Hi
Please then try to boot in safe mode, log on as admin and perform this:
Open notepad and copy/paste the text in the quotebox below into it:
Code:
File::
C:\WINDOWS\system32\uyektftg.dll
C:\WINDOWS\system32\thhkocro.dll
C:\WINDOWS\system32\ppvxhwke.dll
C:\WINDOWS\system32\guuhofvm.dll
C:\WINDOWS\system32\jrqegnke.dll
C:\WINDOWS\system32\kwafrpiu.dll
C:\WINDOWS\system32\gkicdwoj.dll
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\system32\aivskurq.dll
C:\WINDOWS\system32\iiffcax.dll
C:\WINDOWS\system32\ixmwvfhm.dll
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\mrofinu1000106.exe
Folder::
C:\WINDOWS\system32\Mz08r
C:\WINDOWS\system32\Mz02r
C:\WINDOWS\QW5nZWxpY2E
C:\Temp\mZOr
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B565656-A605-4A3D-A1AF-0468359CBBEB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EAA49F2-162F-4041-B133-4B2B1838C5B7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AB9A6C-DE12-4E09-B47F-B5E1568D7F2B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD837A08-A2A6-4908-9EB2-A0E5B8022172}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0CA35C1-7F53-4862-8083-4C8EA9FC0291}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffcax]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljihfe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{3D-D7-78-80-ZN}"=-
"2083d72f"="-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.