[sabrenn]

It's been happening at my old house too though, the other infected pc also used to be at another house so I don't believe that's the problem? Sorry for not explaining in my previous post.

[kevinf80]

OK, run the following diagnostic scan post the two logs:

Download OTL from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3
Link 4

• Double click on the icon to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
• In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
• Under the Custom Scan box paste this in
  
  Code:

        netsvcs
        msconfig
        safebootminimal
        safebootnetwork
        activex
        drivers32
        %SYSTEMDRIVE%\*.exe
        %ALLUSERSPROFILE%\Application Data\*.*
        %ALLUSERSPROFILE%\Application Data\*.exe /s
        %APPDATA%\*.*
        %APPDATA%\*.exe /s
        %systemroot%\*. /mp /s
        /md5start
        eventlog.dll
        scecli.dll
        netlogon.dll
        cngaudit.dll
        sceclt.dll
        ntelogon.dll
        logevent.dll
        iaStor.sys
        nvstor.sys
        atapi.sys
        IdeChnDr.sys
        viasraid.sys
        volsnap.sys
        AGP440.sys
        vaxscsi.sys
        nvatabus.sys
        viamraid.sys
        nvata.sys
        nvgts.sys
        iastorv.sys
        ViPrt.sys
        eNetHook.dll
        ahcix86.sys
        KR10N.sys
        nvstor32.sys
        ahcix86s.sys
        nvrd32.sys
        symmpi.sys
        adp3132.sys
        mv61xx.sys
        nvraid.sys
        ipsec.sys
        afd.sys
        netbt.sys
        redbook.sys
        /md5stop
        %systemroot%\system32\*.dll /lockedfiles
        %systemroot%\Tasks\*.job /lockedfiles
        %systemroot%\system32\drivers\*.sys /lockedfiles
        %systemroot%\System32\config\*.sav
        %systemroot%\system32\drivers\*.*
        HKLM\System\CurrentControlset\Services /S
        HKLM\System\Controlset001\Services /S
        Ipconfig /all /c

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

[sabrenn]

The logs are too long so I've attached them..

edit: it's not letting me upload the otl.txt and it's too big to post the content so i've uploaded it here:

http://www.mediafire.com/?3ycck94yqzfwdac

[kevinf80]

Thanks for logs, you will have noted that the OTL.txt is very comprehensive so will take me a long time to decipher. Quick question for you, This program Gomez what is it, what do you use it for and is it installed on the other suspect PC.

Kevin

[sabrenn]

That's fine with me.

Gomez is actually Gomez Peer, it's a software that processes information with your machine and pays you in exchange, I've been running it for more than two years now so I don't really think that's the issue either.
It is installed on the other PC and I can uninstall it if really needed but I haven't had any problems with it in the past.
I had it installed on two older laptops that I don't use anymore.

I've actually earned some money from it so it's never been bad for me?
You can see their home page here: http://www.gomezpeerzone.com/

[kevinf80]

I know exactly what it is, some security programs will flag that app a as a threat. If it is no problem can you uninstall it totally and see if the anomaly returns...