I would like to first welcome you to TechSpot and tell you that I will help with the malware.
But please4 understand this right up front: Everyone wants their problem handled NOW. The problem is that there are more of "you" than there are of "us". A look down the threads should make that clear.
So patience is required. Some of us don't spend all weekend fixing other people's problems- we work on our own. Yesterday was Sunday.
Your host files have been hijacked and you most probably have a LOP infection:
It is best to disable the antivirus and malware programs for the scan; you'll re-enable them after the scan
Download Lop S&D and save to your desktop.
[1] Double-click Lop S&D.exe
[2] Choose the language, then choose Option 2 (Fix + Hosts)
[3] Wait till the end of the scan
[4] Attach the log which is created: (%SystemDrive%\lopR.txt)
For uninstall list:
Click Start>Run and copy/paste the following bolded text into the Run box and click OK:
C:\Qoobox\Add-Remove Programs.txt
A report should pop open for you. Please post the contents in your next reply.
Please download ComboFix
HERE:
- With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
- Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
- Run Combo-Fix.exe and follow the prompts.
(Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
- Wait for the scan to be completed.
- If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Follow with rescan of HijackThis.
Attach all reports and logs in your next reply. It will most likely be tomorrow before I can get back to you.