Advise on removing trojan virus

Make sure the file is a .log or a .txt file. You probably have the wrong file extension on it.
I log that is directly saved from HijackThis should be a .log file.

 

Just cut and paste the text from notepad into a message and I'll change it into an attachment for you.

 

You don't appear to need about:Blank or HSremove. You do not have those hijacks.

Make sure you have system restore disabled and viewing of hidden files enabled (per the tutorial).
Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Look for the below process(es) and if found, End them:
zvrknc
hkiveao

I'm leaving things in below to fix from Weatherbug just incase the uninstall does not work.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://win-eto.com/hp.htm?id=31403
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [zvrknc] C:\WINDOWS\SYSTEM\zvrknc.exe
O4 - HKLM\..\Run: [hkiveao] C:\WINDOWS\SYSTEM\hkiveao.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\SML6MGUKV2O.EXE
O4 - HKCU\..\RunServices: [Yahoo! Pager] 1
O4 - HKCU\..\RunServices: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\RunServices: [romahere3] C:\WINDOWS\SYSTEM\SML6MGUKV2O.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\SYSTEM\zvrknc.exe
C:\WINDOWS\SYSTEM\hkiveao.exe
C:\PROGRAM FILES\AWS\WEATHERBUG <--- the whole directory
C:\WINDOWS\SYSTEM\SML6MGUKV2O.EXE

Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

You did not fix the location of HJT yet. You still have it here:
C:\WINDOWS\DESKTOP\MY BRIEFCASE\NEW FOLDER\HIJACKTHIS.EXE

And I would not say "it is still there"! We have fixed a load of problems.

Download Pocket KillBox from here: http://www.downloads.subratam.org/KillBox.zip
Unzip it to a folder where you can find it. Do not run it yet.

You may want to print these instructions for reference, since you will need to close all windows to perform some of the actions below. Make sure your read thru this and ask questions before starting because when you start working on these instructions, you must do them all without stopping. Otherwise you will have to start all over again. If you encounter a problem with a step, move on to the next.

Make sure viewing of Hidden Files and Folders is enabled per the tutorial!

Now exit all browser sessions and stay offline.

Run Pocket Killbox now by double clicking on Killbox.exe. Select the option: Delete on Reboot.

In the Full Path of File to Delete box, copy and paste this entry:
C:\WINDOWS\SYSTEM\3FEM2R~1.DLL
Press the button with a red circle and a white X.
When asked if you would like to Reboot, select No.

Once again, in Full Path of File to Delete, copy and paste the following:
C:\WINDOWS\SYSTEM\KUJUXEL97RGSKTHD.EXE
Press the button with a red circle and a white X.
When asked to Reboot, select Yes. But do not go back online. Stay disconnected.

Next, launch Notepad (Start>Programs>Accessories>NotePad), and copy and paste all the two bold print lines below into it
Go to File, in the upper menu bar, and select: Save As
In the Save in column, look for: Desktop (You can save it anywhere you like as long as you can find it later).
In File Name, type in: fixme.reg
In Save as Type, use: All files (*.*)
Click: Save

REGEDIT4

[-HKEY_CLASSES_ROOT\CLSID\{467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E}]

Now, back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

Now, reboot into Safe Mode!

Fix with HJT
Now, reboot into Safe Mode! And run only HijackThis and have it Fix the following lines:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=9
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\3FEM2R~1.DLL
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\KUJUXEL97RGSKTHD.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Empty Temp Folder
Next, still in Safe Mode, go to Start>Run, and type in: %temp%
Click OK
When the contents are displayed, press the following two keys simultaneously: Ctrl+A to select all
Hit Delete on the keyboard

Look for any other bad files:
While still in SafeMode, goto C:\Windows\system, and Sort by Date Created. Tell me if you see any other files recently created (within the last day or two) with suspiciously or randomly named .dll's, .tlb's, or .exe's (including KUJUXEL97RGSKTHD.EXE)


Reset Web Settings
Now click Start, Settings, and select Control Panel, and double click:Internet Options.
On the General tab under: Temporary Internet Files, click: Delete Files
[Place a check by: Delete Offline Content when the prompt appears, and click OK]
Once again, under: Temporary Internet Files, click: Delete Cookies
Next, select the Programs tab, then click: Reset Web Settings
Now go back to the General tab and set your home page back to what you use.
Click Apply, then OK.

Empty your Recycle Bin.

Reboot to Normal mode.

Now run CWShredder and make sure you click Fix.

Now run AdAware SE and:
-Use the: Check for Updates Now option and download the latest reference files
-Use the Start button, and on the next window, select: Perform Full System Scan
-Press Next, and let Ad-aware scan the hard drive
-When finished, right-click the window with the entries, choose: Select All from the menu, and click Next
-Once AdAware has removed the entries, close the program

Restart the computer.

Now post a new HJT log and tell me how things are working.

 

You're welcome Brian! You log is clean. Time to enable system restore and check out the following:
How to Protect yourself from malware!