New Trojan downloader???Symantec out------

Amac · Post by **Amac** » Sun Jan 20, 2008 2:45 am

Hi:

I have been fighting with some type of "downloader" virus for a week(see logs below).
One day Symantec(v.9.0.1.1000) displayed its status window once saying it quarentined a trojan.
Then the next day, it happen a few more time the following day, only then a window display Symantec Email Proxy error...basically stating its preventing some email being sent from my PC to an address I did not recognize.
BTW, the Symantec email proxy messages populate all over my screen very rapidly now--may be 2-3 "bugs" working.
I also think the Symantec scanner may be bad from info read on other forums--it doesnt seem to find the virus' or trojans as reported any more. To date, I have ran many virus scanners--SuperAntivirus, AVG Anti-spy.7.5.1, BitDefender on-line scan, Spy-bot SD1.4, F-prot, CCleaner, Spyware Blaster, Ad-Aware1.6.
still have the same problem with the message filling up the display after boot. Note, I did install Kerio Firewall(v.2.1.5) and no more pop-ups Email proxy messages with the Symantec banner across the top appear.
Here is my pc's log from ComboFix & HiJackThis.
Your comments are very much appreciated.

Thank you,

Al

HiJackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:13, on 2008-01-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\WINDOWS\vsnpstd3.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Alan\My Documents\VirusCheck\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1987472687
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cab
O20 - Winlogon Notify: efccdca - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10451 bytes

ComboFix Log

ComboFix 08-01-20.1 - Alan 2008-01-20 0:26:23.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1080 [GMT -6:00]
Running from: C:\Documents and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\61IV4L05\ComboFix[1].exe
Command switches used :: and Settings\Alan\Local Settings\Temporary Internet Files\Content.IE5\61IV4L05\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Helper
C:\Program Files\Helper\superfindout.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
.

2008-01-19 23:37 . 2008-01-19 23:37 <DIR> d-------- C:\Program Files\Kerio
2008-01-19 23:37 . 2002-04-15 12:28 102,912 --------- C:\WINDOWS\SYSTEM32\DRIVERS\FWDRV.SYS
2008-01-19 23:19 . 2008-01-19 23:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-19 23:19 . 2008-01-19 23:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-18 16:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 09:54 . 2008-01-18 09:54 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
2008-01-18 09:54 . 2008-01-18 09:54 <DIR> d-------- C:\Program Files\FRISK Software
2008-01-18 09:54 . 2008-01-18 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FRISK Software
2008-01-18 09:54 . 2007-10-22 09:48 579,808 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\FStopW.sys
2008-01-18 08:17 . 2008-01-18 08:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-18 00:49 . 2008-01-18 00:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-18 00:49 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL
2008-01-17 22:55 . 2008-01-17 22:55 <DIR> d-------- C:\Documents and Settings\Alan\Application Data\Grisoft
2008-01-17 22:54 . 2008-01-17 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-17 22:54 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-01-17 22:41 . 2008-01-17 22:41 <DIR> d-------- C:\Program Files\Yahoo!
2008-01-17 22:41 . 2008-01-17 22:41 <DIR> d-------- C:\Program Files\CCleaner
2008-01-17 20:45 . 2008-01-18 08:34 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-15 10:26 . 2008-01-15 10:26 58,880 --a------ C:\uxgq.exe
2008-01-15 10:26 . 54,764 C:\WINDOWS\SYSTEM32\dxdss.sys
2008-01-15 10:26 . 2008-01-15 10:26 2 --a------ C:\-1000312545
2008-01-15 10:25 . 2008-01-15 10:25 <DIR> d-------- C:\WINDOWS\SYSTEM32\edcA17
2008-01-04 15:59 . 2008-01-04 15:59 524,288 --a------ C:\WINDOWS\SYSTEM32\DivXsm.exe
2008-01-04 15:59 . 2008-01-04 15:59 4,816 --a------ C:\WINDOWS\SYSTEM32\divxsm.tlb
2008-01-04 15:58 . 2008-01-04 15:58 3,596,288 --a------ C:\WINDOWS\SYSTEM32\qt-dx331.dll
2008-01-04 15:58 . 2008-01-04 15:58 1,044,480 --a------ C:\WINDOWS\SYSTEM32\libdivx.dll
2008-01-04 15:58 . 2008-01-04 15:58 200,704 --a------ C:\WINDOWS\SYSTEM32\ssldivx.dll
2008-01-04 15:56 . 2008-01-04 15:56 156,992 --a------ C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2008-01-04 15:56 . 2008-01-04 15:56 12,288 --a------ C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2008-01-04 14:40 . 2008-01-04 14:40 <DIR> d-------- C:\Program Files\VTech
2008-01-04 14:09 . 2008-01-04 14:09 <DIR> d-------- C:\Documents and Settings\Alan\Application Data\InstallShield
2007-12-28 23:00 . 2004-08-04 00:10 48,128 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys
2007-12-28 23:00 . 2004-08-04 00:10 48,128 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\61883.sys
2007-12-28 23:00 . 2004-08-04 00:10 38,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys
2007-12-28 23:00 . 2004-08-04 00:10 38,912 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\avc.sys
2007-12-28 22:35 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\enum1394.sys
2007-12-28 22:35 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\enum1394.sys
2007-12-28 22:34 . 2004-08-04 00:10 61,056 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ohci1394.sys
2007-12-28 22:34 . 2004-08-04 00:10 61,056 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ohci1394.sys
2007-12-28 22:34 . 2004-08-04 00:10 53,248 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\1394bus.sys
2007-12-28 22:34 . 2004-08-04 00:10 53,248 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\1394bus.sys
2007-12-28 17:14 . 2007-12-28 17:14 <DIR> d-------- C:\Documents and Settings\Gabriela\Application Data\DivX
2007-12-26 22:32 . 2008-01-04 10:15 <DIR> d-------- C:\divx
2007-12-26 21:38 . 2007-12-26 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-26 21:20 . 2007-12-26 21:20 <DIR> d-------- C:\Program Files\Bonjour
2007-12-26 21:07 . 2007-12-26 21:07 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-26 18:50 . 2007-12-26 21:06 <DIR> d-------- C:\Documents and Settings\Alan\Application Data\Download Manager
2007-12-26 17:14 . 2007-12-26 17:14 <DIR> d-------- C:\WINDOWS\Progress Data
2007-12-24 16:42 . 2007-12-25 09:54 <DIR> d-------- C:\Documents and Settings\Alan\Application Data\DivX
2007-12-24 16:39 . 2007-12-11 16:34 129,784 --------- C:\WINDOWS\SYSTEM32\pxafs.dll
2007-12-24 16:39 . 2007-12-11 16:34 120,056 --------- C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-12-24 16:39 . 2007-12-11 16:34 118,520 --------- C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-12-24 16:39 . 2007-12-11 16:34 9,464 --------- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys
2007-12-24 16:39 . 2007-12-11 16:34 9,336 --------- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys
2007-12-24 16:38 . 2008-01-13 23:25 <DIR> d-------- C:\Program Files\DivX
2007-12-23 18:54 . 2007-12-23 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-12-23 18:51 . 2007-12-23 18:51 <DIR> d-------- C:\Program Files\SlySoft
2007-12-23 18:51 . 2007-12-23 18:53 24 ---hs---- C:\WINDOWS\S4E912AD9.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 05:44 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-20 05:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-18 14:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-18 06:44 --------- d-----w C:\Program Files\Symantec
2008-01-18 04:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-16 16:02 --------- d-----w C:\Program Files\Yahoo SiteBuilder
2008-01-15 16:25 --------- d-----w C:\Documents and Settings\Alan\Application Data\uTorrent
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
2007-12-29 22:58 --------- d-----w C:\Program Files\Dell AIO Printer A940
2007-12-28 03:52 --------- d-----w C:\Program Files\uTorrent
2007-12-27 03:20 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-19 20:05 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-12-17 16:47 --------- d-----w C:\Program Files\Skype
2007-12-17 16:45 --------- d-----w C:\Documents and Settings\Alan\Application Data\Skype
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-25 16:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 13:21 68856]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-21 06:34 1649600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 09:27 28672]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 18:47 204800]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 00:04 122933]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 16:00 86102]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-07-01 12:15 53248]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 20:31 66680]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 08:35 94208]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-09-20 08:32 77824]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-09-20 08:36 114688]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55 339968]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-29 19:24 77824]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-12 12:45 2250104]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-08-02 19:36 124232]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]
"F-PROT Antivirus Tray application"="C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2007-10-24 14:28 1428064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 02:48 53760 C:\WINDOWS\SYSTEM32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-07-06 08:08:53 24576]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-07-31 23:00:00 111376]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-31 23:00:00 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccdca]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
@="Service"

R0 FPAV_RTP;FPAV_RTP;C:\WINDOWS\system32\DRIVERS\FStopW.sys [2007-10-22 09:48]
R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 12:28]
R2 FPAVServer;F-PROT Antivirus for Windows system;"C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe" [2007-10-24 14:28]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]

*Newly Created Service* - FWDRV
*Newly Created Service* - PERSFW
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 15:40:02 C:\WINDOWS\Tasks\Shortcut to Symantec LiveUpdate.job"
- C:\Documents and Settings\Alan\Desktop\Shortcut to Symantec LiveUpdate.lnk
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 00:33:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-20 0:35:43
ComboFix-quarantined-files.txt 2008-01-20 06:34:56
ComboFix2.txt 2008-01-18 23:10:14
.
2007-08-16 22:42:11 --- E O F ---

YARDofSTUF · Post by **YARDofSTUF** » Sun Jan 20, 2008 6:51 am

For hijackthis remove:

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll

O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - (no file)

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

Also dont have more than 1 virus scanner running at once.

For trojans try this:
http://www.softpedia.com/get/Antivirus/ ... over.shtml