Hi benakj, first of all, pay special attention to Yard Dog's post. You will need to follow the steps to change all your passwords, using a "clean" computer, not the infected one.
Next, let's flush the dirty DNS cache, and restore MS's Hosts file:
Copy and paste these lines in Note pad. @Echo on pushd\windows\system32\drivers\etc attrib -h -s -r hosts echo 127.0.0.1 localhost>HOSTS attrib +r +h +s hosts popd ipconfig /release ipconfig /renew ipconfig /flushdns netsh winsock reset all netsh int ip reset all shutdown -r -t 1 del %0
Save as flush.bat
to your desktop.
Vista and Windows 7 users ... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.
Now, download Malwarebytes' Anti-Malware and "save" to your desktop Download Malwarebytes' Anti-Malware 126.96.36.1990 Free - Thoroughly detect and remove even the most advanced malware - Softpedia
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
After doing the above, download Dr.Web CureIT! and "save" it to your desktop. Dr.Web CureIt alternate download link
Right click to run as Administrator Scan with Dr.Web CureIt
Read the anti-virus check by DrWeb scanner
prompt and click Ok
where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
- The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).
- If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
- If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
- After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
- In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
- Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
- Please be patient as this scan could take a long time to complete.
- When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
- Click Select All, then choose Cure > Move incurable.
- In the top menu, click file and choose save report list.
- Save the DrWeb.csv report to your desktop.
- Exit Dr.Web Cureit when done.
- Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
- After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)