Hello, this is my first time getting help like this. Here are the log files I have created. Thank you!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:18 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.twp.ezt.on.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: VideoInput - {AC16362B-5EDF-4E46-B7F6-EC24BB76E8C4} - C:\WINDOWS\konsarad.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt2] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [antispy] C:\Program Files\MalwareBell\malwarebell.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: SmartUI.lnk = C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10619 bytes







-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 30, 2008 2:23:40 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/04/2008
Kaspersky Anti-Virus database records: 733227
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 84820
Number of viruses found: 13
Number of infected objects: 35
Number of suspicious objects: 24
Duration of the scan process: 01:30:50

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator.ARENA\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\Bloomberg.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\Capitol Records.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\CBS.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\CNBC Dow Jones Business Video.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\CNET Today - Technology News.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\CNN Videoselect.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\Disney.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\ESPN Sports.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\Fox News.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\Fox Sports.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\Hollywood Online.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\Internet Radio Guide.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\MSNBC.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\MUSICVIDEOS.COM.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\NBC VideoSeeker.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\TV Guide Entertainment Network.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\Universal Studios Online.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\Warner Bros. Hip Clips.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\What's On Now.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Media\Windows Media Showcase.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\6J6PQ90V\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\ARG1QDQB\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\ARG1QDQB\switch2_ua[1].gif Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\ARG1QDQB\UAHelp_Classic[1].css Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\ELYV6HK3\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\ELYV6HK3\switch3_ua[1].gif Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\ELYV6HK3\UAHelp_Metrics[1].css Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\G3GH47Y9\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\G3GH47Y9\HelpLA_lib[1].js Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\G3GH47Y9\ua[1].gif Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\K323A54B\Class3SoftwarePublishers[1].crl Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\K323A54B\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\KT6V0D2Z\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\MXOLYTCZ\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\Y9OTA98L\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\Y9OTA98L\popup[1].js Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\Content.IE5\Y9OTA98L\switch1_ua[1].gif Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\My Documents\My Pictures\Sample.jpg Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\ntuser.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Administrator.ARENA\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-30_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Ken\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Temp\AEA2-tmpapi.exe Infected: Trojan-Downloader.Win32.Peregar.do skipped
C:\Documents and Settings\Ken\Local Settings\Temp\NeroDemo11606\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Ken\Local Settings\Temp\WinAntiSpyware2006Setup.exe/file03 Infected: not-a-virus:FraudTool.Win32.WinAnti skipped
C:\Documents and Settings\Ken\Local Settings\Temp\WinAntiSpyware2006Setup.exe Inno: infected - 1 skipped
C:\Documents and Settings\Ken\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Ken\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ken\ntuser.dat Object is locked skipped
C:\Documents and Settings\Ken\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Old_System\Ken.bkf/Program_Files\Norton_AntiVirus\Quarantine\12DC7901.zip/price.html Infected: Exploit.HTML.CodeBaseExec skipped
C:\Old_System\Ken.bkf/Program_Files\Norton_AntiVirus\Quarantine\12DC7901.zip/price/price.exe Infected: Email-Worm.Win32.Bagle.al skipped
C:\Old_System\Ken.bkf/Program_Files\Norton_AntiVirus\Quarantine\12DC7901.zip Infected: Email-Worm.Win32.Bagle.al skipped
C:\Old_System\Ken.bkf/Program_Files\Norton_AntiVirus\Quarantine\1BFC15FB/gksxbkk.exe Suspicious: Password-protected-EXE skipped
C:\Old_System\Ken.bkf/Program_Files\Norton_AntiVirus\Quarantine\1BFC15FB Suspicious: Password-protected-EXE skipped
C:\Old_System\Ken.bkf/Program_Files\Norton_AntiVirus\Quarantine\4EBF0525/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Old_System\Ken.bkf/Program_Files\Norton_AntiVirus\Quarantine\4EBF0525 Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Old_System\Ken.bkf/Program_Files\Norton_AntiVirus\Quarantine\628340A7/nbmtpx.exe Suspicious: Password-protected-EXE skipped
C:\Old_System\Ken.bkf/Program_Files\Norton_AntiVirus\Quarantine\628340A7 Suspicious: Password-protected-EXE skipped
C:\Old_System\Ken.bkf/Program_Files\Norton_AntiVirus\Quarantine\62C8325B/archsb.exe Suspicious: Password-protected-EXE skipped
C:\Old_System\Ken.bkf/Program_Files\Norton_AntiVirus\Quarantine\62C8325B Suspicious: Password-protected-EXE skipped
C:\Old_System\Ken.bkf MTF: infected - 5, suspicious - 6 skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\08A61D4C.htm Infected: Trojan-Downloader.JS.Agent.kd skipped
C:\Program Files\Norton AntiVirus\Quarantine\0EE207FA.exe Infected: not-a-virus:FraudTool.Win32.WinAnti skipped
C:\Program Files\Norton AntiVirus\Quarantine\12DC7901.zip/price.html Infected: Exploit.HTML.CodeBaseExec skipped
C:\Program Files\Norton AntiVirus\Quarantine\12DC7901.zip/price/price.exe Infected: Email-Worm.Win32.Bagle.al skipped
C:\Program Files\Norton AntiVirus\Quarantine\12DC7901.zip ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\12DC7901.zip CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1BFC15FB/gksxbkk.exe Suspicious: Password-protected-EXE skipped
C:\Program Files\Norton AntiVirus\Quarantine\1BFC15FB ZIP: suspicious - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\1BFC15FB CryptFF: suspicious - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\37DF24E9.exe Infected: not-a-virus:Downloader.Win32.WinFixer.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\41296E3C.exe Infected: not-a-virus:FraudTool.Win32.MalwareBell.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\4E415E12.tmp/attachment.zip/attachment.scr Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Program Files\Norton AntiVirus\Quarantine\4E415E12.tmp/attachment.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Program Files\Norton AntiVirus\Quarantine\4E415E12.tmp ZIP: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4E415E12.tmp CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4EBF0525/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\4EBF0525 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4EBF0525 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\628340A7/nbmtpx.exe Suspicious: Password-protected-EXE skipped
C:\Program Files\Norton AntiVirus\Quarantine\628340A7 ZIP: suspicious - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\628340A7 CryptFF: suspicious - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\62C8325B/archsb.exe Suspicious: Password-protected-EXE skipped
C:\Program Files\Norton AntiVirus\Quarantine\62C8325B ZIP: suspicious - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\62C8325B CryptFF: suspicious - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7FC13021.scr Infected: Trojan-Downloader.Win32.Agent.fvr skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8C01E4B8-F0D2-4072-828D-702F3A0259A4}\RP1261\A0059661.exe Infected: not-a-virus:FraudTool.Win32.IeDefender.cl skipped
C:\System Volume Information\_restore{8C01E4B8-F0D2-4072-828D-702F3A0259A4}\RP1261\change.log Object is locked skipped
C:\TEMP\Program Files\Norton AntiVirus\Quarantine\12DC7901.zip/price.html Infected: Exploit.HTML.CodeBaseExec skipped
C:\TEMP\Program Files\Norton AntiVirus\Quarantine\12DC7901.zip/price/price.exe Infected: Email-Worm.Win32.Bagle.al skipped
C:\TEMP\Program Files\Norton AntiVirus\Quarantine\12DC7901.zip ZIP: infected - 2 skipped
C:\TEMP\Program Files\Norton AntiVirus\Quarantine\12DC7901.zip CryptFF: infected - 2 skipped
C:\TEMP\Program Files\Norton AntiVirus\Quarantine\1BFC15FB/gksxbkk.exe Suspicious: Password-protected-EXE skipped
C:\TEMP\Program Files\Norton AntiVirus\Quarantine\1BFC15FB ZIP: suspicious - 1 skipped
C:\TEMP\Program Files\Norton AntiVirus\Quarantine\1BFC15FB CryptFF: suspicious - 1 skipped
C:\TEMP\Program Files\Norton AntiVirus\Quarantine\4EBF0525/Bill.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\TEMP\Program Files\Norton AntiVirus\Quarantine\4EBF0525 ZIP: infected - 1 skipped
C:\TEMP\Program Files\Norton AntiVirus\Quarantine\4EBF0525 CryptFF: infected - 1 skipped
C:\TEMP\Program Files\Norton AntiVirus\Quarantine\628340A7/nbmtpx.exe Suspicious: Password-protected-EXE skipped
C:\TEMP\Program Files\Norton AntiVirus\Quarantine\628340A7 ZIP: suspicious - 1 skipped
C:\TEMP\Program Files\Norton AntiVirus\Quarantine\628340A7 CryptFF: suspicious - 1 skipped
C:\TEMP\Program Files\Norton AntiVirus\Quarantine\62C8325B/archsb.exe Suspicious: Password-protected-EXE skipped
C:\TEMP\Program Files\Norton AntiVirus\Quarantine\62C8325B ZIP: suspicious - 1 skipped
C:\TEMP\Program Files\Norton AntiVirus\Quarantine\62C8325B CryptFF: suspicious - 1 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\konsarad.dll Infected: Trojan-Downloader.Win32.Peregar.do skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{656383EB-142D-4AB9-BE2C-EF29134E7989}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Hi


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file & a fresh hjt log in your next reply.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:31 PM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.twp.ezt.on.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt2] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [antispy] C:\Program Files\MalwareBell\malwarebell.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: SmartUI.lnk = C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10068 bytes








Malwarebytes' Anti-Malware 1.11
Database version: 709

Scan type: Full Scan (C:\|)
Objects scanned: 114661
Time elapsed: 1 hour(s), 2 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\konsarad.dll (Trojan.FakeAlert) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\cdx.videostream (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ac16362b-5edf-4e46-b7f6-ec24bb76e8c4} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{ac16362b-5edf-4e46-b7f6-ec24bb76e8c4} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ac16362b-5edf-4e46-b7f6-ec24bb76e8c4} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\konsarad.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Ken\Local Settings\Temp\WinAntiSpyware2006Setup.exe (Heuristics.Malware) -> No action taken.

Hi

Malwarebytes anti-malware log shows that you didn't quarantine the items (not taken -status in the log). If that's case please run MBAM again and this time quarantine all the findings.

Then start hjt, do a system scan, check:
O4 - HKCU\..\Run: [antispy] C:\Program Files\MalwareBell\malwarebell.exe

Close browsers and other windows. Click fix checked.

Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Delete following folder if found:
C:\Program Files\MalwareBell


Empty Norton quarantine items and then run Kaspersky online scanner again (full scan). Post its report & a fresh hjt log.

Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.