Thank you for all your help guys, I dont seem to be spamming any more or knocking all the other pcs on the network offline.
C:\WINDOWS\S2EEEC5FF.tmphas been moved successfully.
I still have My Documents appearing for no reason at windows start up.
Here is my WinPFind3u log:
It would be good if you create and submit to on-line analysis the RunScanner log to help to identify the problem and the solution.
The WinPFind log looks fine.
Open HJT again and click to Do a System Scan Only. When finished place a check mark next to this line
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
Now close all other widows, inlcuding your broswer, and click Fix Checked.
Does that solve the problem with My Documents?
Is there any sign of infection on any of the other network computers?
If mauserme’s suggestion doesn’t resolve the My Documents issue, check out the info below.
Sometimes the reason explorer will open a folder (My Documents) in your case is because there is a run command trying to run a file that is in the my documents folder and because it isn’t there the folder is opened (perhaps so you can find it or choose another). The problem is there is no indication of what that missing file might be.
This happened to me many years ago not with the my documents folder but another and I had had to check the startup folder, the startup tab in msconfig and the registry for that folder name to see what the missing file was. Once found I deleted the entry and no more folder opening after boot.
I don’t know if this is the same problem, but the my documents folder is getting some malware attention where it drops files in there and may be trying to run them, but fortunately you have removed the file.
This search for my documents in the places mentioned isn’t easy, though with all of the tools you have been using and the logs they created may be worth looking at for any reference to the my documents folder.
Well DavidR spotted it, I just chased it, sort of. :
But I think this is a strong point in DavidR’s constant reccommendation of a third party firewall with outbound monitoring/protection. It shows in the comodo log that something was trying to contact something within McColo Corporation domain. and what I could find out about that domain, it’s a good thing that it was blocked. Who know what it might have invited over for the weekend? :o