process' to:
Launch (from USB key - could have dropped these on the C: drive while in UBCD4win)
Used Explorer to run
Malwarebytes installer (auto update)
Ran Mbam to scan and clean
(these steps first done after booting in regular mode, but even after rkill, mbam ran to the point of finding +/- 115 items. Clicking OK to see results killed the program)
Rebooted in Safe Mode)
Ran SuperAntiSpyware portable edition, removed found items
SAS is still running and has found a number of items mbam seems to have missed
Client was running AVG, but it looks like I am going to be recommending SuperAntiSpyware!