Hi, I have expended my knowledge in how to remove this malware. First of all let me tell you want happened and what I've done. In short, my computer was infected through Java from a article on Yahoo. It "removed" all my personal files, removed my background, etc. I realized it had just "hidden" all my files instead. I had a lot of system restore files dating before when I received the virus, and I chose the farthest one I could go back. That cleared most of the problems I was having, after that I ran Avira, Spybot and MalwareBytes to clear anything remaining. Spybot is the only one that found anything and it was just cookies. Thinking all was fixed, I was doing some searches to reinstall and update some programs because of the system restore and noticed that I was getting redirecting for a good 4-5 times then it would stop intermediately and allow me to go to the page I wanted. Also, I have noticed that IE will start by itself and start playing what sounds like ADs but IE isn't viewable and I can only see it running in Windows Task Manager.
So far I have ran complete scans with Avira, Spybot, MalwareBytes, Ad-aware, Hitman 3.5 and Avast. I downloaded TDSSKiller but that refuses to run. I just downloaded HiJackThis but the log isn't working, it's not saving anything even though I tell it to. Also, Avira's system scan didn't pick this up but its' Guard did, "ADSPY/AdSpy.Gen3". It showed the location of the file but it wasn't there so I just deleted the entire folder. I have cleared all my Temp folders as well. My host files only have two lines "127.0.0.1" and "::1" and spybot has it locked so it can't be changed now.
I believe that is all the steps I have done, hopefully that will help diagnose the problem easier.
Edited by hamluis, 31 May 2011 - 12:08 PM.
No logs, moved from MRL to Am I Infected.