Looks like MBAM got some of it - so lets remove the rest
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O31 - SafeBoot: AlternateShell - services32.exe
[2011/08/24 00:03:15 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011/08/24 00:03:15 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011/08/24 00:00:16 | 000,000,000 | -H-D | C] -- C:\Windows\update.7.1
[2011/08/23 23:59:11 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
[2011/08/23 23:57:54 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
[2011/08/23 23:56:36 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011/08/23 23:54:53 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
[2011/08/23 23:54:51 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0-lnk
[2011/08/23 23:54:51 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0
[2011/08/24 00:04:26 | 000,000,200 | ---- | M] () -- C:\Windows\info1
[2011/08/24 00:03:14 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar
[2011/08/24 00:03:14 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar
[2011/08/24 00:03:14 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011/08/24 00:03:14 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar
[2011/08/23 23:59:50 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
[2011/08/23 23:57:34 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok
[2011/08/24 00:03:14 | 005,589,370 | ---- | C] () -- C:\Windows\phoenix.rar
[2011/08/24 00:03:14 | 001,075,284 | ---- | C] () -- C:\Windows\rpcminer.rar
[2011/08/24 00:03:14 | 000,182,617 | ---- | C] () -- C:\Windows\ufa.rar
[2011/08/23 23:58:39 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist
[2011/08/23 23:58:38 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar
[2011/08/23 23:58:38 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011/08/23 23:57:53 | 000,000,200 | ---- | C] () -- C:\Windows\info1
[2011/08/23 23:57:09 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok
:Files
ipconfig /flushdns /c
C:\Windows\services32.exe
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the
Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the
Quick Scan button. Post the log it produces in your next reply.