uhh. Remove one of “http//” thingies in url adress bar.

@essexboy - one of links in your post has two http in it(link is attached to “OTL” word).

Fixt the link :o

@jmelaniehunt

Download OTL to your Desktop

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Click on Minimal Output at the top
[*]Select All Users
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

.
As you have 7 there is a fairly quick fix that sometimes works

From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.

I think these are the files you need. I tried running the scannow file but nothing happened (left the space correctly).

OK lets start - there are many variants of this malware and the ease of removal varies

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811 O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No CLSID value found. [2010/10/09 09:27:12 | 000,000,120 | ---- | C] () -- C:\Users\Hunt\AppData\Local\Bfajoziyijevulas.dat [2010/10/09 09:27:12 | 000,000,000 | ---- | C] () -- C:\Users\Hunt\AppData\Local\Xwiseviwepasuleb.bin [2010/10/09 09:57:43 | 000,000,000 | ---D | M] -- C:\Users\Hunt\AppData\Roaming\Ahbyyv [2010/10/15 19:25:35 | 000,000,000 | ---D | M] -- C:\Users\Hunt\AppData\Roaming\Ezuzva

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

[*]Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thank you for the help. I am going to run a full scan before I start this process, so it will be some time before I get back to you.

No problem - just ensure that explorer is not deleted

Off to bed now back tomorrow

Is it possible that it is Avast! that is causing the problem? Malwarebyte did not find this virus. Apart from Avast! saying that I had a virus, the only other indication was that I was unable to get into Windows Explorer through the shortcut which is at the bottom of the page on Windows 7. When I tried to do it, it said that it couldn’t because there was a virus. However while I was following your instructions, I disabled Avast! and it went into Windows Explorer from the short cut with no problem. Also I typed in explorer.exe through task manager and it went into it, though it wouldn’t when I had the Avast! working.

I followed your instructions as far as I could. In the first part with the OTL file, I am not sure if it completed it because I got a message saying there was a serious error and windows closed down. I did not try running it again. I am enclosing the text file from when I ran the virus scan in OTL. For some reason there was only one file which I am enclosing. I then downloaded ComboFix and tried to run it. It said it was running and task manager said it was running but nothing happened. I left it for about 30 minutes hoping something would come up but nothing did.

Should I try reinstalling Avast!?

Hi this is from the first OTL run prior to running SFC
PRC - C:\Windows\explorer.exe ()

This is from the second run after SFC
PRC - C:\Windows\explorer.exe (Microsoft Corporation)

Notice that explorer is now reported as a legitimate file with the MS name

Malwarebyte did not find this virus. It won’t as it is an infection of a system file

Could you run Combofix from safe mode please

You are probably going to think I am the biggest pain out but I really do appreciate the help you are giving me. I tried to run ComboFix in safety mode but it said that an antivirus was still running. I checked the task manager and could not find anything which resembled an antivirus. I did not continue but I did not want to harm the computer. Any suggestions?

Yes ignore the warning it will run OK

EDIT: OK reading that it doesn’t sound right

you are not a pain, so rephrased ignore the combofix warning as Avast in safe mode will not hamper it

That sounds better ;D

I ran the ComboFix and it said that it corrected two viruses (one in explorer.exe and another in some other file). The machine then froze and I had to reboot. I am running the virus again on Avast! to see if the viruses are cleared. Do you want me to run ComboFix again. I have to admit that I get nervous when I run it because I am afraid it might make the situation worse.

Yes please, but first see if there is a file called combofix.txt on your c drive

I downloaded combofix to my E drive (an external hard drive) so I presume the file would be there. It isn’t. I will need to run combofix later because I have to go out now so you possibly won’t get it until tomorrow your time.

No problem, but combofix must be run from the desktop. Anywhere else and it will encounter problems

Sorry I madea copy on the desktop and will run it from there later. Thank you for all your help.

;D Go out and have fun we will pick up when you get back

Here is the CombiFix.txt file. I think it has repaired the errors. I ran the scan again and it said that there were no viruses but you can probably tell better than I.

Unfortunately it is returning - this is a very pernicious little variant

Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that

I tried to download the file and it told me it would take over 30 minutes to download. At the present time I can only use the internet for a maximum of 30 minutes, so there is a reasonable chance that I will get halfway through the download and it will stop.

What is your download speed ? My system with 10Mb speed takes about 2 minutes