Antivirus Protection
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationAntivirus Protection
Reload this Page

Searchweb2 virus infection

Discuss Searchweb2 virus infection in the Antivirus Protection forum on Dev Shed.
Searchweb2 virus infection Antivirus Protection forum discussing issues relating to antivirus programs, spyware, hijack protection, and personal firewalls for all operating systems. Keep your systems protected from hackers and other hazards.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Page 1 of 2 1 2 >
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old January 18th, 2005, 03:15 PM
Jonsey Jonsey is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jan 2005
Location: Gloucester, England
Posts: 60 Jonsey User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 7 h 56 m 54 sec
Reputation Power: 4
Question Searchweb2 virus infection
Hope you guys can help. Searchweb adverts appear on my browser. Most annoying. Can you help me get rid of it. Happy to send latest hijack this logfile to anyone who can help

It was too long to be included on this posting - not sure how to get within the 10000 charcters


Thanks
Reply With Quote
  #2  
Old January 18th, 2005, 03:24 PM
JuanCarlos JuanCarlos is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Dec 2004
Location: South of ENGLAND!!!
Posts: 43 JuanCarlos User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 30 m 37 sec
Reputation Power: 4
Hi Jonsey

Id like to give a shot at helping you, I used to be infected with the SW2/LOP and successfully got rid of it. So, if you'd like to post your logfile, Id be happy to take a look at it

About what you said "It was too long to be included on this posting - not sure how to get within the 10000 charcters" well I should just paste it within several posts, its not unusual for people to do this

JuanCarlos
Reply With Quote
  #3  
Old January 18th, 2005, 03:51 PM
Jonsey Jonsey is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jan 2005
Location: Gloucester, England
Posts: 60 Jonsey User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 7 h 56 m 54 sec
Reputation Power: 4
Hi Juancarlos - Thanks for the quick reply.
Logfile of HijackThis v1.99.0
Scan saved at 21:27:26, on 17/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\qttask.exe
C:\PROGRA~1\ACDSYS~1\ACDSee\CAMDET~1.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Jessops\Picture Suite\InsDetect.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\DOCUME~1\RORYJO~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[2].zip\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.kxazyawpymxpqoyeiokcre.us/apEt8j_S_cZNNwlFQ5455LKEtXGUEonBmxWibEPpgpaVfYnIfIa1QzTtNb7t3FzE.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\ACDSee\CAMDET~1.EXE
O4 - HKLM\..\Run: [Tesco.net] rundll32 C:\PROGRA~1\Tesconet\RyDial.dll,QuickStart
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Jessops Insert Detect] C:\Program Files\Jessops\Picture Suite\InsDetect.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [Ez-Emoticons] C:\Documents and Settings\Rory Jones\My Documents\Becky\EZ Emoticons\EZ.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Peakseek] C:\DOCUME~1\RORYJO~1\APPLIC~1\CHINAT~1\shim enc.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?


I will send the rest of the log with next response
Reply With Quote
  #4  
Old January 18th, 2005, 03:51 PM
Jonsey Jonsey is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jan 2005
Location: Gloucester, England
Posts: 60 Jonsey User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 7 h 56 m 54 sec
Reputation Power: 4
Here's the rest

O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZGzeb001
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\euro-libremp3-uk\index.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4E544C53-6967-6E02-BBAD-233AD71832A8} (NTLSignup1 Class) - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13b213d4c5fe66b8ed22/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E593E20B-B77A-4572-8931-F82D59D1BC5C}: NameServer = 194.168.4.100 194.168.8.100
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoBack Polling Service - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: IS Service - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Reply With Quote
  #5  
Old January 18th, 2005, 04:30 PM
JuanCarlos JuanCarlos is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Dec 2004
Location: South of ENGLAND!!!
Posts: 43 JuanCarlos User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 30 m 37 sec
Reputation Power: 4
Well, a few things have caught my attention but I want to clear the issue just in case they're perfectly legitimate files and Im being paranoid :P

Ok, first one: http://www.musicnotes.com/download/mnviewer.cab

should I be worried? I've heard of such music sites downloading malware although most are legitimate but just to be on the safe side

Reply soon, and we can start cleaning your computer!!

JuanCarlos
Reply With Quote
  #6  
Old January 18th, 2005, 05:14 PM
Jonsey Jonsey is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jan 2005
Location: Gloucester, England
Posts: 60 Jonsey User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 7 h 56 m 54 sec
Reputation Power: 4
http://www.musicnotes.com/download/mnviewer.cab

I don't recognise this download - was probably downloaded by a younger member of the family. We don't believe this to be a significant file and see no reason not to delete it as part of the clean up process.

Must go now and will log in again tomorrow. Many thanks for getting started on this.
Reply With Quote
  #7  
Old January 19th, 2005, 10:51 AM
JuanCarlos JuanCarlos is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Dec 2004
Location: South of ENGLAND!!!
Posts: 43 JuanCarlos User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 30 m 37 sec
Reputation Power: 4
Your welcome

Please post a fresh HijackThis log as some of the processes shown will have changed by now

JuanCarlos
Reply With Quote
  #8  
Old January 19th, 2005, 03:31 PM
Jonsey Jonsey is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jan 2005
Location: Gloucester, England
Posts: 60 Jonsey User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 7 h 56 m 54 sec
Reputation Power: 4
Hi

have just run recent log and will send in two parts. Here goes:

Logfile of HijackThis v1.99.0
Scan saved at 21:26:39, on 19/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\qttask.exe
C:\PROGRA~1\ACDSYS~1\ACDSee\CAMDET~1.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Jessops\Picture Suite\InsDetect.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\RORYJO~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ngjqblraalfnzac.com/apEt8j_S_cZNNwlFQ5455LKEtXGUEonBmxWibEPpgpZ0YH61lgIDvzTtNb7t3FzE.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\ACDSee\CAMDET~1.EXE
O4 - HKLM\..\Run: [Tesco.net] rundll32 C:\PROGRA~1\Tesconet\RyDial.dll,QuickStart
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Jessops Insert Detect] C:\Program Files\Jessops\Picture Suite\InsDetect.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [Ez-Emoticons] C:\Documents and Settings\Rory Jones\My Documents\Becky\EZ Emoticons\EZ.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Peakseek] C:\DOCUME~1\RORYJO~1\APPLIC~1\CHINAT~1\shim enc.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZGzeb001
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\euro-libremp3-uk\index.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Reply With Quote
  #9  
Old January 19th, 2005, 03:33 PM
Jonsey Jonsey is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jan 2005
Location: Gloucester, England
Posts: 60 Jonsey User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 7 h 56 m 54 sec
Reputation Power: 4
here's the next section
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4E544C53-6967-6E02-BBAD-233AD71832A8} (NTLSignup1 Class) - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13b213d4c5fe66b8ed22/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E593E20B-B77A-4572-8931-F82D59D1BC5C}: NameServer = 194.168.4.100 194.168.8.100
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoBack Polling Service - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: IS Service - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Reply With Quote
  #10  
Old January 19th, 2005, 04:18 PM
JuanCarlos JuanCarlos is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Dec 2004
Location: South of ENGLAND!!!
Posts: 43 JuanCarlos User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 30 m 37 sec
Reputation Power: 4
It would be a good idea to print these instructions or make a note of them as you wont be connected to the internet when your repairing your PC

First, it would be an idea to move HijackThis into a folder of its own. Go into My Computer, Program Files, right click and create a new folder, call it HJT and move HijackThis into that folder. While your on My Computer it might be an idea to show all hidden system files. Go onto the ordinary My Computer screen
Tools
Folder Options
View

and put "Show hidden files and folders" on, then uncheck "Hide extensions for known file types" and "Hide operating system files". Click apply.

Now, reboot in Safe Mode, to do this press F8 as your machine is starting and select Safe Mode

Right, now run HijackThis, look for the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ngjqblraalfnzac.com/apEt8j_S_cZNNwlFQ5455LKEtXGUEonBmxWibEPpgpZ0YH61lgIDvzTtNb7t3FzE.html

Put a check next to it and select "Fix Checked" to remove it

Now, look for and delete the following:

C:\DOCUME~1\RORYJO~1\APPLIC~1\CHINAT~1\shim enc.exe
C:\PROGRA~1\ACDSYS~1\ACDSee\CAMDET~1.EXE

Ok, now go into Start, select "Run" and type in "cleanmgr" (without the " marks). Select the Drive to clean (Drive C) and get it to clean the Recycle Bin, Temporary Files and Temporary Internet Files. Run Microsoft Antispyware and allow it to clean up.

Next, reboot normally and run HijackThis, please post a fresh log for checking.

Let me know what happens

JuanCarlos
Reply With Quote
  #11  
Old January 19th, 2005, 06:29 PM
Jonsey Jonsey is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jan 2005
Location: Gloucester, England
Posts: 60 Jonsey User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 7 h 56 m 54 sec
Reputation Power: 4
Thanks.

Have attempted to follow your instructions except I did not delete C:\PROGRA~1\ACDSYS~1\ACDSee\CAMDET~1.EXE as i think this refers to my camera software. No sign of the virus yet - but it does have a habit of reapearing. microsoft antivirus did have to clean out a hijack from the registry keys - so it may reemerge but i hope not.

Here's the log
Logfile of HijackThis v1.99.0
Scan saved at 00:21:28, on 20/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\qttask.exe
C:\PROGRA~1\ACDSYS~1\ACDSee\CAMDET~1.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Jessops\Picture Suite\InsDetect.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\DOCUME~1\RORYJO~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tesco.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

Second part to follow
Reply With Quote
  #12  
Old January 19th, 2005, 06:31 PM
Jonsey Jonsey is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jan 2005
Location: Gloucester, England
Posts: 60 Jonsey User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 7 h 56 m 54 sec
Reputation Power: 4
Second part

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\ACDSee\CAMDET~1.EXE
O4 - HKLM\..\Run: [Tesco.net] rundll32 C:\PROGRA~1\Tesconet\RyDial.dll,QuickStart
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Jessops Insert Detect] C:\Program Files\Jessops\Picture Suite\InsDetect.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [Ez-Emoticons] C:\Documents and Settings\Rory Jones\My Documents\Becky\EZ Emoticons\EZ.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZGzeb001
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\euro-libremp3-uk\index.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4E544C53-6967-6E02-BBAD-233AD71832A8} (NTLSignup1 Class) - https://tesco.autoregister.net/tesco/NTLSignup.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13b213d4c5fe66b8ed22/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E593E20B-B77A-4572-8931-F82D59D1BC5C}: NameServer = 194.168.4.100 194.168.8.100
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoBack Polling Service - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: IS Service - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Fingers crossed - I will follow up again tomorrow.
Kind regards
Reply With Quote