So can we"others here"use it?! with our tools also"if ours fails could we use it and no angry or hate"
There is no restriction on who can use it - that is why OT put out the public tutorial
Everything deleted is placed in a quarantine file so it can be replaced if needed
There are some more advanced functions but they are kept in the background as they are the dangerous ones ;D
Hi essexboy,
Thank you very much for taking our case! We’ll have the logs up tonight, I just wanted to quickly post so you guys don’t think we’ve abandoned this thread. It’s much appreciated!
Here is the requested OTL log! ComboFix coming next.
ComboFix log! Thank you!
exorkizein,
Essexboy should be coming by sometime during the day. He is on UK time zone. Thank you for posting the logs. He is excellent at helping with malware removal and I’m sure he will be able to help you with your problems.
Hi the malware was hiding in the Chrome settings are - all gone ;D
Unfortunately OTL was saved in Unicode, could you re-run it and save the file as ANSI please
What problems do you have now ?
Hi,i think you can use the Dr.Web CureIT or Malwarebyte’s Anti-malware to check you system.
PS:You can also try this:Hitman Pro,Hope i can help you.
@ Devil, I appreciate your suggestions although they are incorrect at this time. Essexboy is a Certified Malware Expert. When he is assisting others with malware removal in the forum, we do not interfere with his work as this only creates confusion. Thank you for your understanding. 
Here’s the OTL log in ANSI. Sorry for the delay!
On completion of these runs can you let me know what problems remain
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ndisrd.sys -- (ndisrd):Files
ipconfig /flushdns /c:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Please download Malwarebytes’ Anti-Malware from Here.
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Hi essexboy,
Here is the OTL log. We’re running the MBAM scan overnight and will post the log in the morning. Thank you!
Nevermind, it finished a lot faster than I thought! Here is the log
What are your current problems ?
Hi essexboy,
She mentioned earlier that “HTML:IFrame-U [Trj]” was found. It just appeared again with an Avast warning. We moved to chest. File name: C:\Windows\Temp\6FF679FD-C95C-4A1F-8427-83CA5F7AC649-Sigs\A4749EF3-BA75-48A7-B655-701F97BDA386mpavdlta.vdm.old.temp
What site was she visiting at the time ? As being in the temp files it probably came from there. Or had a security programme updated as it may be an unencrypted definition
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:Files C:\Windows\Temp\6FF679FD-C95C-4A1F-8427-83CA5F7AC649-Sigs :Commands [purity] [resethosts] [emptytemp] [EMPTYFLASH] [CREATERESTOREPOINT] [Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done