You can delete that explorer.exe on the Desktop.

If you need it in the future, it will be at that download link, available at 8 downloads left.

As requested, here is the latest Avira scan log:



Avira AntiVir Personal
Report file date: Friday, March 05, 2010 10:17

Scanning for 1814064 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : SHERWIN

Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 03:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 02:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 03:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 02:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 23:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 03:52:22
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 03:52:40
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 03:52:46
VBASE004.VDF : 7.10.3.76 2048 Bytes 1/26/2010 03:52:47
VBASE005.VDF : 7.10.3.77 2048 Bytes 1/26/2010 03:52:47
VBASE006.VDF : 7.10.3.78 2048 Bytes 1/26/2010 03:52:47
VBASE007.VDF : 7.10.3.79 2048 Bytes 1/26/2010 03:52:48
VBASE008.VDF : 7.10.3.80 2048 Bytes 1/26/2010 03:52:48
VBASE009.VDF : 7.10.3.81 2048 Bytes 1/26/2010 03:52:48
VBASE010.VDF : 7.10.3.82 2048 Bytes 1/26/2010 03:52:49
VBASE011.VDF : 7.10.3.83 2048 Bytes 1/26/2010 03:52:49
VBASE012.VDF : 7.10.3.84 2048 Bytes 1/26/2010 03:52:49
VBASE013.VDF : 7.10.3.85 2048 Bytes 1/26/2010 03:52:50
VBASE014.VDF : 7.10.3.122 172544 Bytes 1/29/2010 03:52:51
VBASE015.VDF : 7.10.3.149 79872 Bytes 2/1/2010 03:52:52
VBASE016.VDF : 7.10.3.174 68608 Bytes 2/3/2010 03:52:52
VBASE017.VDF : 7.10.3.199 76800 Bytes 2/4/2010 03:52:53
VBASE018.VDF : 7.10.3.222 64512 Bytes 2/5/2010 03:52:54
VBASE019.VDF : 7.10.3.243 75776 Bytes 2/8/2010 03:52:55
VBASE020.VDF : 7.10.4.6 81920 Bytes 2/9/2010 03:52:55
VBASE021.VDF : 7.10.4.30 78848 Bytes 2/11/2010 03:52:56
VBASE022.VDF : 7.10.4.50 107520 Bytes 2/15/2010 03:52:57
VBASE023.VDF : 7.10.4.62 105472 Bytes 2/15/2010 03:52:58
VBASE024.VDF : 7.10.4.85 111616 Bytes 2/17/2010 03:52:59
VBASE025.VDF : 7.10.4.109 122368 Bytes 2/21/2010 03:53:00
VBASE026.VDF : 7.10.4.128 109056 Bytes 2/23/2010 03:53:00
VBASE027.VDF : 7.10.4.151 111104 Bytes 2/26/2010 03:53:01
VBASE028.VDF : 7.10.4.170 132608 Bytes 3/1/2010 03:53:02
VBASE029.VDF : 7.10.4.184 100864 Bytes 3/2/2010 03:53:03
VBASE030.VDF : 7.10.4.185 2048 Bytes 3/2/2010 03:53:04
VBASE031.VDF : 7.10.4.192 80896 Bytes 3/3/2010 03:53:04
Engineversion : 8.2.1.180
AEVDF.DLL : 8.1.1.3 106868 Bytes 3/4/2010 03:53:21
AESCRIPT.DLL : 8.1.3.17 1032570 Bytes 3/4/2010 03:53:21
AESCN.DLL : 8.1.5.0 127347 Bytes 3/4/2010 03:53:18
AESBX.DLL : 8.1.2.0 254323 Bytes 3/4/2010 03:53:22
AERDL.DLL : 8.1.4.2 479602 Bytes 3/4/2010 03:53:18
AEPACK.DLL : 8.2.1.0 426356 Bytes 3/4/2010 03:53:16
AEOFFICE.DLL : 8.1.0.39 196987 Bytes 3/4/2010 03:53:15
AEHEUR.DLL : 8.1.1.7 2326902 Bytes 3/4/2010 03:53:14
AEHELP.DLL : 8.1.10.1 237942 Bytes 3/4/2010 03:53:08
AEGEN.DLL : 8.1.2.0 373107 Bytes 3/4/2010 03:53:07
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/7/2009 23:38:26
AECORE.DLL : 8.1.12.2 188790 Bytes 3/4/2010 03:53:05
AEBB.DLL : 8.1.0.3 53618 Bytes 11/7/2009 23:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 00:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 07:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 3/4/2010 03:53:24
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 02:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 07:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 02:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 07:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 00:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 02:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 07:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 04:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Friday, March 05, 2010 10:17

Starting search for hidden objects.
'26815' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'hsssrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'openvpnas.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'quicknote.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'EOUWiz.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '53' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Qoobox\Quarantine\C\WINDOWS.0\explorer.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.iuj back-door program
C:\System Volume Information\_restore{FE6BE2B3-AC4F-4834-9810-D1A8A4CF9908}\RP141\A0030635.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.iuj back-door program
Begin scan in 'D:\'

Beginning disinfection:
C:\Qoobox\Quarantine\C\WINDOWS.0\explorer.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.iuj back-door program
[NOTE] The file was moved to '4c0075df.qua'!
C:\System Volume Information\_restore{FE6BE2B3-AC4F-4834-9810-D1A8A4CF9908}\RP141\A0030635.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Small.iuj back-door program
[NOTE] The file was moved to '4bc07597.qua'!


End of the scan: Friday, March 05, 2010 11:07
Used time: 45:51 Minute(s)

The scan has been done completely.

8887 Scanned directories
323889 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
323886 Files not concerned
2368 Archives were scanned
1 Warnings
3 Notes
26815 Objects were scanned with rootkit scan
0 Hidden objects were found

I believe you nailed the bugger . During the latest scan, the annoying warning for the BDS/Small.iuj finally ceased and really interesting to find out that explorer.exe.vir was finally quarantined. Guess this is the culprit we've been looking for huh?

Well that was fun, haha Things seem okay now. If you need me to do any other diagnostics just to make sure, I'll be more than happy to oblige.

THANK YOU SO MUCH !!!

Hehe...we did it.

Now, in order to get rid of that ComboFix quarantine and ComboFix itself, then move ComboFix to the Desktop.

To uninstall ComboFix

• Click the Start button. Click Run.
  
• In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

=========

Lastly, follow my tips from above for security and prevention.

Let me know if the ComboFix uninstall was successful. Any more questions?

Just finished uninstalling Combofix. I'll definitely go ahead and give the preventive measures a try. I'll stay in touch through geekpolice.net, definitely going to start first lesson by next week, hehe. Problem solved:)

Thank you very much and more power.

You're welcome.

hi sir jay, can you please upload (again) explorer.exe

i have the same problem with sabs.. thanks so much..

I would like to see the SystemLook log first. We need to do this process under supervision so explorer.exe is not erased accidentally.

sir jay, here's the logfile:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 02:34 on 13/03/2010 by PC-1 (Administrator - Elevation successful)

========== filefind ==========

Searching for "explorer.*"
C:\WINDOWS\Explorer.EXE --a--- 1075200 bytes [01:41 13/03/2010] [01:41 13/03/2010] 2DEACA71A7FD77205F59D48D76B2F565
C:\WINDOWS\explorer.scf --a--- 80 bytes [01:46 13/01/2006] [01:46 13/01/2006] A3975A7D2C98B30A2AE010754FFB9392

Searching for "*explorer*"
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Process Explorer.lnk --a--- 1486 bytes [11:02 13/02/2010] [11:02 13/02/2010] DD92EAD4AD227D1CC691F71B6EDAA1BB
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Windows Explorer.lnk --a--- 1487 bytes [11:04 13/02/2010] [11:04 13/02/2010] 8ADAD9EAB0D1B06F75EB363B8C529934
C:\Documents and Settings\PC-1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk --a--- 779 bytes [11:17 13/02/2010] [11:18 13/02/2010] AA053579F377DABEFB80A8A7610E92C0
C:\Documents and Settings\PC-1\ChikkaDefault\Data\ADS\ADS\Large\travel_explorer.gif --a--- 4481 bytes [10:52 15/02/2010] [15:26 01/03/2010] 6D84E6927187E7FA6AA32E3ED0FAC5FC
C:\Documents and Settings\PC-1\ChikkaDefault\Data\ADS\ADS\Small\travel_explorer.gif --a--- 4481 bytes [10:52 15/02/2010] [15:26 01/03/2010] 6D84E6927187E7FA6AA32E3ED0FAC5FC
C:\Documents and Settings\PC-1\Start Menu\Programs\Accessories\Windows Explorer.lnk --a--- 1487 bytes [11:13 13/02/2010] [11:04 13/02/2010] 8ADAD9EAB0D1B06F75EB363B8C529934
C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_explorer.exe --a--- 45056 bytes [16:09 29/08/2005] [16:09 29/08/2005] 3742534455FFA2970540F69EB8A948DD
C:\WINDOWS\Explorer.EXE --a--- 1075200 bytes [01:41 13/03/2010] [01:41 13/03/2010] 2DEACA71A7FD77205F59D48D76B2F565
C:\WINDOWS\explorer.scf --a--- 80 bytes [01:46 13/01/2006] [01:46 13/01/2006] A3975A7D2C98B30A2AE010754FFB9392
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Windows Explorer.lnk --a--- 1487 bytes [11:07 13/02/2010] [11:04 13/02/2010] 8ADAD9EAB0D1B06F75EB363B8C529934

Searching for "explorer*"
C:\WINDOWS\Explorer.EXE --a--- 1075200 bytes [01:41 13/03/2010] [01:41 13/03/2010] 2DEACA71A7FD77205F59D48D76B2F565
C:\WINDOWS\explorer.scf --a--- 80 bytes [01:46 13/01/2006] [01:46 13/01/2006] A3975A7D2C98B30A2AE010754FFB9392

Searching for "explorer.exe"
C:\WINDOWS\Explorer.EXE --a--- 1075200 bytes [01:41 13/03/2010] [01:41 13/03/2010] 2DEACA71A7FD77205F59D48D76B2F565

========== folderfind ==========

Searching for "explorer.*"
No folders found.

Searching for "*explorer*"
C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer d----- [11:05 13/02/2010]
C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer d----- [11:09 13/02/2010]
C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer d----- [11:08 13/02/2010]
C:\Documents and Settings\PC-1\Application Data\Microsoft\Internet Explorer d----- [11:13 13/02/2010]
C:\Documents and Settings\PC-1\Local Settings\Application Data\Microsoft\Internet Explorer d----- [12:31 13/02/2010]
C:\Program Files\Internet Explorer d----- [11:02 13/02/2010]
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer d----- [11:07 13/02/2010]

Searching for "explorer*"
No folders found.

-=End Of File=-

Please follow instructions in this topic: http://www.helpmyos.com/malware-threat-removal-f6/bdssmalliuj-t1864.htm

And post the log in there.

hello admin.. can you help me too? i have the same problem as sabs..

Hi, janghag, please start a new topic in this section explaining your problem, and a helper or me shall be with you.