amateur

Hello and welcome to TSF.

This is identified as a common infection spread via FaceBook and MySpace.

Scan with HijackThis and put a checkmark against the following entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8181
O4 - HKLM\..\Run: [sysftray2] C:\windows\bolivar19.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\Program Files\TinyProxy\TinyProxy.exe

Close all browsers and windows other than HijackThis and click on 'fix checked'. Exit HijackThis.

=======================

Restart your computer.

=======================

Using Windows Explorer (right click on Start, click on Explore) navigate to locate and delete the following folder and files if still present:

C:\Program Files\TinyProxy
C:\Windows\fmark2.dat
C:\Windows\Kenny**.exe (** stand for a numbers such as 16, 17, 18..)

Note: If you run into problem deleting the TinyProxy folder, try it in Safe Mode.

Safe Mode instructions:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

==========================

If you experience connection problems afterwards (browsing):

In IE:

Go to Tools> Internet Options > Connections Tab >Lan Settings and uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox:

Go to Tools> Options> Advanced Tab> Network Tab> "Settings" under Connection and uncheck the proxyserver.

==========================

Next, click Start>Run and copy/paste the following text in bold, exactly as it is:

sc delete "Plug and Play (PlugPlay) " <== it's important that you keep that extra space between (PlugPlay) and "

Please post a new HijackThis log in your next reply and let me know how things are.