Brian: First of all, allow me to thank you for your efforts.  Secondly, your reply, depending on the provided evidence, is very clear and well stated.  It is also within acceptable tolerances, at least in my mind, and hence I would hope that we see the end of that, and that I will not face any further issues. 

Still some questions remain in my mind, regarding NIS09 functionality (and even possible comparison to Kaspersky7 architecture) as well as several discussion points, but I will not elaborate at this instant.

Finally, I would appreciate your opinion please, in relation to removing the infected files and possible consequences to the stability of the system,  and any possible specific procedures that I would have to follow. 

Thank you once again.

Allow me to extend my thanks to everyone who contributed to this thread, and helping out.

TrDo.

Hi TrDo,

I'm glad to have been of some help.  About your final inquiry, if I understand correctly, your concern is regarding the malicious files which may or may not have been executed on your system and if there are any particular steps necessary for you to insure that they have been completely removed?

Assuming this is the case, I am confident that based on the information you provided in your first post, regarding the scans you had run and the results of those scans, that your system is free from infection of the known malware which has been discussed.  From the files you had provided, I had confirmed our detection, and your original post indicated that neither NIS nor the Kaspersky scanner found any of them having actively infected your computer.  At this point it's your perogative as to whether you wish to keep the 3D Online Pool game installed (depending on your comfort level with the files after your scan) as uninstalling it from the Start Menu or Add/Remove Program options will certainly remove those particular files.

Hi Brian,

I'm also referring to the .cab files I have send you.  These as you can see in my original post, are located in two areas:

C:\ProgramData\Microsoft\Windows\WER\ReportArchive : 5 files--one actually is mentioned twice

C:\Users\All Users\Microsoft\Windows\WER\ReportArchive:  the same 5 files--one again is mentioned twice.

Should I remove them manually, (i.e. right click--->Delete), or since they do not constitute any immediate threat, just leave them there?  I hope removing them won't affect stability. 

Thank you very much.

TrDo.

Hi TrDo,

You can definitely leave those alone with no fear of infection.  They can be safely deleted as well as they have no bearing on how the system operates.  For peace of mind I'd assume you would choose to delete them though.

Brian

Thank you Brian.  You are super.

All the best.

TrDo.

None of us can hope to beat Bewell for advice on this, that is clear! <s>

However I found a lot of background on WER in this MS article that Google turned up (including my reference to dump files <g>)

Harvesting Error Reports From Windows Systems

which makes me consider this as a guideline on whether or not to manually delete those files:

Since such files are created when an error occurs, and perhaps added to when the user agrees to submit files to Microsoft for evaluation and suggested solutions, then if you are not aware of any continuing, unsolved problems then feel free to delete them.

That's a suggestion not gospel!

FWIW

OK huw. Thanks very much.  I have not yet deleted them.  I will though.

TrDo.

If you want to be really sure you could even move them onto a CD/DVD! That or renaming them is a useful intermediary if you are not certain whether you will have a problem without a file.

You may have to turn off System Restore in WIndows (which will lose all your Restore Points) and AutoProtect in NIS; maybe need to do it in Safe mode or as an Administrator ....

Just in case the system will not let you delete them.