Hello all,

after cleaning a badly infected PC (had opened this link: ~~sniped~~ better do not try...) there is still one problem remaining:
Our router syslog shows that this machine spams hundreds of mailservers as we see that remote port 25 is connected and we're already blacklisted at Spamhaus...
The normal logfile per day is 2 to 4 MB, before we got aware of the problem it was at 46MB!
The only thing reported is something like "LDPinchIE" (Spybot) on two registry entries "controlset001/services/api..." and "controlset003/api...".
They can be deleted, but after a reboot they're back again.
The PC is protected by KAV 5.0.712, I also tried Adaware, Avast, Clamwin but nothing further was detected. Netstat shows no process connected to remote port 25, nothing special in the task list.
Any help very appreciated!

Thanks in advance....

You could try to run the free version of http://www.superantispyware.com/ and see if this picks up anything.

P.s. Never post links to malware in the forum.

AGetSystemInfo log would probably help us to see what needs to be killed:

http://forum.kaspersky.com/index.php?showtopic=36444

Hello,

a lot of "Google-ing" gave me the idea of a rootkit, I never had "meet" one before.
So I first tried Microsofts "Rootkit Revealer" and it listed three suspicious items.
One of them was Daemon Tools which is OK, but both others pointed to controlset001 and 003.
What I did then was downloading F-Secures "BlackLight" and it also showed me a hidden entry named "GDTO62.SYS" located in System32.
I could easily rename it with this tool. After rebooting I removed four registry entries related to that file.
For the moment there seems to be no more problem with that machine.

Bye for now...