Hi I see it - it is the latest TDSS variant - to kill this we must have the recovery console installed
First I will kill what I can with OTL
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
[2010/05/13 10:43:36 | 000,000,320 | -HS- | M] () -- C:\WINDOWS\tasks\nlmkv.job
[2010/04/27 20:18:04 | 000,016,652 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KLry0l
[2010/04/27 19:41:03 | 000,093,184 | RHS- | M] () -- C:\WINDOWS\System32\qmgrprxyq.dll
[2010/04/27 19:41:03 | 000,093,184 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\qmgrprxyq.dll
:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.
Download ComboFix from one of these locations:
Link 1
Link 2
Note: It is important that it is saved directly to your desktop
With malware infections being as they are today, it’s strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Go to Microsoft’s website => http://support.microsoft.com/kb/310994
Scroll down to Step 1, and select the download that’s appropriate for your Operating System. Download the file & save it as it’s originally named.
Note: If you have SP3, use the SP2 package.
Transfer all files you just downloaded, to the desktop of the infected computer.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
http://img.photobucket.com/albums/v666/sUBs/RC1-4.gif
[*]Drag the setup package onto ComboFix.exe and drop it.
[*]Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
http://img.photobucket.com/albums/v706/ried7/whatnext.png
[*]At the next prompt, click ‘Yes’ to run the full ComboFix scan.
[*]When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.