It sounds like you are pretty infected and having troubles.
BEFORE BEGINNING, Please read completely through the instructions below. You may want to print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you wont be able to access the Internet to view these instructions.
1. Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
2. Lets run an antivirus scan online. Lets try Trend Micros HouseCall.
http://housecall.trendmicro.com/ . Make sure you scan your entire computer for everything listed, especially if it mentions hidden or archived files. Let it remove anything it finds and save the log. Then reboot your computer.
2. Please download CCleaner (
http://www.ccleaner.com/download/) (you may already have this) and save it to your desktop:
Run the CCleaner installer.
During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
Please do NOT run a scan with CCleaner yet!
3. Please download and install SUPERAntiSpyware (
http://www.superantispyware.com/down...NTISPYWAREFREE) (This program is a resource hog, so after we are all done with this, I recommend you uninstall this)
Load SUPERAntiSpyware and click the Check for Updates button.
Once the update has finished, exit SUPERAntiSpyware.
Please do NOT run a scan with SUPERAntiSpyware yet!
4. Please reboot your computer into Safe Mode by doing the following:
Reboot your computer.
After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Instead of Windows loading as normal, a menu should appear.
Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".
5. Once in Safe Mode, please run CCleaner. (If a reboot is required, please boot BACK into Safe Mode)
Click the Windows tab.
Select the following:
o Check everything under the "Internet Explorer" section.
o Check everything under the "Windows Explorer" section.
o Check everything under the "System" section.
o Check ONLY "Old Prefetch data" under the "Advanced" section.
Then, click the "Applications" tab:
o CHECK everything there.
Next, click the "Options" button in the left pane, then click the "Advanced" button:
o UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.
When done, please exit CCleaner.
7. Then please run a scan with SUPERAntiSpyware:
IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
Open SUPERAntiSpyware and click the "Scan your Computer" button.
Check "Perform Complete Scan" and then click "Next".
SUPERAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them, and then click "Next".
Click "Finish" and you will be taken back to the main interface.
It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
I'll need a log afterwards of what has been found.
To get the log, click "Preferences" and then click the "Statistics/Logs" tab. Click the dated log and press "View Log" and a text file will appear.
Please post the results of the SUPERAntiSpyware log in your next reply.
8. Reboot Back into NORMAL MODE.
Download and run HijackThis and click "Scan". Save your log to your desktop.
NEXT:
Please make sure you have rebooted back into normal mode post these logs in your next reply (s):
1. Drweb cureit log
2. Trend micro online scan log
3. Superantispyware log
4. A hijackthis log (important)
Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted and what kind of progress we have made.