Logs from after spamming trojan

[Stags]

Have just finished cleaning my machine from a few nasties that decided to use my domain's mail server to spam over 400,000 messages to some poor end users. Would love some knowledgeable people to run their eye over my logs to see if i got it all.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:57:05 AM, on 13/07/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\Eye-Fi\Eye-Fi Manager.exe
C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Windows\OEM13Mon.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe
C:\Program Files (x86)\WatchGuard\Mobile VPN\NCPMON.exe
C:\Program Files (x86)\WatchGuard\Mobile VPN\rwsrsu.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\RealVNC\VNC4\vncviewer.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.telstra.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 172.16.0.3 jdexchange.wck.johndee.com.au
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [NcpBudgetGui] "C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe" -start
O4 - HKLM\..\Run: [NcpPopup] "C:\Program Files (x86)\WatchGuard\Mobile VPN\ncppopup.exe" noerrmsg
O4 - HKLM\..\Run: [NcpMonitor] "C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpmon.exe" autorun
O4 - HKLM\..\Run: [NcpRsuGui] "C:\Program Files (x86)\WatchGuard\Mobile VPN\rwsrsu.exe" -gui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Eye-Fi] "C:\Program Files (x86)\Eye-Fi\Eye-Fi Manager.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Pidgin.lnk = C:\Program Files (x86)\Pidgin\pidgin.exe
O4 - Global Startup: Register Mask Pro 3.0.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D3CCEFAF-8EE1-40FE-BE25-366E2B016DAB} (Microsoft Virtual Server VMRC Control) - http://jdsql05.wck.johndee.com.au:10...iveXClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wck.johndee.com.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{277DFA57-7364-41A3-92F3-8C1DC7A95C45}: NameServer = 192.231.203.132
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wck.johndee.com.au
O17 - HKLM\System\CS1\Services\Tcpip\..\{277DFA57-7364-41A3-92F3-8C1DC7A95C45}: NameServer = 192.231.203.132
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wck.johndee.com.au
O17 - HKLM\System\CS2\Services\Tcpip\..\{277DFA57-7364-41A3-92F3-8C1DC7A95C45}: NameServer = 192.231.203.132
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: ncpclcfg - NCP engineering GmbH - C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe
O23 - Service: ncprwsnt - NCP Engineering GmbH - C:\Program Files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe
O23 - Service: NcpSec - Unknown owner - C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpsec.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RwsRsu (rwsrsu) - Unknown owner - C:\Program Files (x86)\WatchGuard\Mobile VPN\rwsrsu.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: WatchGuard Authentication Client - Unknown owner - C:\Program Files (x86)\WatchGuard\WatchGuard Authentication Client\wgssoclient.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14669 bytes


Thanks
Stags

[jholland1964]

How about updating and running a Full Scan with MBA-M. Have it remove everything found, reboot and post the log here.

[Stags]

Thanks for your response - followed your directions, Logs as follows:

HTJ:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:19:20 PM, on 13/07/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\Eye-Fi\Eye-Fi Manager.exe
C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Windows\OEM13Mon.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe
C:\Program Files (x86)\WatchGuard\Mobile VPN\NCPMON.exe
C:\Program Files (x86)\WatchGuard\Mobile VPN\rwsrsu.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Citrix\ICA Client\pn.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.telstra.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 172.16.0.3 jdexchange.wck.johndee.com.au
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [NcpBudgetGui] "C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe" -start
O4 - HKLM\..\Run: [NcpPopup] "C:\Program Files (x86)\WatchGuard\Mobile VPN\ncppopup.exe" noerrmsg
O4 - HKLM\..\Run: [NcpMonitor] "C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpmon.exe" autorun
O4 - HKLM\..\Run: [NcpRsuGui] "C:\Program Files (x86)\WatchGuard\Mobile VPN\rwsrsu.exe" -gui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Eye-Fi] "C:\Program Files (x86)\Eye-Fi\Eye-Fi Manager.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files (x86)\Adobe\Adobe Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Pidgin.lnk = C:\Program Files (x86)\Pidgin\pidgin.exe
O4 - Global Startup: Register Mask Pro 3.0.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D3CCEFAF-8EE1-40FE-BE25-366E2B016DAB} (Microsoft Virtual Server VMRC Control) - http://jdsql05.wck.johndee.com.au:10...iveXClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wck.johndee.com.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{277DFA57-7364-41A3-92F3-8C1DC7A95C45}: NameServer = 192.231.203.132
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wck.johndee.com.au
O17 - HKLM\System\CS1\Services\Tcpip\..\{277DFA57-7364-41A3-92F3-8C1DC7A95C45}: NameServer = 192.231.203.132
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wck.johndee.com.au
O17 - HKLM\System\CS2\Services\Tcpip\..\{277DFA57-7364-41A3-92F3-8C1DC7A95C45}: NameServer = 192.231.203.132
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: ncpclcfg - NCP engineering GmbH - C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe
O23 - Service: ncprwsnt - NCP Engineering GmbH - C:\Program Files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe
O23 - Service: NcpSec - Unknown owner - C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpsec.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RwsRsu (rwsrsu) - Unknown owner - C:\Program Files (x86)\WatchGuard\Mobile VPN\rwsrsu.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: WatchGuard Authentication Client - Unknown owner - C:\Program Files (x86)\WatchGuard\WatchGuard Authentication Client\wgssoclient.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14610 bytes



MBAM:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4306

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13/07/2010 11:33:12 AM
mbam-log-2010-07-13 (11-33-12).txt

Scan type: Full scan (C:\|)
Objects scanned: 396777
Time elapsed: 1 hour(s), 11 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{83313942-b21e-454e-b5ae-d01992a63ad5} (Backdoor.SpyNet) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks

Stags

[jholland1964]

Do you have the previous logs from MBA-M?

[Stags]

Sure do:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4304

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/07/2010 12:34:43 PM
mbam-log-2010-07-12 (12-34-43).txt

Scan type: Flash scan
Objects scanned: 126607
Time elapsed: 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run\audio hd driver (Backdoor.SpyNet) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\audio hd driver (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run\audio hd driver (Backdoor.SpyNet) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Jason\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Jason\AppData\Roaming\7WF6Aiorf7w.exe (Backdoor.SpyNet) -> Delete on reboot.
C:\Users\Jason\AppData\Local\Temp\7WF6Aiorf7w.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


-----------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4304

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

12/07/2010 12:40:09 PM
mbam-log-2010-07-12 (12-40-09).txt

Scan type: Flash scan
Objects scanned: 124574
Time elapsed: 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4304

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

12/07/2010 1:53:34 PM
mbam-log-2010-07-12 (13-53-34).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 490575
Time elapsed: 1 hour(s), 11 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{83313942-b21e-454e-b5ae-d01992a63ad5} (Backdoor.SpyNet) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files (x86)\Microsoft Defending Services (Trojan.Backdoor) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

-----------------------------------------------------------------------------------------------------

[Stags]

Note i also have run Spybot and it picked up some bits and pieces that MBAM didn't - but am unsure where to find the logs.

[Stags]

Found them:


--- Report generated: 2010-07-12 14:30 ---

Win32.Agent.dif: [SBI $3F4EDA9F] Autorun settings (Audio HD Driver) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Audio HD Driver

DoubleClick: Tracking cookie (Internet Explorer: Jason) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-07-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-07-06 Includes\AdwareC.sbi (*)
2010-01-26 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-07-06 Includes\DialerC.sbi (*)
2010-01-26 Includes\HeavyDuty.sbi (*)
2009-05-27 Includes\Hijackers.sbi (*)
2010-07-06 Includes\HijackersC.sbi (*)
2010-06-29 Includes\iPhone.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-07-06 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-06-01 Includes\Malware.sbi (*)
2010-07-07 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-07-06 Includes\PUPSC.sbi (*)
2010-01-26 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-06 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-06 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-06-29 Includes\Trojans.sbi (*)
2010-07-06 Includes\TrojansC-02.sbi (*)
2010-07-06 Includes\TrojansC-03.sbi (*)
2010-07-06 Includes\TrojansC-04.sbi (*)
2010-07-07 Includes\TrojansC-05.sbi (*)
2010-07-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

-------------------------------------------------------------------------------------------------------------------


--- Report generated: 2010-07-12 16:25 ---

Win32.Agent.dif: [SBI $3F4EDA9F] Autorun settings (Audio HD Driver) (Registry value, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Audio HD Driver


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-07-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-07-06 Includes\AdwareC.sbi (*)
2010-01-26 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-07-06 Includes\DialerC.sbi (*)
2010-01-26 Includes\HeavyDuty.sbi (*)
2009-05-27 Includes\Hijackers.sbi (*)
2010-07-06 Includes\HijackersC.sbi (*)
2010-06-29 Includes\iPhone.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-07-06 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-06-01 Includes\Malware.sbi (*)
2010-07-07 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-07-06 Includes\PUPSC.sbi (*)
2010-01-26 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-06 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-06 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-06-29 Includes\Trojans.sbi (*)
2010-07-06 Includes\TrojansC-02.sbi (*)
2010-07-06 Includes\TrojansC-03.sbi (*)
2010-07-06 Includes\TrojansC-04.sbi (*)
2010-07-07 Includes\TrojansC-05.sbi (*)
2010-07-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- Report generated: 2010-07-12 16:25 ---

Win32.Agent.dif: [SBI $3F4EDA9F] Autorun settings (Audio HD Driver) (Registry value, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Audio HD Driver


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-07-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-07-06 Includes\AdwareC.sbi (*)
2010-01-26 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-07-06 Includes\DialerC.sbi (*)
2010-01-26 Includes\HeavyDuty.sbi (*)
2009-05-27 Includes\Hijackers.sbi (*)
2010-07-06 Includes\HijackersC.sbi (*)
2010-06-29 Includes\iPhone.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-07-06 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-06-01 Includes\Malware.sbi (*)
2010-07-07 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-07-06 Includes\PUPSC.sbi (*)
2010-01-26 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-06 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-06 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-06-29 Includes\Trojans.sbi (*)
2010-07-06 Includes\TrojansC-02.sbi (*)
2010-07-06 Includes\TrojansC-03.sbi (*)
2010-07-06 Includes\TrojansC-04.sbi (*)
2010-07-07 Includes\TrojansC-05.sbi (*)
2010-07-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

-------------------------------------------------------------------------------------------------------------------


--- Report generated: 2010-07-12 16:58 ---

DoubleClick: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


WebTrends live: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Zedo: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Zedo: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Right Media: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


DoubleClick: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Zedo: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


DoubleClick: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Zedo: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Statcounter: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


DoubleClick: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


DoubleClick: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


DoubleClick: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


DoubleClick: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


DoubleClick: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


MediaPlex: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Right Media: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


CasaleMedia: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


BurstMedia: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


BurstMedia: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


BurstMedia: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


BurstMedia: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


HitBox: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


FastClick: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)


Win32.PornPopUp: Tracking cookie (Firefox: Jason (default)) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-07-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-07-06 Includes\AdwareC.sbi (*)
2010-01-26 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-07-06 Includes\DialerC.sbi (*)
2010-01-26 Includes\HeavyDuty.sbi (*)
2009-05-27 Includes\Hijackers.sbi (*)
2010-07-06 Includes\HijackersC.sbi (*)
2010-06-29 Includes\iPhone.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-07-06 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-06-01 Includes\Malware.sbi (*)
2010-07-07 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-07-06 Includes\PUPSC.sbi (*)
2010-01-26 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-06 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-06 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-06-29 Includes\Trojans.sbi (*)
2010-07-06 Includes\TrojansC-02.sbi (*)
2010-07-06 Includes\TrojansC-03.sbi (*)
2010-07-06 Includes\TrojansC-04.sbi (*)
2010-07-07 Includes\TrojansC-05.sbi (*)
2010-07-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

[jholland1964]

This is a 32bit Windows 7 system, correct?

[Stags]

Windows 7 Ultimate 64-Bit

[jholland1964]

Windows 7 Ultimate 64-Bit

Rats, I was afraid of that, wishful thinking on my part. Had another tool I hoped to have you run but it will not work on Windows 7 64bit. Since you keep finding this Backdoor.SpyNet on there it leads me to believe there may be a rootkit involved here.
Have you run the Windows Malicious Software Removal Tool

I am going to have to check with somebody else here for another alternative to what I wanted you to run. Run that Windows tool though and see what it shows.