Here we go - it looks like you have a rootkit
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKU\S-1-5-21-1614895754-789336058-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1614895754-789336058-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-21-1614895754-789336058-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-789336058-1801674531-500\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [Rzonibuzix] C:\WINDOWS\esaqayis.DLL File not found
O4 - HKLM..\Run: [vngqxmfx] C:\Documents and Settings\Administrator\Local Settings\Application Data\ahuygjice\qhbqvuotssd.exe File not found
O4 - HKU\.DEFAULT..\Run: [8JE5UHC6FZ] C:\WINDOWS\TEMP\Jcr.exe File not found
O4 - HKU\S-1-5-18..\Run: [8JE5UHC6FZ] C:\WINDOWS\TEMP\Jcr.exe File not found
O4 - HKU\S-1-5-21-1614895754-789336058-1801674531-500..\Run: [Amukabobituy] C:\WINDOWS\nomsvpr.DLL File not found
O4 - HKU\S-1-5-21-1614895754-789336058-1801674531-500..\Run: [vngqxmfx] C:\Documents and Settings\Administrator\Local Settings\Application Data\ahuygjice\qhbqvuotssd.exe File not found
[2010/07/23 21:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ahuygjice
[2010/08/18 01:39:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/17 22:51:39 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\Iwknvzidnk.job
[2010/07/29 03:31:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Dxunalosup.bin
[2010/07/29 02:26:32 | 000,000,000 | ---- | M] () -- C:\~.exe
[2010/07/25 21:05:09 | 000,002,804 | ---- | M] () -- C:\WINDOWS\omuxijum.dll
[2010/07/23 21:51:08 | 000,002,804 | ---- | M] () -- C:\WINDOWS\ikekazub.dll
[2010/07/23 21:49:03 | 000,002,804 | ---- | M] () -- C:\WINDOWS\uyoteroy.dll
[2010/07/23 21:26:58 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ixuhuqoboxebod.dat
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it’s process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it’s strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.