I texted my friend, to find out if it meant anything to him, and I have just received a response. He has confirmed that he has indeed used Transcend USB products from time to time, but has never knowingly installed any of their utilities etc.

(Of course, it could have been an auto-run situation with some bundled software on one of their drives, without him realizing what was going on. He is normally petty observant - but, mere mortals can miss things sometimes [grin].)

Ah - while I was typing this, your latest reply came in …

MBAM did not suggest any additional steps. It simply quarantined the element, asked me to reboot, and that was it.

I have a question about your instructions (for the next step) - I understand that you want me to execute that from the affected logon; no problem there. I am under the impression that FRST will always require admin level to run - is that correct? If so, will it be sufficient for me to continue using the “Run As” technique, or do you want me to elevate the affected logon to be part of the Admin group (until we’re finished with all of the cleaning work)?

I won’t do anything until I hear back.