I've seen that this issue was solved before in this forum, however, as a layman, I couldn't use the information in order to solve my problem. I appologize for troubling you again with this problem.
My computer keeps on generating numeric .exe files, and stores them in my Documents and settings\MyName folder. The files are small (about 20 kb each), and are created at randon (as much as I can tell). I could not find any regularity at the times that it creates the files, on at the numbers that are set as names of these files.
I have Norton 360 run a comprehensive scan on my computer, but it found nothing. I downloaded a free version of AVG anti-virus software, but it did not solve the problem either.
I have downloaded Hijackthis and here is it's log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:26:09, on 02/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Windows\smms.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\nvscv32.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\dell\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ynet ????? ???? ???????? - ?????? ???????
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Updater] C:\Windows\smms.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [32.exe] C:\Windows\system32\nvscv32.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O8 - Extra context menu item: &ייצוא אל Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: שירות Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 10297 bytes

Does anyone know what could be causing this? Is that some nasty worm, or what? and why don't the anti-virus software I paid good money for, recognize it?
More importently, how do I get rid of it?

Thanks in advance
Dror Lavieph

You should uninstall AVG or symantec as two anti-virus programs wil cause problems on your system as they fight to protect your system and actually make your protection less.

Have you run malwarebytes lately? If no then run that scan and post the log.



Visit this page below to familiarize yourself to the tool below and download from one of the links provided.

A guide and tutorial on using ComboFix




If you have previously downloaded ComboFix,please delete that version now.



It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Disable your antivirus program and any realtime malware scanners and script blockers now


How To Disable



Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Re-enable your anti-virus and re-connect back to the internet and post the combofix log.



*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

ComboFix SHOULD NOT be used unless requested by a forum helper.

Thank you Neal for your reply.
I tried to copy the file combofix.exe from both mirror sites, but it gave me a corrupt file error. I even tried to change it's name, to "fool" the computer, but it saw right throgh it. After that, I tried to download it from another computer (all three in my house had the same problem), and I mailed it to my e-mail account. No good. I downloaded it with livemail, and then it told me the file cannot be executed (windows cannot access the file, or something like that).
Now I have a bigger problem, since I tried to restart the computer, and got a "ntldr file is missing, press cntl+alt...". I have to get a starter disk to operate my computer, and see what the problem is there.
After I'll solve that (I hope I won't need help there), I'll go back to the original problem, or I'll just re-format my hard disk, and lose all my information.
Thanks again
Dror

Try it like this if possible:


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

Disable all security programs(virus, antispyware that you can)






--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Again, thank you for your quick reply.
I fixed the other problem (reinstalling ntldr and ntdetect files into i386, and rebuilding my boot.ini file), and I copied the combofix file via disk on key.
It finally worked!
this is the log file from combofix:
ComboFix 09-11-02.02 - dell 11/03/2009 22:19.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2038.1500 [GMT 2:00]
Running from: c:\documents and settings\dell\Desktop\combofix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1343024091-1364589140-725345543-1003
c:\recycler\S-1-5-21-1343024091-1364589140-725345543-1004
c:\windows\system\oeminfo.ini
c:\windows\system32\25700.exe
c:\windows\system32\6655.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))
.

2009-11-03 19:45 . 2009-11-03 18:16 -------- d--h--w- c:\documents and settings\Default User.WIN
2009-11-03 19:45 . 2009-11-03 17:59 -------- d-----w- c:\documents and settings\All Users.WIN
2009-11-03 19:41 . 2009-11-03 19:41 -------- d-s---w- c:\documents and settings\Dell.DROR\UserData
2009-11-03 19:39 . 2009-11-03 19:54 -------- d-----w- C:\WIN
2009-11-03 19:06 . 2009-11-03 19:07 -------- d-----w- c:\program files\Office Backup
2009-11-03 18:06 . 2009-11-03 18:28 -------- d-----w- c:\documents and settings\Dror Laviephrath\Local Settings\Application Data\Microsoft
2009-11-03 18:06 . 2009-11-03 18:06 -------- d-----w- c:\documents and settings\Dror Laviephrath
2009-11-03 18:03 . 2009-11-03 18:00 -------- d-----w- c:\win\system32\config\systemprofile\Local Settings\Application Data\Microsoft
2009-11-03 18:00 . 2009-11-03 18:00 -------- d-----w- c:\documents and settings\Default User.WIN\Local Settings\Application Data\Microsoft
2009-11-03 17:59 . 2009-11-03 17:59 -------- d-sh--w- c:\documents and settings\All Users.WIN\DRM
2009-11-02 05:16 . 2009-11-02 05:16 -------- d-----w- c:\documents and settings\dell\Application Data\Malwarebytes
2009-11-02 05:16 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 05:16 . 2009-11-02 05:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 05:16 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-01 12:22 . 2009-11-01 12:22 19968 --sh--r- c:\windows\system32\nvscv32.exe
2009-10-30 07:01 . 2009-10-30 07:06 -------- d-----w- C:\$AVG
2009-10-30 07:00 . 2009-10-30 07:00 -------- d-----w- c:\program files\AVG
2009-10-30 06:42 . 2009-10-30 06:42 -------- d-----w- c:\windows\system32\N360_BACKUP
2009-10-30 06:22 . 2009-10-30 06:22 -------- d-----w- c:\program files\CCleaner
2009-10-28 18:57 . 2009-10-28 19:05 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-28 18:57 . 2009-10-28 19:05 -------- d-----w- c:\program files\DVDVideoSoft
2009-10-27 17:56 . 2009-10-27 17:56 21504 --sh--r- c:\windows\smms.exe
2009-10-26 21:24 . 2009-10-26 21:24 -------- d-----w- c:\program files\thriXXX
2009-10-26 21:24 . 2009-10-26 21:29 -------- d-----w- c:\program files\3DSV
2009-10-26 13:57 . 2009-10-26 13:57 65536 ----a-w- c:\windows\TADSUINS.EXE
2009-10-26 05:18 . 2009-10-26 05:18 -------- d-----w- c:\program files\Act-3D
2009-10-23 09:25 . 2009-10-23 09:38 -------- d-----w- c:\program files\Sun.River.Systems.Heatseek.Gold.v1.4.1.0-HERiTAGE
2009-10-21 15:10 . 2009-10-21 15:13 -------- d-----w- c:\program files\AWare Systems
2009-10-18 04:39 . 2009-10-18 04:39 -------- d-----w- c:\windows\system32\KB905474
2009-10-18 04:39 . 2009-03-10 20:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner .exe
2009-10-18 04:39 . 2009-03-10 20:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-10-17 22:51 . 2009-10-17 22:52 -------- d-----w- C:\Pccoach3
2009-10-17 20:38 . 2009-11-02 22:14 -------- d-----w- c:\program files\Sports Stats 2.0
2009-10-16 15:08 . 2009-10-16 15:08 -------- d-----w- c:\program files\Eufony Free M4A MP3 Converter
2009-10-16 15:08 . 2009-10-16 15:08 743170 ----a-w- c:\program files\eufony_free_m4a_mp3_converter.exe
2009-10-16 14:55 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-16 14:55 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-16 10:16 . 2009-10-29 05:33 -------- d-----w- c:\documents and settings\dell\Application Data\Apple Computer
2009-10-16 10:15 . 2009-10-16 10:15 -------- d-----w- c:\program files\iPod
2009-10-16 10:15 . 2009-10-16 10:16 -------- d-----w- c:\program files\iTunes
2009-10-16 10:15 . 2009-11-02 05:29 -------- d-----w- c:\program files\Bonjour
2009-10-16 10:14 . 2009-10-16 10:15 -------- d-----w- c:\program files\QuickTime
2009-10-16 10:14 . 2009-10-16 10:14 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Apple
2009-10-16 10:14 . 2009-10-16 10:14 -------- d-----w- c:\program files\Apple Software Update
2009-10-16 10:14 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-10-16 10:14 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-16 10:13 . 2009-10-16 10:15 -------- d-----w- c:\program files\Common Files\Apple
2009-10-16 10:13 . 2009-10-16 10:18 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Apple Computer
2009-10-15 18:21 . 2009-11-03 14:40 -------- d-----w- c:\documents and settings\dell\Tracing
2009-10-15 18:16 . 2009-10-15 18:16 -------- d-----w- c:\program files\Microsoft
2009-10-15 18:15 . 2009-10-15 18:15 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-15 18:15 . 2009-10-15 18:16 -------- d-----w- c:\program files\Windows Live
2009-10-15 17:41 . 2009-10-15 17:41 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-15 15:08 . 2009-11-02 21:30 -------- d-----w- c:\documents and settings\dell\Application Data\U3
2009-10-15 07:58 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-10-15 07:57 . 2009-10-15 07:57 -------- d-----w- c:\program files\Microsoft.NET
2009-10-15 07:57 . 2009-10-15 07:57 -------- d-----w- c:\windows\SHELLNEW
2009-10-15 07:39 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-10-15 07:39 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-15 07:39 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-15 07:39 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-15 07:39 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-10-15 07:39 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-10-15 07:39 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-10-15 07:39 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-15 07:39 . 2009-10-15 07:40 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-15 07:19 . 2009-10-15 07:19 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-15 07:19 . 2009-10-15 07:19 -------- d-----w- c:\program files\Adobe Reader 9 Installer
2009-10-15 07:18 . 2009-10-15 07:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-15 07:16 . 2009-10-15 18:20 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Adobe
2009-10-15 05:47 . 2009-10-15 05:47 -------- d-----w- c:\documents and settings\dell\Application Data\Thinstall
2009-10-15 04:45 . 2009-10-15 04:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-10-15 04:40 . 2009-10-30 11:45 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Temp
2009-10-15 04:40 . 2009-10-15 04:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-10-15 03:24 . 2009-10-15 03:42 19968 ----a-w- c:\windows\sysupdt.exe
2009-10-14 21:58 . 2009-10-14 21:55 737280 ----a-w- c:\windows\iun6002.exe
2009-10-14 21:58 . 2009-10-14 21:58 -------- d-----w- c:\program files\PadorWeb
2009-10-14 21:58 . 2009-11-03 20:17 -------- d-----w- c:\program files\PadorNew
2009-10-14 21:58 . 2009-10-14 21:58 -------- d-----w- c:\program files\Common Files\PdorShared
2009-10-14 21:47 . 2009-10-22 04:45 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Google
2009-10-14 21:46 . 2009-10-15 04:42 -------- d-----w- c:\program files\Google
2009-10-14 21:08 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-14 21:08 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-14 21:08 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-14 21:08 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-14 21:07 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-14 21:07 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-14 21:05 . 2009-10-14 21:05 -------- d-----w- c:\program files\uTorrent
2009-10-14 21:04 . 2009-10-31 06:55 -------- d-----w- c:\documents and settings\dell\Application Data\uTorrent
2009-10-14 21:04 . 2009-10-14 21:04 289072 ----a-w- c:\program files\utorrent.exe
2009-10-14 20:56 . 2009-11-03 18:32 1374312 ----a-w- C:\WindowsUpdate_ms08-067.exe
2009-10-14 20:56 . 2009-10-14 20:56 -------- d-----w- c:\program files\WinRAR_3.90
2009-10-14 20:56 . 2009-10-14 20:56 1373069 ----a-w- c:\program files\WinRAR_3[1].90_Full_Cracked.zip
2009-10-14 20:27 . 2009-10-14 20:27 -------- d-s---w- c:\documents and settings\dell\UserData
2009-10-14 20:12 . 2009-10-14 20:12 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Microsoft Help
2009-10-14 19:20 . 2009-10-14 19:20 -------- d-----w- c:\program files\Windows Sidebar
2009-10-14 19:20 . 2009-10-18 04:41 -------- d-----w- c:\program files\Norton 360
2009-10-14 19:19 . 2009-10-18 04:37 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-14 19:19 . 2009-10-18 04:37 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-14 19:19 . 2009-10-18 04:37 -------- d-----w- c:\program files\Symantec
2009-10-14 19:13 . 2009-11-03 20:14 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-14 19:11 . 2009-10-14 19:58 -------- d-----w- c:\documents and settings\dell\Application Data\Symantec
2009-10-14 19:10 . 2009-10-14 19:10 -------- d-----w- c:\program files\Symantec Temporary Files
2009-10-14 17:57 . 2009-10-14 17:57 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Identities
2009-10-14 17:48 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-08 08:34 . 2009-10-08 08:34 -------- d-----w- c:\program files\Fingerprint Reader Suite
2009-10-08 08:33 . 2009-10-08 08:33 -------- d-----w- c:\program files\UPEK
2009-10-08 08:31 . 2007-05-16 04:49 172032 ----a-w- c:\windows\system32\igfxres.dll
2009-10-08 08:28 . 2009-10-08 08:28 664 ----a-w- c:\documents and settings\dell\Local Settings\Application Data\d3d9caps.dat
2009-10-08 08:22 . 2009-10-08 08:28 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-03 19:21 . 2009-01-07 07:37 -------- d-----w- c:\program files\Dell
2009-11-03 19:01 . 2009-11-03 19:01 -------- d-----w- c:\documents and settings\Dell.DROR\Application Data\Thinstall
2009-11-03 18:34 . 2009-11-03 18:34 11912 ----a-w- c:\documents and settings\Dror Laviephrath\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 18:32 . 2009-11-03 18:32 22528 ----a-w- C:\ms18467.exe
2009-11-03 18:09 . 2009-11-03 18:09 -------- d-----w- c:\documents and settings\Dror Laviephrath\Application Data\U3
2009-10-18 04:41 . 2009-03-09 09:36 72880 ----a-w- c:\documents and settings\dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-18 04:37 . 2009-10-14 19:19 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-18 04:37 . 2009-10-14 19:19 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-17 22:51 . 2009-01-07 07:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-15 07:37 . 2009-10-15 07:37 13992449 ----a-w- c:\program files\klcodec-490f.rar
2009-10-15 07:18 . 2009-10-15 07:18 16168136 ----a-w- c:\program files\Office[1].2003.Pro.Hebrew.WizZy.part3.rar
2009-10-15 07:12 . 2009-10-15 07:12 175000000 ----a-w- c:\program files\Office[1].2003.Pro.Hebrew.WizZy.part2.rar
2009-10-15 06:14 . 2009-10-15 06:14 175000000 ----a-w- c:\program files\Office[1].2003.Pro.Hebrew.WizZy.part1.rar
2009-09-25 05:37 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2009-01-07 06:48 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-01-07 06:48 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-01-07 06:48 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-01-07 06:48 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2008-04-14 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-01-07 06:48 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-01-07 06:48 1929952 ----a-w- c:\windows\system32\wuaueng.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\UE AFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 14:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\UE AFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 14:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2009-10-14 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-05-16 138008]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-05-20 184320]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]
"Google Updater"="c:\windows\smms.exe" [2009-10-27 21504]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"32.exe"="c:\windows\system32\nvscv32.exe" [2009-11-01 19968]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-05-06 405504]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2008-02-22 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 21:04 86528 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Windows\\system32\\nvscv32.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Windows\\smms.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18/02/2008 21:37 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [15/10/2009 01:38 102448]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [08/10/2009 10:30 108032]
S0 cerc6;cerc6; [x]
S2 gupdate;שירות Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/10/2009 06:40 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mo n.sys [13/01/2008 04:32 23888]
S3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\drivers\OEM02Afx.sys [07/01/2009 09:07 141376]
S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [07/01/2009 09:07 235520]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [07/01/2009 09:07 7424]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 04:40]

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 04:40]

2009-11-03 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-18 20:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ynet.co.il/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ייצוא אל Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: &יצא ל- Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-eBay Icon - c:\documents and settings\dell\Application Data\Desktopicon\uninst.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-03 22:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\dell\LOCALS~1\Temp\Perflib_Perfdata_fb 8.dat 16384 bytes

scan completed successfully
hidden files: 1

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1480)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\program files\Fingerprint Reader Suite\homepass.dll
c:\program files\Fingerprint Reader Suite\bio.dll
c:\program files\Fingerprint Reader Suite\remote.dll
c:\windows\system32\netprovcredman.dll
c:\program files\Fingerprint Reader Suite\crypto.dll

- - - - - - - > 'lsass.exe'(1536)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2009-11-03 22:25
ComboFix-quarantined-files.txt 2009-11-03 20:25
ComboFix2.txt 2009-11-03 18:21

Pre-Run: 127,865,450,496 bytes free
Post-Run: 128,068,558,848 bytes free

- - End Of File - - 791C56ED8F3952BC2497B2D8E2E7CE39


Log file of Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:17, on 03/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\dell\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ynet ????? ???? ???????? - ?????? ???????
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Updater] C:\Windows\smms.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [32.exe] C:\Windows\system32\nvscv32.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O8 - Extra context menu item: &ייצוא אל Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: שירות Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 9107 bytes

Can you tell if the problem is solved?

Thanks you
Dror

Well, this is one persistent virus. It was not removed with Combofix, and since I worked with my computer again, I have run the Combofix again, and Hijackthis, and I am Posting them again:

ComboFix 09-11-02.02 - dell 11/05/2009 7:46.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2038.1326 [GMT 2:00]
Running from: c:\documents and settings\dell\Desktop\combofix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-05 05:20 . 2009-11-05 05:20 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-05 05:19 . 2009-11-05 05:20 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-11-05 05:19 . 2009-11-05 05:19 -------- d-----w- c:\windows\system32\LogFiles
2009-11-05 04:54 . 2009-11-05 04:54 -------- d-----w- c:\windows\LastGood
2009-11-05 04:54 . 2009-11-05 04:55 -------- d-----w- C:\e8a9aaedf1be98d548
2009-11-04 15:57 . 2009-11-04 15:57 -------- d-----r- C:\MSOCache
2009-11-03 19:45 . 2009-11-03 18:16 -------- d--h--w- c:\documents and settings\Default User.WIN
2009-11-03 19:45 . 2009-11-03 17:59 -------- d-----w- c:\documents and settings\All Users.WIN
2009-11-03 19:41 . 2009-11-03 19:41 -------- d-s---w- c:\documents and settings\Dell.DROR\UserData
2009-11-03 19:39 . 2009-11-03 19:54 -------- d-----w- C:\WIN
2009-11-03 19:06 . 2009-11-03 19:07 -------- d-----w- c:\program files\Office Backup
2009-11-03 18:06 . 2009-11-03 18:28 -------- d-----w- c:\documents and settings\Dror Laviephrath\Local Settings\Application Data\Microsoft
2009-11-03 18:06 . 2009-11-03 18:06 -------- d-----w- c:\documents and settings\Dror Laviephrath
2009-11-03 18:03 . 2009-11-03 18:00 -------- d-----w- c:\win\system32\config\systemprofile\Local Settings\Application Data\Microsoft
2009-11-03 18:00 . 2009-11-03 18:00 -------- d-----w- c:\documents and settings\Default User.WIN\Local Settings\Application Data\Microsoft
2009-11-03 17:59 . 2009-11-03 17:59 -------- d-sh--w- c:\documents and settings\All Users.WIN\DRM
2009-11-02 05:16 . 2009-11-02 05:16 -------- d-----w- c:\documents and settings\dell\Application Data\Malwarebytes
2009-11-02 05:16 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 05:16 . 2009-11-02 05:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 05:16 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-01 12:22 . 2009-11-01 12:22 19968 --sh--r- c:\windows\system32\nvscv32.exe
2009-10-30 07:01 . 2009-10-30 07:06 -------- d-----w- C:\$AVG
2009-10-30 07:00 . 2009-10-30 07:00 -------- d-----w- c:\program files\AVG
2009-10-30 06:42 . 2009-10-30 06:42 -------- d-----w- c:\windows\system32\N360_BACKUP
2009-10-30 06:22 . 2009-10-30 06:22 -------- d-----w- c:\program files\CCleaner
2009-10-28 18:57 . 2009-10-28 19:05 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-28 18:57 . 2009-10-28 19:05 -------- d-----w- c:\program files\DVDVideoSoft
2009-10-27 17:56 . 2009-10-27 17:56 21504 --sh--r- c:\windows\smms.exe
2009-10-26 21:24 . 2009-10-26 21:24 -------- d-----w- c:\program files\thriXXX
2009-10-26 21:24 . 2009-10-26 21:29 -------- d-----w- c:\program files\3DSV
2009-10-26 13:57 . 2009-10-26 13:57 65536 ----a-w- c:\windows\TADSUINS.EXE
2009-10-26 05:18 . 2009-10-26 05:18 -------- d-----w- c:\program files\Act-3D
2009-10-23 09:25 . 2009-10-23 09:38 -------- d-----w- c:\program files\Sun.River.Systems.Heatseek.Gold.v1.4.1.0-HERiTAGE
2009-10-21 15:10 . 2009-10-21 15:13 -------- d-----w- c:\program files\AWare Systems
2009-10-18 04:39 . 2009-11-05 04:56 -------- d-----w- c:\windows\system32\KB905474
2009-10-18 04:39 . 2009-03-10 20:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-10-17 22:51 . 2009-10-17 22:52 -------- d-----w- C:\Pccoach3
2009-10-17 20:38 . 2009-11-04 21:24 -------- d-----w- c:\program files\Sports Stats 2.0
2009-10-16 15:08 . 2009-10-16 15:08 -------- d-----w- c:\program files\Eufony Free M4A MP3 Converter
2009-10-16 15:08 . 2009-10-16 15:08 743170 ----a-w- c:\program files\eufony_free_m4a_mp3_converter.exe
2009-10-16 14:55 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-16 14:55 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-16 10:16 . 2009-10-29 05:33 -------- d-----w- c:\documents and settings\dell\Application Data\Apple Computer
2009-10-16 10:15 . 2009-10-16 10:15 -------- d-----w- c:\program files\iPod
2009-10-16 10:15 . 2009-10-16 10:16 -------- d-----w- c:\program files\iTunes
2009-10-16 10:15 . 2009-11-02 05:29 -------- d-----w- c:\program files\Bonjour
2009-10-16 10:14 . 2009-10-16 10:15 -------- d-----w- c:\program files\QuickTime
2009-10-16 10:14 . 2009-10-16 10:14 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Apple
2009-10-16 10:14 . 2009-10-16 10:14 -------- d-----w- c:\program files\Apple Software Update
2009-10-16 10:14 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-10-16 10:14 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-16 10:13 . 2009-10-16 10:15 -------- d-----w- c:\program files\Common Files\Apple
2009-10-16 10:13 . 2009-10-16 10:18 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Apple Computer
2009-10-15 18:21 . 2009-11-05 05:32 -------- d-----w- c:\documents and settings\dell\Tracing
2009-10-15 18:16 . 2009-10-15 18:16 -------- d-----w- c:\program files\Microsoft
2009-10-15 18:15 . 2009-10-15 18:15 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-15 18:15 . 2009-10-15 18:16 -------- d-----w- c:\program files\Windows Live
2009-10-15 17:41 . 2009-10-15 17:41 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-15 15:08 . 2009-11-02 21:30 -------- d-----w- c:\documents and settings\dell\Application Data\U3
2009-10-15 07:58 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-10-15 07:57 . 2009-10-15 07:57 -------- d-----w- c:\program files\Microsoft.NET
2009-10-15 07:57 . 2009-10-15 07:57 -------- d-----w- c:\windows\SHELLNEW
2009-10-15 07:39 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-10-15 07:39 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-15 07:39 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-15 07:39 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-15 07:39 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-10-15 07:39 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-10-15 07:39 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-10-15 07:39 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-15 07:39 . 2009-10-15 07:40 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-15 07:19 . 2009-10-15 07:19 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-15 07:19 . 2009-10-15 07:19 -------- d-----w- c:\program files\Adobe Reader 9 Installer
2009-10-15 07:18 . 2009-10-15 07:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-15 07:16 . 2009-10-15 18:20 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Adobe
2009-10-15 05:47 . 2009-10-15 05:47 -------- d-----w- c:\documents and settings\dell\Application Data\Thinstall
2009-10-15 04:45 . 2009-10-15 04:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-10-15 04:40 . 2009-10-30 11:45 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Temp
2009-10-15 04:40 . 2009-10-15 04:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-10-15 03:24 . 2009-10-15 03:42 19968 ----a-w- c:\windows\sysupdt.exe
2009-10-14 21:58 . 2009-10-14 21:55 737280 ----a-w- c:\windows\iun6002.exe
2009-10-14 21:58 . 2009-10-14 21:58 -------- d-----w- c:\program files\PadorWeb
2009-10-14 21:58 . 2009-11-03 20:17 -------- d-----w- c:\program files\PadorNew
2009-10-14 21:58 . 2009-10-14 21:58 -------- d-----w- c:\program files\Common Files\PdorShared
2009-10-14 21:47 . 2009-10-22 04:45 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Google
2009-10-14 21:46 . 2009-10-15 04:42 -------- d-----w- c:\program files\Google
2009-10-14 21:08 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-14 21:08 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-14 21:08 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-14 21:08 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-14 21:07 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-14 21:07 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-14 21:05 . 2009-10-14 21:05 -------- d-----w- c:\program files\uTorrent
2009-10-14 21:04 . 2009-11-03 22:15 -------- d-----w- c:\documents and settings\dell\Application Data\uTorrent
2009-10-14 21:04 . 2009-10-14 21:04 289072 ----a-w- c:\program files\utorrent.exe
2009-10-14 20:56 . 2009-11-03 18:32 1374312 ----a-w- C:\WindowsUpdate_ms08-067.exe
2009-10-14 20:56 . 2009-10-14 20:56 -------- d-----w- c:\program files\WinRAR_3.90
2009-10-14 20:56 . 2009-10-14 20:56 1373069 ----a-w- c:\program files\WinRAR_3[1].90_Full_Cracked.zip
2009-10-14 20:27 . 2009-10-14 20:27 -------- d-s---w- c:\documents and settings\dell\UserData
2009-10-14 20:12 . 2009-10-14 20:12 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Microsoft Help
2009-10-14 19:20 . 2009-10-14 19:20 -------- d-----w- c:\program files\Windows Sidebar
2009-10-14 19:20 . 2009-10-18 04:41 -------- d-----w- c:\program files\Norton 360
2009-10-14 19:19 . 2009-10-18 04:37 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-14 19:19 . 2009-10-18 04:37 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-14 19:19 . 2009-10-18 04:37 -------- d-----w- c:\program files\Symantec
2009-10-14 19:13 . 2009-11-05 05:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-14 19:11 . 2009-10-14 19:58 -------- d-----w- c:\documents and settings\dell\Application Data\Symantec
2009-10-14 19:10 . 2009-10-14 19:10 -------- d-----w- c:\program files\Symantec Temporary Files
2009-10-14 17:57 . 2009-10-14 17:57 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Identities
2009-10-14 17:48 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-08 08:34 . 2009-10-08 08:34 -------- d-----w- c:\program files\Fingerprint Reader Suite
2009-10-08 08:33 . 2009-10-08 08:33 -------- d-----w- c:\program files\UPEK
2009-10-08 08:31 . 2007-05-16 04:49 172032 ----a-w- c:\windows\system32\igfxres.dll
2009-10-08 08:28 . 2009-10-08 08:28 664 ----a-w- c:\documents and settings\dell\Local Settings\Application Data\d3d9caps.dat
2009-10-08 08:22 . 2009-10-08 08:28 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-03 19:21 . 2009-01-07 07:37 -------- d-----w- c:\program files\Dell
2009-11-03 19:01 . 2009-11-03 19:01 -------- d-----w- c:\documents and settings\Dell.DROR\Application Data\Thinstall
2009-11-03 18:34 . 2009-11-03 18:34 11912 ----a-w- c:\documents and settings\Dror Laviephrath\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 18:32 . 2009-11-03 18:32 22528 ----a-w- C:\ms18467.exe
2009-11-03 18:09 . 2009-11-03 18:09 -------- d-----w- c:\documents and settings\Dror Laviephrath\Application Data\U3
2009-10-18 04:41 . 2009-03-09 09:36 72880 ----a-w- c:\documents and settings\dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-18 04:37 . 2009-10-14 19:19 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-18 04:37 . 2009-10-14 19:19 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-17 22:51 . 2009-01-07 07:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-15 07:37 . 2009-10-15 07:37 13992449 ----a-w- c:\program files\klcodec-490f.rar
2009-10-15 07:18 . 2009-10-15 07:18 16168136 ----a-w- c:\program files\Office[1].2003.Pro.Hebrew.WizZy.part3.rar
2009-10-15 07:12 . 2009-10-15 07:12 175000000 ----a-w- c:\program files\Office[1].2003.Pro.Hebrew.WizZy.part2.rar
2009-10-15 06:14 . 2009-10-15 06:14 175000000 ----a-w- c:\program files\Office[1].2003.Pro.Hebrew.WizZy.part1.rar
2009-09-25 05:37 . 2008-04-14 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\UE AFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 14:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\UE AFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 14:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2009-10-14 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-05-16 138008]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-05-20 184320]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]
"Google Updater"="c:\windows\smms.exe" [2009-10-27 21504]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"32.exe"="c:\windows\system32\nvscv32.exe" [2009-11-01 19968]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-05-06 405504]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2008-02-22 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 21:04 86528 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Windows\\system32\\nvscv32.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Windows\\smms.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18/02/2008 21:37 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [15/10/2009 01:38 102448]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [08/10/2009 10:30 108032]
S0 cerc6;cerc6; [x]
S2 gupdate;שירות Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/10/2009 06:40 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mo n.sys [13/01/2008 04:32 23888]
S3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\drivers\OEM02Afx.sys [07/01/2009 09:07 141376]
S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [07/01/2009 09:07 235520]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [07/01/2009 09:07 7424]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - UPNPHOST
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 04:40]

2009-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 04:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ynet.co.il/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ייצוא אל Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: &יצא ל- Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-05 07:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1480)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\program files\Fingerprint Reader Suite\homepass.dll
c:\program files\Fingerprint Reader Suite\bio.dll
c:\program files\Fingerprint Reader Suite\remote.dll
c:\windows\system32\netprovcredman.dll
c:\program files\Fingerprint Reader Suite\crypto.dll

- - - - - - - > 'lsass.exe'(1536)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll

- - - - - - - > 'explorer.exe'(3004)
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-05 7:51
ComboFix-quarantined-files.txt 2009-11-05 05:51
ComboFix2.txt 2009-11-05 05:43
ComboFix3.txt 2009-11-03 20:25
ComboFix4.txt 2009-11-03 18:21

Pre-Run: 127,522,934,784 bytes free
Post-Run: 127,512,698,880 bytes free

- - End Of File - - 32656C41E64BA99A11DFB9AFF7214C60


HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:57:50, on 05/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\dell\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ynet ????? ???? ???????? - ?????? ???????
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Updater] C:\Windows\smms.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [32.exe] C:\Windows\system32\nvscv32.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O8 - Extra context menu item: &ייצוא אל Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: שירות Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 9033 bytes


Any Ideas what should I do now?

Thanks
Dror

Yep found some interesting things that need further investigation:


Go to next site:
VirusTotal - Free Online Virus and Malware Scan
On top you'll find 'Browse'
Click the browse button and browse to next file:


c:\windows\system32\nvscv32.exe


Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


If that one is to busy here is another option:


Jotti's malware scan

And

Virus File Scanner


Please scan these also:

c:\windows\smms.exe
c:\windows\sysupdt.exe
C:\ms18467.exe


Did you put this desktop surveillance software on your PC:

c:\windows\iun6002.exe

%WinDir%\iun6002.exe


Open notepad(Must be NotePad) and copy/paste the text in the quotebox below into it:NOT THE WORD Quote]

Direct Look::
C:\e8a9aaedf1be98d548
C:\WIN

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.






This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

This is going to be a long reply...
I have deleted that 6002 file, since I have not installed it. I have no idea where it came from.

The files which you asked to be scanned are these:

Nvscv32.exe
Kaspersky 7.0.0.125 2009.11.02 Trojan.Win32.VB.xyp
McAfee 5789 2009.11.01 -
McAfee+Artemis 5789 2009.11.01 Artemis!8E21BAC898C0
McAfee-GW-Edition 6.8.5 2009.11.02 Heuristic.BehavesLike.Win32.Trojan.H
Microsoft 1.5202 2009.11.02 -
NOD32 4564 2009.11.02 -
Norman 6.03.02 2009.11.01 -
nProtect 2009.1.8.0 2009.11.02 -
Panda 10.0.2.2 2009.11.01 -
PCTools 7.0.3.5 2009.11.02 -
Rising 21.54.04.00 2009.11.02 -
Sophos 4.47.0 2009.11.02 Mal/Behav-243
Sunbelt 3.2.1858.2 2009.11.01 -
Symantec 1.4.4.12 2009.11.02 -
TheHacker 6.5.0.2.058 2009.10.31 -
TrendMicro 8.950.0.1094 2009.11.02 -
VBA32 3.12.10.11 2009.11.02 -
ViRobot 2009.11.2.2017 2009.11.02 -
VirusBuster 4.6.5.0 2009.11.01 -
Additional information
File size: 19968 bytes
MD5 : 8e21bac898c0beb1ce274d6a479980a2
SHA1 : 7d7471a05f96c57b8390eb4ff0127339a8598302
SHA256: f79ee95701a4652081812d628e0ada206636f979ede017502a 2c87c9a78c4ca8
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4428
timedatestamp.....: 0x4AED6E9A (Sun Nov 1 12:18:50 2009)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3868 0x3A00 6.45 a7b5adf9542219a4ed856960294885db
.rdata 0x5000 0xD36 0xE00 5.89 c2d0bd45ff38c2a77c687028dc8eff79
.data 0x6000 0x1018 0x200 1.60 bced264bdb37dc441d39d576f5cf1a47

( 3 imports )

> kernel32.dll: Sleep, GetModuleFileNameA, GetStartupInfoA, GetTickCount, LoadLibraryA, GetModuleHandleA, GetProcAddress, ExitProcess
> msvcp71.dll: __Nomemory@std@@YAXXZ
> msvcr71.dll: __3@YAXPAX@Z, _vsnprintf, strcmp, srand, memcpy, ___V@YAXPAX@Z, strchr, exit, sprintf, strtok, strncpy, malloc, strcpy, __dllonexit, _onexit, _c_exit, _exit, _XcptFilter, _ismbblead, _cexit, _acmdln, _amsg_exit, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, _except_handler3, __CxxFrameHandler, strstr, strlen, rand, strcat, memset, _callnewh

( 0 exports )
TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 384:uJsiV09BWVnYTprma1cnHGoJMq/BKmHmT3BVYPYkxc8tBa31Zrcoq242kVbc5ERV:uJs209BWVnYT prbIGoJMq/BKmHmT3BO1
PEiD : -
RDS : NSRL Reference Data Set



Smms.exe

a-squared 4.5.0.41 2009.10.26 -
AhnLab-V3 5.0.0.2 2009.10.26 -
AntiVir 7.9.1.44 2009.10.26 -
Antiy-AVL 2.0.3.7 2009.10.26 -
Authentium 5.1.2.4 2009.10.26 -
Avast 4.8.1351.0 2009.10.26 -
AVG 8.5.0.423 2009.10.26 -
BitDefender 7.2 2009.10.26 -
CAT-QuickHeal 10.00 2009.10.26 -
ClamAV 0.94.1 2009.10.26 -
Comodo 2743 2009.10.26 -
DrWeb 5.0.0.12182 2009.10.26 BackDoor.IRC.Siggen.8
eSafe 7.0.17.0 2009.10.25 -
eTrust-Vet 35.1.7084 2009.10.26 -
F-Prot 4.5.1.85 2009.10.26 -
F-Secure 9.0.15370.0 2009.10.22 -
Fortinet 3.120.0.0 2009.10.26 -
GData 19 2009.10.26 -
Ikarus T3.1.1.72.0 2009.10.26 -
Jiangmin 11.0.800 2009.10.26 -
K7AntiVirus 7.10.879 2009.10.24 -
Kaspersky 7.0.0.125 2009.10.26 -
McAfee 5783 2009.10.26 -
McAfee+Artemis 5783 2009.10.26 Artemis!1DD8D71BC605
McAfee-GW-Edition 6.8.5 2009.10.26 -
Microsoft 1.5202 2009.10.26 -
NOD32 4545 2009.10.26 -
Norman 6.03.02 2009.10.26 -
nProtect 2009.1.8.0 2009.10.26 -
Panda 10.0.2.2 2009.10.26 Suspicious file
PCTools 4.4.2.0 2009.10.19 -
Prevx 3.0 2009.10.26 -
Rising 21.53.04.00 2009.10.26 -
Sophos 4.46.0 2009.10.26 -
Sunbelt 3.2.1858.2 2009.10.26 -
Symantec 1.4.4.12 2009.10.26 -
TheHacker 6.5.0.2.054 2009.10.26 -
TrendMicro 8.950.0.1094 2009.10.26 -
VBA32 3.12.10.11 2009.10.26 -
ViRobot 2009.10.26.2005 2009.10.26 -
VirusBuster 4.6.5.0 2009.10.26 -
Additional information
File size: 21504 bytes
MD5 : 1dd8d71bc605c531edf1f729a5b206ed
SHA1 : a5b03670caeff75b8828d45ff52ded311eccfef4
SHA256: aa27e6430ffd6bc4094be6efdd0e3fb9587cbdced3defd0704 d54349c4ededc5
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4A4E
timedatestamp.....: 0x4ACC13CB (Wed Oct 7 06:06:35 2009)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3E8A 0x4000 6.45 f99edda226aba4bc6a40afcb18ca7b38
.rdata 0x5000 0xDAC 0xE00 6.08 922e4e854d4d07b7df108eb37ad80148
.data 0x6000 0x18E0 0x200 0.88 804ab499768f98f3843f8a2d220f8390

( 3 imports )

> kernel32.dll: Sleep, GetStartupInfoA, GetModuleFileNameA, LoadLibraryA, GetModuleHandleA, GetProcAddress, GetTickCount
> msvcp71.dll: __Nomemory@std@@YAXXZ
> msvcr71.dll: __CxxFrameHandler, _except_handler3, _vsnprintf, strcpy, strcmp, __3@YAXPAX@Z, memcpy, ___V@YAXPAX@Z, strchr, strcat, strtok, strncpy, malloc, __dllonexit, _onexit, _c_exit, _exit, _XcptFilter, _ismbblead, _cexit, _acmdln, _amsg_exit, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, exit, sprintf, strlen, srand, strstr, atoi, rand, memset, _callnewh

( 0 exports )
TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 384:dMLUMDqVJtRriVnFpRvjRH+Em5RKmhWT3KfNLeS6VOma2k I+N5k+rGFVciL6R4fL:dMLUMDeJtRriVnFLjF+Em5RKmhWT3Kf c
PEiD : -
RDS : NSRL Reference Data Set
-


Sysupdt.exe

a-squared 4.5.0.41 2009.10.18 -
AhnLab-V3 5.0.0.2 2009.10.17 -
AntiVir 7.9.1.35 2009.10.16 -
Antiy-AVL 2.0.3.7 2009.10.16 -
Authentium 5.1.2.4 2009.10.17 -
Avast 4.8.1351.0 2009.10.17 -
AVG 8.5.0.420 2009.10.18 -
BitDefender 7.2 2009.10.18 -
CAT-QuickHeal 10.00 2009.10.18 -
ClamAV 0.94.1 2009.10.17 -
Comodo 2646 2009.10.18 -
DrWeb 5.0.0.12182 2009.10.18 BackDoor.IRC.Bot.150
eSafe 7.0.17.0 2009.10.18 -
eTrust-Vet None 2009.10.16 -
F-Prot 4.5.1.85 2009.10.17 -
F-Secure 9.0.15300.0 2009.10.16 -
Fortinet 3.120.0.0 2009.10.16 -
GData 19 2009.10.18 -
Ikarus T3.1.1.72.0 2009.10.18 -
Jiangmin 11.0.800 2009.10.18 -
K7AntiVirus 7.10.872 2009.10.16 -
Kaspersky 7.0.0.125 2009.10.18 -
McAfee 5775 2009.10.18 -
McAfee+Artemis 5775 2009.10.18 -
McAfee-GW-Edition 6.8.5 2009.10.18 Heuristic.BehavesLike.Win32.Downloader.H
Microsoft 1.5101 2009.10.18 -
NOD32 4519 2009.10.18 -
Norman 6.03.02 2009.10.17 -
nProtect 2009.1.8.0 2009.10.18 Trojan/W32.Agent.19968.HV
Panda 10.0.2.2 2009.10.18 Adware/AccesMembre
PCTools 4.4.2.0 2009.10.18 -
Prevx 3.0 2009.10.18 High Risk Cloaked Malware
Rising 21.51.62.00 2009.10.18 -
Sophos 4.46.0 2009.10.18 -
Sunbelt 3.2.1858.2 2009.10.18 -
Symantec 1.4.4.12 2009.10.18 -
TheHacker 6.5.0.2.045 2009.10.17 -
TrendMicro 8.950.0.1094 2009.10.18 -
VBA32 3.12.10.11 2009.10.16 -
ViRobot 2009.10.17.1990 2009.10.17 -
VirusBuster 4.6.5.0 2009.10.18 -
Additional information
File size: 19968 bytes
MD5 : 880f153962195980da534d8c10fbc842
SHA1 : 3af39572145272e942106b0c2b9b025f4c36e711
SHA256: b6ac65259114d76de01017fbc65a33850c2f8c55086e926d68 7638394535200e
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x43D8
timedatestamp.....: 0x4AD46203 (Tue Oct 13 13:18:27 2009)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x381C 0x3A00 6.43 45c0d8d24855155fa97ea2aaefe89621
.rdata 0x5000 0xD36 0xE00 5.89 555ff9926756ce1ca000d03f88c570f2
.data 0x6000 0xFF8 0x200 1.10 63870168c5786490fe40f89c94d52403

( 3 imports )

> kernel32.dll: Sleep, GetModuleFileNameA, GetStartupInfoA, GetTickCount, LoadLibraryA, GetModuleHandleA, GetProcAddress, ExitProcess
> msvcp71.dll: __Nomemory@std@@YAXXZ
> msvcr71.dll: __3@YAXPAX@Z, _vsnprintf, strcmp, srand, memcpy, ___V@YAXPAX@Z, strchr, exit, sprintf, strtok, strncpy, malloc, strcpy, __dllonexit, _onexit, _c_exit, _exit, _XcptFilter, _ismbblead, _cexit, _acmdln, _amsg_exit, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, _except_handler3, __CxxFrameHandler, strstr, strlen, rand, strcat, memset, _callnewh

( 0 exports )
TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 384:kJsiV09BWVnYTprmUEwgnHGoJ+/wBKmHmT3ByvUkxEgBBa31yuCe1kVbc5ERFfLR:kJs209BWVnYT prQwsGoJ+/wBKmHmT3BD
Prevx Info: Prevx 3.0 solutions for business

PEiD : -
RDS : NSRL Reference Data Set
-

Ms18647.exe

a-squared 4.5.0.41 2009.11.05 -
AhnLab-V3 5.0.0.2 2009.11.05 -
AntiVir 7.9.1.53 2009.11.05 -
Antiy-AVL 2.0.3.7 2009.11.05 -
Authentium 5.2.0.5 2009.11.05 -
Avast 4.8.1351.0 2009.11.05 Win32:Agent-AHLO
AVG 8.5.0.423 2009.11.05 -
BitDefender 7.2 2009.11.05 -
CAT-QuickHeal 10.00 2009.11.05 -
ClamAV 0.94.1 2009.11.05 -
Comodo 2850 2009.11.05 -
DrWeb 5.0.0.12182 2009.11.05 -
eTrust-Vet 35.1.7105 2009.11.05 -
F-Prot 4.5.1.85 2009.11.05 -
F-Secure 9.0.15370.0 2009.11.04 -
Fortinet 3.120.0.0 2009.11.05 -
GData 19 2009.11.05 Win32:Agent-AHLO
Ikarus T3.1.1.74.0 2009.11.05 -
Jiangmin 11.0.800 2009.11.05 -
K7AntiVirus 7.10.889 2009.11.05 -
Kaspersky 7.0.0.125 2009.11.05 -
McAfee 5792 2009.11.04 -
McAfee+Artemis 5793 2009.11.05 -
McAfee-GW-Edition 6.8.5 2009.11.05 Heuristic.BehavesLike.Win32.Trojan.H
Microsoft 1.5202 2009.11.05 Trojan:Win32/Malex.gen!E
NOD32 4576 2009.11.05 -
Norman 6.03.02 2009.11.05 -
nProtect 2009.1.8.0 2009.11.05 -
Panda 10.0.2.2 2009.11.04 Trj/CI.A
PCTools 7.0.3.5 2009.11.05 -
Prevx 3.0 2009.11.05 Medium Risk Malware
Rising 21.54.34.00 2009.11.05 -
Sophos 4.47.0 2009.11.05 Mal/Behav-243
Sunbelt 3.2.1858.2 2009.11.05 -
Symantec 1.4.4.12 2009.11.05 -
TheHacker 6.5.0.2.061 2009.11.05 -
TrendMicro 9.0.0.1003 2009.11.05 -
VBA32 3.12.10.11 2009.11.04 -
ViRobot 2009.11.5.2023 2009.11.05 -
VirusBuster 4.6.5.0 2009.11.05 -
Additional information
File size: 22528 bytes
MD5...: 01a3ab0a7ae19c67deed8685beffdd63
SHA1..: 59a434d32d3bf7c67025c849a2be0079f0fa2ea3
SHA256: 386a3ca83f31969cf69ebe5edce83ffbf3ecc85c957bb3466d b521c48dfd8056
ssdeep: 384:87LUMDqV0ptRriVnpsgndeS+Em5RKmhWT3KfNHb1F1xu6q a2IYFKzA/VciL6
R4fk:87LUMDe0ptRriVnppdb+Em5RKmhWT3K1
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4bae
timedatestamp.....: 0x4ac69233 (Fri Oct 02 23:52:19 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4013 0x4200 6.44 3a04f35ff418249b625a368ff6e47445
.rdata 0x6000 0xe6c 0x1000 5.70 2545ede721487f9b945b496378608a43
.data 0x7000 0x18f0 0x200 1.14 29ae279b3446152c1d28035b8279532b

( 3 imports )
> MSVCP71.dll: __Nomemory@std@@YAXXZ
> MSVCR71.dll: __CxxFrameHandler, _except_handler3, _vsnprintf, strcpy, strcmp, __3@YAXPAX@Z, memcpy, ___V@YAXPAX@Z, strchr, strcat, strtok, strncpy, malloc, __dllonexit, _onexit, _c_exit, _exit, _XcptFilter, _ismbblead, _cexit, _acmdln, _amsg_exit, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, exit, sprintf, strlen, srand, strstr, atoi, rand, memset, _callnewh
> KERNEL32.dll: Sleep, GetStartupInfoA, GetModuleFileNameA, LoadLibraryA, GetModuleHandleA, GetProcAddress, GetTickCount

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=3DE03D6D00718846586B00327 80EB50017471AAC' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=3DE03D6D00718846586B00327 80EB50017471AAC</a>

ComboFix
ComboFix 09-11-02.02 - dell 11/05/2009 20:24.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2038.1382 [GMT 2:00]
Running from: c:\documents and settings\dell\Desktop\combofix.exe
Command switches used :: c:\documents and settings\dell\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-05 05:20 . 2009-11-05 05:20 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-05 05:19 . 2009-11-05 05:20 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-11-05 05:19 . 2009-11-05 05:19 -------- d-----w- c:\windows\system32\LogFiles
2009-11-05 04:54 . 2009-11-05 04:54 -------- d-----w- c:\windows\LastGood
2009-11-05 04:54 . 2009-11-05 04:55 -------- d-----w- C:\e8a9aaedf1be98d548
2009-11-04 15:57 . 2009-11-04 15:57 -------- d-----r- C:\MSOCache
2009-11-03 19:45 . 2009-11-03 18:16 -------- d--h--w- c:\documents and settings\Default User.WIN
2009-11-03 19:45 . 2009-11-03 17:59 -------- d-----w- c:\documents and settings\All Users.WIN
2009-11-03 19:41 . 2009-11-03 19:41 -------- d-s---w- c:\documents and settings\Dell.DROR\UserData
2009-11-03 19:39 . 2009-11-03 19:54 -------- d-----w- C:\WIN
2009-11-03 19:06 . 2009-11-03 19:07 -------- d-----w- c:\program files\Office Backup
2009-11-03 18:06 . 2009-11-03 18:28 -------- d-----w- c:\documents and settings\Dror Laviephrath\Local Settings\Application Data\Microsoft
2009-11-03 18:06 . 2009-11-03 18:06 -------- d-----w- c:\documents and settings\Dror Laviephrath
2009-11-03 18:03 . 2009-11-03 18:00 -------- d-----w- c:\win\system32\config\systemprofile\Local Settings\Application Data\Microsoft
2009-11-03 18:00 . 2009-11-03 18:00 -------- d-----w- c:\documents and settings\Default User.WIN\Local Settings\Application Data\Microsoft
2009-11-03 17:59 . 2009-11-03 17:59 -------- d-sh--w- c:\documents and settings\All Users.WIN\DRM
2009-11-02 05:16 . 2009-11-02 05:16 -------- d-----w- c:\documents and settings\dell\Application Data\Malwarebytes
2009-11-02 05:16 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 05:16 . 2009-11-02 05:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 05:16 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-01 12:22 . 2009-11-01 12:22 19968 --sh--r- c:\windows\system32\nvscv32.exe
2009-10-30 07:01 . 2009-10-30 07:06 -------- d-----w- C:\$AVG
2009-10-30 07:00 . 2009-10-30 07:00 -------- d-----w- c:\program files\AVG
2009-10-30 06:42 . 2009-10-30 06:42 -------- d-----w- c:\windows\system32\N360_BACKUP
2009-10-30 06:22 . 2009-10-30 06:22 -------- d-----w- c:\program files\CCleaner
2009-10-28 18:57 . 2009-10-28 19:05 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-28 18:57 . 2009-10-28 19:05 -------- d-----w- c:\program files\DVDVideoSoft
2009-10-27 17:56 . 2009-10-27 17:56 21504 --sh--r- c:\windows\smms.exe
2009-10-26 21:24 . 2009-10-26 21:24 -------- d-----w- c:\program files\thriXXX
2009-10-26 21:24 . 2009-10-26 21:29 -------- d-----w- c:\program files\3DSV
2009-10-26 13:57 . 2009-10-26 13:57 65536 ----a-w- c:\windows\TADSUINS.EXE
2009-10-26 05:18 . 2009-10-26 05:18 -------- d-----w- c:\program files\Act-3D
2009-10-23 09:25 . 2009-10-23 09:38 -------- d-----w- c:\program files\Sun.River.Systems.Heatseek.Gold.v1.4.1.0-HERiTAGE
2009-10-21 15:10 . 2009-10-21 15:13 -------- d-----w- c:\program files\AWare Systems
2009-10-18 04:39 . 2009-11-05 04:56 -------- d-----w- c:\windows\system32\KB905474
2009-10-18 04:39 . 2009-03-10 20:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-10-17 22:51 . 2009-10-17 22:52 -------- d-----w- C:\Pccoach3
2009-10-17 20:38 . 2009-11-04 21:24 -------- d-----w- c:\program files\Sports Stats 2.0
2009-10-16 15:08 . 2009-10-16 15:08 -------- d-----w- c:\program files\Eufony Free M4A MP3 Converter
2009-10-16 15:08 . 2009-10-16 15:08 743170 ----a-w- c:\program files\eufony_free_m4a_mp3_converter.exe
2009-10-16 14:55 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-16 14:55 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-16 10:16 . 2009-10-29 05:33 -------- d-----w- c:\documents and settings\dell\Application Data\Apple Computer
2009-10-16 10:15 . 2009-10-16 10:15 -------- d-----w- c:\program files\iPod
2009-10-16 10:15 . 2009-10-16 10:16 -------- d-----w- c:\program files\iTunes
2009-10-16 10:15 . 2009-11-02 05:29 -------- d-----w- c:\program files\Bonjour
2009-10-16 10:14 . 2009-10-16 10:15 -------- d-----w- c:\program files\QuickTime
2009-10-16 10:14 . 2009-10-16 10:14 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Apple
2009-10-16 10:14 . 2009-10-16 10:14 -------- d-----w- c:\program files\Apple Software Update
2009-10-16 10:14 . 2009-08-28 17:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-10-16 10:14 . 2009-08-28 17:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-16 10:13 . 2009-10-16 10:15 -------- d-----w- c:\program files\Common Files\Apple
2009-10-16 10:13 . 2009-10-16 10:18 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Apple Computer
2009-10-15 18:21 . 2009-11-05 05:32 -------- d-----w- c:\documents and settings\dell\Tracing
2009-10-15 18:16 . 2009-10-15 18:16 -------- d-----w- c:\program files\Microsoft
2009-10-15 18:15 . 2009-10-15 18:15 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-15 18:15 . 2009-10-15 18:16 -------- d-----w- c:\program files\Windows Live
2009-10-15 17:41 . 2009-10-15 17:41 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-15 15:08 . 2009-11-02 21:30 -------- d-----w- c:\documents and settings\dell\Application Data\U3
2009-10-15 07:58 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-10-15 07:57 . 2009-10-15 07:57 -------- d-----w- c:\program files\Microsoft.NET
2009-10-15 07:57 . 2009-10-15 07:57 -------- d-----w- c:\windows\SHELLNEW
2009-10-15 07:39 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-10-15 07:39 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-15 07:39 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-15 07:39 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-15 07:39 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-10-15 07:39 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-10-15 07:39 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-10-15 07:39 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-15 07:39 . 2009-10-15 07:40 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-15 07:19 . 2009-10-15 07:19 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-15 07:19 . 2009-10-15 07:19 -------- d-----w- c:\program files\Adobe Reader 9 Installer
2009-10-15 07:18 . 2009-10-15 07:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-15 07:16 . 2009-10-15 18:20 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Adobe
2009-10-15 05:47 . 2009-10-15 05:47 -------- d-----w- c:\documents and settings\dell\Application Data\Thinstall
2009-10-15 04:45 . 2009-10-15 04:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-10-15 04:40 . 2009-10-30 11:45 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Temp
2009-10-15 04:40 . 2009-10-15 04:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-10-15 03:24 . 2009-10-15 03:42 19968 ----a-w- c:\windows\sysupdt.exe
2009-10-14 21:58 . 2009-10-14 21:58 -------- d-----w- c:\program files\PadorWeb
2009-10-14 21:58 . 2009-11-03 20:17 -------- d-----w- c:\program files\PadorNew
2009-10-14 21:58 . 2009-10-14 21:58 -------- d-----w- c:\program files\Common Files\PdorShared
2009-10-14 21:47 . 2009-10-22 04:45 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Google
2009-10-14 21:46 . 2009-10-15 04:42 -------- d-----w- c:\program files\Google
2009-10-14 21:08 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-14 21:08 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-14 21:08 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-14 21:08 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-14 21:07 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-14 21:07 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-14 21:05 . 2009-10-14 21:05 -------- d-----w- c:\program files\uTorrent
2009-10-14 21:04 . 2009-11-03 22:15 -------- d-----w- c:\documents and settings\dell\Application Data\uTorrent
2009-10-14 21:04 . 2009-10-14 21:04 289072 ----a-w- c:\program files\utorrent.exe
2009-10-14 20:56 . 2009-11-03 18:32 1374312 ----a-w- C:\WindowsUpdate_ms08-067.exe
2009-10-14 20:56 . 2009-10-14 20:56 -------- d-----w- c:\program files\WinRAR_3.90
2009-10-14 20:56 . 2009-10-14 20:56 1373069 ----a-w- c:\program files\WinRAR_3[1].90_Full_Cracked.zip
2009-10-14 20:27 . 2009-10-14 20:27 -------- d-s---w- c:\documents and settings\dell\UserData
2009-10-14 20:12 . 2009-10-14 20:12 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Microsoft Help
2009-10-14 19:20 . 2009-10-14 19:20 -------- d-----w- c:\program files\Windows Sidebar
2009-10-14 19:20 . 2009-10-18 04:41 -------- d-----w- c:\program files\Norton 360
2009-10-14 19:19 . 2009-10-18 04:37 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-14 19:19 . 2009-10-18 04:37 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-14 19:19 . 2009-10-18 04:37 -------- d-----w- c:\program files\Symantec
2009-10-14 19:13 . 2009-11-05 18:22 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-14 19:11 . 2009-10-14 19:58 -------- d-----w- c:\documents and settings\dell\Application Data\Symantec
2009-10-14 19:10 . 2009-10-14 19:10 -------- d-----w- c:\program files\Symantec Temporary Files
2009-10-14 17:57 . 2009-10-14 17:57 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Identities
2009-10-14 17:48 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-08 08:34 . 2009-10-08 08:34 -------- d-----w- c:\program files\Fingerprint Reader Suite
2009-10-08 08:33 . 2009-10-08 08:33 -------- d-----w- c:\program files\UPEK
2009-10-08 08:31 . 2007-05-16 04:49 172032 ----a-w- c:\windows\system32\igfxres.dll
2009-10-08 08:28 . 2009-10-08 08:28 664 ----a-w- c:\documents and settings\dell\Local Settings\Application Data\d3d9caps.dat
2009-10-08 08:22 . 2009-10-08 08:28 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-03 19:21 . 2009-01-07 07:37 -------- d-----w- c:\program files\Dell
2009-11-03 19:01 . 2009-11-03 19:01 -------- d-----w- c:\documents and settings\Dell.DROR\Application Data\Thinstall
2009-11-03 18:34 . 2009-11-03 18:34 11912 ----a-w- c:\documents and settings\Dror Laviephrath\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 18:32 . 2009-11-03 18:32 22528 ----a-w- C:\ms18467.exe
2009-11-03 18:09 . 2009-11-03 18:09 -------- d-----w- c:\documents and settings\Dror Laviephrath\Application Data\U3
2009-10-18 04:41 . 2009-03-09 09:36 72880 ----a-w- c:\documents and settings\dell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-18 04:37 . 2009-10-14 19:19 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-18 04:37 . 2009-10-14 19:19 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-17 22:51 . 2009-01-07 07:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-15 07:37 . 2009-10-15 07:37 13992449 ----a-w- c:\program files\klcodec-490f.rar
2009-10-15 07:18 . 2009-10-15 07:18 16168136 ----a-w- c:\program files\Office[1].2003.Pro.Hebrew.WizZy.part3.rar
2009-10-15 07:12 . 2009-10-15 07:12 175000000 ----a-w- c:\program files\Office[1].2003.Pro.Hebrew.WizZy.part2.rar
2009-10-15 06:14 . 2009-10-15 06:14 175000000 ----a-w- c:\program files\Office[1].2003.Pro.Hebrew.WizZy.part1.rar
2009-09-25 05:37 . 2008-04-14 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-11-05_05.41.54 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\UE AFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 14:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\UE AFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 14:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2009-10-14 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-05-16 138008]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-05-20 184320]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]
"Google Updater"="c:\windows\smms.exe" [2009-10-27 21504]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"32.exe"="c:\windows\system32\nvscv32.exe" [2009-11-01 19968]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2007-05-06 405504]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2008-02-22 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 21:04 86528 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Windows\\system32\\nvscv32.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Windows\\smms.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18/02/2008 21:37 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [15/10/2009 01:38 102448]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [08/10/2009 10:30 108032]
S0 cerc6;cerc6; [x]
S2 gupdate;שירות Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/10/2009 06:40 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mo n.sys [13/01/2008 04:32 23888]
S3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\drivers\OEM02Afx.sys [07/01/2009 09:07 141376]
S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [07/01/2009 09:07 235520]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [07/01/2009 09:07 7424]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - UPNPHOST
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 04:40]

2009-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 04:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ynet.co.il/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ייצוא אל Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: &יצא ל- Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.
- - - - ORPHANS REMOVED - - - -

AddRemove-PadorNew - c:\windows\iun6002.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-05 20:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1480)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\program files\Fingerprint Reader Suite\homepass.dll
c:\program files\Fingerprint Reader Suite\bio.dll
c:\program files\Fingerprint Reader Suite\remote.dll
c:\windows\system32\netprovcredman.dll
c:\program files\Fingerprint Reader Suite\crypto.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(1536)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll

- - - - - - - > 'explorer.exe'(3640)
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-05 20:30
ComboFix-quarantined-files.txt 2009-11-05 18:30
ComboFix2.txt 2009-11-05 05:51
ComboFix3.txt 2009-11-05 05:43
ComboFix4.txt 2009-11-03 20:25
ComboFix5.txt 2009-11-05 18:23

Pre-Run: 127,440,719,872 bytes free
Post-Run: 127,437,770,752 bytes free

- - End Of File - - E8F845F497C5E07140A183DBC6B41C95

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:19, on 05/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\dell\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ynet ????? ???? ???????? - ?????? ???????
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Updater] C:\Windows\smms.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [32.exe] C:\Windows\system32\nvscv32.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O8 - Extra context menu item: &ייצוא אל Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: שירות Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 9108 bytes

Hello
Neal is on 1 week vacation, so I'll be taking over his threads.


Please, make sure, you allow recovery console installation on next Combofix run.


1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\system32\nvscv32.exe
c:\windows\smms.exe
c:\windows\TADSUINS.EXE
c:\windows\sysupdt.exe
C:\ms18467.exe


Folder::
C:\$AVG
c:\program files\AVG


Driver::
cerc6


Registry::

RegLockDel::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.