Hi
Avast has found win32 winpatch virus on my winxp laptop. It had infected the explorer.exe and winlogon.exe files couldn’t be moved to chest.
I went looking online and found reference to someone using the tool combofix to fix this was on the bleeping computer website. This didn’t work entirely the explorer.exe no longer works. Have tried to restore this but no luck so far. Have tried using the kasperky v10 boot disc but that wont work either.
Any advice would be greatly appreciated getting the explorer.exe working would be great before then looking at removing the virus.
Regards
Joe 
Asyn
2
Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0
Are you able to access windows ?
system
4
Yes I am. Sorry for the late replay only issue is that windows explorer crashes on start up but this is a result of using a tool called combofix. Which I have removed now. Will be sending the log files you need to shortly.
thanks again for the help
Pondus
5
if you have run combofix, attach that log also
system
6
I have run Adw Cleaner but on reboot no log file was reproduced I think might be because explorer.exe is not working. Am running programs from the run prompt in task manager.
Combofix also never produced a log file either.
Will be attaching the malwarebytes log have that one at least
system
9
sorry did this wrong didn’t include the script
netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir “%systemdrive%*” /S /A:L /C
CREATERESTOREPOINT
Will try again
Yes please as that will show me any spare explorers that I can use
system
11
Only got one log file from using OTL
Do you get any errors at all at start ? This may be Barmital… Could you attach the combofix log please
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\qxvphl.sys -- (axekhn)
:Files
C:\WINDOWS\explorer.exe|C:\WINDOWS\ServicePackFiles\i386\explorer.exe /replace
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
system
13
This is the aswMBR.exe log file
system
14
The only error I got running OTL is that at one point it looked for the D: drive cd drive but there is nothing in that so I just pressed cancel and it continued. Will carry out your instructions now
system
15
Fantastic Laptop boots up ok and everything seems ok
Here are the log files
So all is back to normal now is that correct ?
system
18
yes I believe so will do an avast boot scan now but am very hopeful all good.
thanks very much for the help

Let me know the result of the Avast scan and if you are happy I will tidy up
system
20
Have run an Avast Boot Scan which did some items which were moved to chest. Then ran a full scan from within windows was clean then ran another boot scan again was clean.
Only issue is that with the boot scan it would find some zip files which it said were corrupted. However I think these files are part of a legit application. Do you think this is a concern ?
Am happy to say all is good now unless above is an issue