OK search and destroy time I feel, lets remove the current crop and then look for a hidden starter
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
SRV:64bit: - [2013/02/07 16:31:45 | 002,067,968 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\msmpsyc.dll -- (MsMpSyc)
IE - HKU\S-1-5-21-2266926829-3848745124-1763009038-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2266926829-3848745124-1763009038-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.0.99:80
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2013/02/27 23:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/02/07 18:27:14 | 005,927,424 | ---- | M] () -- C:\Windows\rvvo.exe
[2013/02/07 16:53:05 | 000,000,950 | ---- | M] () -- C:\Windows\SysNative\MsMpSyc.ocx
[2013/02/07 16:31:45 | 002,067,968 | ---- | M] () -- C:\Windows\SysNative\msmpsyc.dll
[2013/02/04 19:43:05 | 005,927,424 | ---- | M] () -- C:\Windows\mpk.exe
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download the GMER Rootkit Scanner. to your Desktop, it will be a randomly named .exe file .
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click the file you downloaded. The program will begin to run.
https://dl.dropbox.com/u/73555776/GMER_Open.JPG
Caution
These types of scans can produce false positives. Do NOT take any action on any “<— ROOKIT” entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
[*]Click NO
[*]In the right panel, you will see a bunch of boxes that have been checked … leave everything checked and ensure the Show all box is un-checked.
[*]Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
[]Click OK.
[]GMER will produce a log. Click on the [Save…] button, and in the File name area, type in “GMER.txt”
[*]Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
it came up with another process now.