And you're showing yet another entry in 020:
O20 - AppInit_DLLs: C:\WINDOWS\system32\bozakupe.dll C:\WINDOWS\system32\hodobaja.dll
So all we're doing is substituting one malware process for another, rather than finding it's cause. You're using Autoruns to control the Startup, but malware is in ne of the staartups. We can keep deleting the dll file that comes up in the 020 entry, but sof ar, there have been 3 different ones. We need to find the cause.
That looks like the core rootkit , it could be being reinstalled by another infection that we are missing . The Rookit is changing one of the Autoruns, which is why you get a different 020 entry each time one is removed.
Please Download , unzip and run GMER :
http://www.gmer.net/files.php
Do NOT click scan . GMER does an automatic quick scan when run . Click the copy button on the right side of GMER and then paste into your next post .
If you encounter an error, we'll run RootRepeal next. Until and unless the Rootkit is removed, we can't clean the system.
Mike, FYI: this isn't your thread or mine. It belongs to the person with the problem. Help should address that problem. If I make any replies on a thread you are working on, it's because I think another direction needs to be taken, or something was missed that needs to be addressed.