You should probably back up your data but
no .EXE, .SCR or HTM(L) files.
Download the free Dr. Web Cure It! in
SAFE MODE to your desktop to scan for Winlogon and Explorer infections.
Download Dr Web CureIt! from here:
http://www.freedrweb.com/?lng=en on the top right of the page, tick the EULA and then download.
It will download as an 8-digit file save it to your
desktop.
Restart in
Safe Mode and run.
Accept the enhanced version.
Then run the Quick Scan.
About halfway through you will be prompted to buy - just “X” the box closed.
Once finished,
it will generate a log. Please attach that to your next post: (Additional Options > Attach > Browse (the logs will be on your desktop > Post).
How Do I Use Dr.Web CureIt!?
http://www.freedrweb.com/cureit/how_it_works/Download Dr.Web CureIt! and launch the utility in SAFE MODE. A notification will inform you that the utility is running in the enhanced protection mode allowing it to operate even if malicious programs block access to the Windows interface.
In the enhanced protection mode Dr.Web CureIt! is run on a protected desktop where no other application can be launched. In order to continue working in the enhanced protection mode choose OK or click Cancel to switch to the standard mode.
Click the “Start” button in the anti-virus window. Select “Yes” in the confirmation dialogue, and wait while Dr.Web CureIt! scans system memory and autorun objects. If you need to scan all or selected disks, choose between “Full Scan” or “Custom Scan” (if you choose “Custom Scan,” you need to select the objects you want to scan), and click on the "Start" button.
Dr.Web CureIt! will cure infected files and place incurable files in quarantine. When the scanning is finished, you can view the report and perform desired actions with quarantined files.
Once the scanning is completed, simply remove the Dr.Web CureIt! file from your computer (put it in your recycle bin).
If you need to perform another system scan using updated definitions, you will need to download Dr.Web CureIt! again.
I still suggest running an MBAM scan for the other malware. Download
free http://www.malwarebytes.org/ (the blue button) for an on-demand scanner. After install, click
update so you have latest database before scanning (version
1.50 and the latest database). Run a Full scan and "
remove selected” button to quarantine anything found."
Copy & Paste the entire report in your next reply.
I am going to refer you to our Certified Malware expert, named
Essexboy. He will also review your logs and give you further instructions, however he comes on the forum late UK time. He will respond to you in this thread, so remember to
check this thread daily. Do not use this machine unless absolutely needed and disconnect from any network.
Let us know if you have any questions.