Assitance please

Good day,

I just ran aswMBR and looks like trouble. Should I select the FixMBR button? The Fix button is not selectable. Thanks in advance.

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-11 13:03:15

13:03:15.029 OS Version: Windows x64 6.1.7601 Service Pack 1
13:03:15.029 Number of processors: 8 586 0x3A09
13:03:15.039 ComputerName: XXXXDTR UserName: xxxx
13:03:16.221 Initialize success
13:07:28.744 AVAST engine defs: 12121101
13:08:20.912 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IAAStorageDevice-1
13:08:20.912 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
13:08:20.928 Disk 0 MBR read successfully
13:08:20.928 Disk 0 MBR scan
13:08:20.944 Disk 0 Windows 7 default MBR code
13:08:20.944 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 11185 MB offset 2048
13:08:20.959 Disk 0 Partition 2 80 (A) 27 Hidden NTFS WinRE NTFS 100 MB offset 22908928
13:08:20.959 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 422471 MB offset 23113728
13:08:20.990 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 281647 MB offset 888334336
13:08:21.022 Disk 0 scanning C:\windows\system32\drivers
13:08:26.384 Service scanning
13:08:40.813 Modules scanning
13:08:40.813 Disk 0 trace - called modules:
13:08:40.844 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
13:08:40.844 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa800ab11790]
13:08:40.844 3 CLASSPNP.SYS[fffff88001db743f] → nt!IofCallDriver → [0xfffffa800a9fe950]
13:08:40.844 5 ACPI.sys[fffff88000e0b7a1] → nt!IofCallDriver → \Device\Ide\IAAStorageDevice-1[0xfffffa800ab10050]
13:08:42.202 AVAST engine scan C:
13:15:12.751 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\A954003410.exe.vir INFECTED Win32:Dropper-gen [Drp]
13:15:12.814 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A954003410.exe.vir INFECTED Win32:Dropper-gen [Drp]
13:15:12.892 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep122.vir INFECTED Win32:Dropper-gen [Drp]
13:15:12.939 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep148.vir INFECTED Win32:Dropper-gen [Drp]
13:15:12.985 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep191.vir INFECTED Win32:Dropper-gen [Drp]
13:15:13.048 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep215.vir INFECTED Win32:Dropper-gen [Drp]
13:15:13.079 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep216.vir INFECTED Win32:Dropper-gen [Drp]
13:15:13.141 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep218.vir INFECTED Win32:Dropper-gen [Drp]
13:15:13.547 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep238.vir INFECTED Win32:Dropper-gen [Drp]
13:15:13.968 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep243.vir INFECTED Win32:Dropper-gen [Drp]
13:15:14.077 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep274.vir INFECTED Win32:Dropper-gen [Drp]
13:15:14.140 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep281.vir INFECTED Win32:Dropper-gen [Drp]
13:15:14.196 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep288.vir INFECTED Win32:Dropper-gen [Drp]
13:15:14.262 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep322.vir INFECTED Win32:Dropper-gen [Drp]
13:15:14.308 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep33.vir INFECTED Win32:Dropper-gen [Drp]
13:15:14.364 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep381.vir INFECTED Win32:Dropper-gen [Drp]
13:15:14.411 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep530.vir INFECTED Win32:Dropper-gen [Drp]
13:15:14.440 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep604.vir INFECTED Win32:Dropper-gen [Drp]
13:15:14.502 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep613.vir INFECTED Win32:Dropper-gen [Drp]
13:15:14.549 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep621.vir INFECTED Win32:Dropper-gen [Drp]
13:15:14.596 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep759.vir INFECTED Win32:Dropper-gen [Drp]
13:15:14.658 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep815.vir INFECTED Win32:Dropper-gen [Drp]
13:15:14.736 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep894.vir INFECTED Win32:Dropper-gen [Drp]
13:15:14.861 File: C:\Qoobox\Quarantine\C\Users\xxxx\AppData\Roaming\tep899.vir INFECTED Win32:Dropper-gen [Drp]
13:17:20.772 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep122 INFECTED Win32:Dropper-gen [Drp]
13:17:20.881 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep148 INFECTED Win32:Dropper-gen [Drp]
13:17:20.928 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep174 INFECTED Win32:Dropper-gen [Drp]
13:17:20.990 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep191 INFECTED Win32:Dropper-gen [Drp]
13:17:21.084 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep215 INFECTED Win32:Dropper-gen [Drp]
13:17:21.146 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep216 INFECTED Win32:Dropper-gen [Drp]
13:17:21.224 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep218 INFECTED Win32:Dropper-gen [Drp]
13:17:21.287 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep238 INFECTED Win32:Dropper-gen [Drp]
13:17:21.349 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep243 INFECTED Win32:Dropper-gen [Drp]
13:17:21.412 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep254 INFECTED Win32:Dropper-gen [Drp]
13:17:21.474 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep274 INFECTED Win32:Dropper-gen [Drp]
13:17:21.536 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep281 INFECTED Win32:Dropper-gen [Drp]
13:17:21.599 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep288 INFECTED Win32:Dropper-gen [Drp]
13:17:21.661 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep322 INFECTED Win32:Dropper-gen [Drp]
13:17:21.724 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep33 INFECTED Win32:Dropper-gen [Drp]
13:17:21.786 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep381 INFECTED Win32:Dropper-gen [Drp]
13:17:21.848 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep530 INFECTED Win32:Dropper-gen [Drp]
13:17:21.911 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep604 INFECTED Win32:Dropper-gen [Drp]
13:17:21.973 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep613 INFECTED Win32:Dropper-gen [Drp]
13:17:22.036 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep621 INFECTED Win32:Dropper-gen [Drp]
13:17:22.114 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep759 INFECTED Win32:Dropper-gen [Drp]
13:17:22.192 File: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep899 INFECTED Win32:Dropper-gen [Drp]
13:17:48.940 File: C:\Users\xxxx\Documents\Windows\newhost.exe INFECTED Win32:Crypt-NKM [Trj]
13:17:49.292 File: C:\Users\xxxx\Documents\Windows\windows.updater.3.9.exe INFECTED Win32:Crypt-NKM [Trj]
13:17:55.038 File: C:\Users\xxxx\Drivers\ghena.exe INFECTED Win32:Crypt-NKM [Trj]
13:17:55.116 File: C:\Users\xxxx\Drivers\kretos.exe INFECTED Win32:Dropper-gen [Drp]
13:36:09.796 Scan finished successfully
13:41:10.445 Disk 0 MBR has been saved successfully to “C:\Users\xxxx\Documents\MBR.dat”
13:41:10.461 The log file has been saved successfully to “C:\Users\xxxx\Documents\aswMBR.txt”

nope…do not fix yet…wait for Essexboy

Follow this guide and attach the logs requsted…not copy and paste http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL

I see that you have also run Combofix, could you attach that log as well

Thanks,

adwCleaner showed no problems. Sorry for the previous cut and paste I thought that was the correct way. Here are my ComboFix, MalwareBytes, and both OTL logs.

OK you will need to type in the user name exactly, if it is not right then the fix will not work

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
O4 - HKU\S-1-5-21-1087861615-1763258225-1631329705-1001..\Run: [Nethost] C:\Users\xxxx\My Documents\Windows\newhost.exe ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.6.lnk = File not found
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep122 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep148 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep174 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep191 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep215 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep216 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep218 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep238 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep243 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep254 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep274 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep281 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep288 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep322 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep33 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep381 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep530 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep604 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep613 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep621 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep759 ()
O4 - Startup: C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep899 ()
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep899
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep759
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep621
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep613
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep604
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep530
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep381
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep33
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep322
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep288
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep281
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep274
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep254
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep243
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep238
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep218
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep216
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep215
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep191
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep174
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep148
[2012/12/10 13:31:12 | 000,025,600 | RHS- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tep122

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Sorry for the previous cut and paste I thought that was the correct way. Here
no,problem..... it is usually not and issue exept for the OTL log that is so big that you need ten posts to copy and paste it. so easier to just tell every one to attach all logs. ;)

Here we go…

What problems are you experiencing now ?

I think I’m all set, I’m running one last MalwareBytes scan to check. I believe as of this time I’m very much in your debt. Thank you very much for the help. Do you think I’m safe to start changing passwords?

If MBAM comes up clean then I would recommend that the passwords be changed… If you are happy tomorrow let me know and I will tidy up

MBAM clean this morning as well. Once again, thanks so much… have a great day!

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run AdwCleaner and press uninstall

Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands [resethosts] [emptytemp] [Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
[*]Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
[*]In the Run box, type in ComboFix /Uninstall
(Notice the space between the “x” and “/”)
then click OK

http://i1224.photobucket.com/albums/ee362/Essexboy3/Misc%20screen%20shots/CF_Uninstall-1.jpg

[]Follow the prompts on the screen
[
]A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[
]Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

Hi Guys,

From the looks of my aswMBR I may not be out of the woods yet. Here are fresh aswMBR, ComboFix, and OTL logs. MBAM was clear so I didn’t include the file.

Hate to be a pest…

Intriguing did Avast move them ? As they are not showing in any of the logs and there are no unusual drivers/services/run keys showing

The files here?:

09:18:23.440 File: C:\Users\xxxx\Documents\Windows\windows.updater.3.9.exe INFECTED Win32:Crypt-NKM [Trj]
09:18:33.862 File: C:\Users\xxxx\Drivers\ghena.exe INFECTED Win32:Crypt-NKM [Trj]
09:18:33.921 File: C:\Users\xxxx\Drivers\kretos.exe INFECTED Win32:Dropper-gen [Drp]

Run OTL with this fix, when it reboots a log will popup please post that

Again the user name will need to be entered correctly

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Files
C:\Users\xxxx\Documents\Windows\windows.updater.3.9.exe  
C:\Users\xxxx\Drivers\ghena.exe
C:\Users\xxxx\Drivers\kretos.exe

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Looks like that cleaned it up!?

How is the computer now ?

Yes, aswMBR, and MBAM all look great. Time to clean up again. Thanks so much!

My pleasure, the files were inert but always best to remove them