A lot of times these bugs will regenerate if any trace is left in them.
Your best bet is to google it and see exactly every registry entry it makes, every file it stores and their locations, then run your tools and before rebooting, manually check each spot to ensure all traces are gone.
I personally am tired of messing with these. If they start to fight me at all like that I just re-image, haha.
About a year ago, you could simply boot into normal mode with the bug running, open process explorer (which I had renamed to iexplore.exe so the bug would let it run), then I'd find the path to the 3219fhdsf189232190312.exe (random string), kill it, and instantly delete it. After that I'd run a quick scan on MBAM and it'd be gone. 15 minute job for 100 bucks usually, LOL.
Edit: OH, and you'll 9 times out of 10 have to uncheck the proxy checkbox in IE, and just to be sure, check to see that your hosts file isn't infected.
for IE: tools -> internet options -> connections -> Lan settings (The only box that should be checked is automatically detect settings)
For hosts file:
Start -> run -> C:\Windows\System32\drivers\etc\hosts
Open w/ notepad, and make sure it looks like this:
# Copyright (c) 1993-2009 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
# 188.8.131.52 rhino.acme.com # source server
# 184.108.40.206 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
If not, just copy paste that into it and save, then reboot.
Edited by akoch, 25 January 2012 - 04:07 PM.