Outlook and other problems....

Hi Dave,

I see the New Thread button now....sorry, I must have in the panic mode right now! Do you think the malware/ spyware/ whatever ware affects the Outlook as well (cannot send/ receive emails and too long then crash) and also cannot open webpage (error must be closed kinda thing). What should I delete from the logfile? Thx & God bless.

Please post the log file here.

Hi Dave,

This is for the comp that has Outlook problem...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://seek.3721.com/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://seek.3721.com/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://seek.3721.com/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;http://localhost;
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SideStep Browser Helper - {08351227-6472-43BD-8A40-D9221FF1C4CE} - C:\WINDOWS\Downloaded Program Files\SbCIe027.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: 3721CMail - {6231D512-E4A4-4DF2-BE62-5B8F0EE348EF} - C:\PROGRA~1\3721\Ces\cesweb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A1626E66-B26B-C628-A1DF-BDACCFA26EE1} - C:\Program Files\Common Files\Relive.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C1626E66-C26B-C628-E1DF-CDACCFA26EE1} - C:\Program Files\Common Files\goskdl.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O2 - BHO: (no name) - {D3626E66-B13B-C628-ACDF-BDABCFA265E1} - C:\Program Files\Common Files\Relive.dll
O2 - BHO: (no name) - {D7515C61-A66C-4319-A0E0-D416CB8059E3} - C:\Program Files\Common Files\Relive.dll
O2 - BHO: (no name) - {E3616E66-C13B-2628-2CDF-EDABCFA235E1} - C:\Program Files\Common Files\Relive.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [D-Link AirPlus Xtreme G] C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [wosa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\woso.exe
O4 - HKLM\..\Run: [ztsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\ztso.exe
O4 - HKLM\..\Run: [mhsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\mhso.exe
O4 - HKLM\..\Run: [fysa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\fyso.exe
O4 - HKLM\..\Run: [jtsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\jtso.exe
O4 - HKLM\..\Run: [wlsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\wlso.exe
O4 - HKLM\..\Run: [wgsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\wgso.exe
O4 - HKLM\..\Run: [wmsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\wmso.exe
O4 - HKLM\..\Run: [qjsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\qjso.exe
O4 - HKLM\..\Run: [rxsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\rxso.exe
O4 - HKLM\..\Run: [wdsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\wdso.exe
O4 - HKLM\..\Run: [tlsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\tlso.exe
O4 - HKLM\..\Run: [dasa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\daso.exe
O4 - HKLM\..\Run: [zxsa] C:\DOCUME~1\sbtar\LOCALS~1\Temp\zxso.exe
O4 - HKLM\..\Run: [aslkgadlkgsl1] C:\WINDOWS\system32\oigdfgdfl1.exe
O4 - HKLM\..\Run: [asgfdjs2] C:\WINDOWS\system32\vbsdaas2.exe
O4 - HKLM\..\Run: [askasdkcl3] C:\WINDOWS\system32\faskflxld3.exe
O4 - HKLM\..\Run: [asfkafsk4] C:\WINDOWS\system32\fdaolfdos4.exe
O4 - HKLM\..\Run: [sakdasksd5] C:\WINDOWS\system32\eksdlfs5.exe
O4 - HKLM\..\Run: [daskaskfsak6] C:\WINDOWS\system32\dsfids6.exe
O4 - HKLM\..\Run: [xcxdsaa7] C:\WINDOWS\system32\slcskxsdl7.exe
O4 - HKLM\..\Run: [afskfask8] C:\WINDOWS\system32\fsfjasj8.exe
O4 - HKLM\..\Run: [akgkagaksad9] C:\WINDOWS\system32\fsakfask9.exe
O4 - HKLM\..\Run: [xzkadsfk10] C:\WINDOWS\system32\afslkfasl10.exe
O4 - HKLM\..\Run: [faslkakj11] C:\WINDOWS\system32\kjgagklj11.exe
O4 - HKLM\..\Run: [gadkgak12] C:\WINDOWS\system32\fsafsakx12.exe
O4 - HKLM\..\Run: [asdsaxcxz13] C:\WINDOWS\system32\dasxcsx13.exe
O4 - HKLM\..\Run: [dsadlsa14] C:\WINDOWS\system32\dsakfsak14.exe
O4 - HKLM\..\Run: [daskgfkkcx15] C:\WINDOWS\system32\dasdsaads15.exe
O4 - HKLM\..\Run: [sakdasj6ksd5] C:\WINDOWS\system32\e656lklfs5.exe
O4 - HKLM\..\Run: [apadslasla13] C:\WINDOWS\system32\alsdlaslx13.exe
O4 - HKLM\..\Run: [gajklgasjlkga] C:\WINDOWS\system32\aglajgkd16.exe
O4 - HKLM\..\Run: [AVPMH] C:\WINDOWS\system32\AVPMH.exe
O4 - HKLM\..\Run: [RAVQJMON] C:\Program Files\Internet Explorer\RAVQJMON.exe
O4 - HKLM\..\Run: [RAVZTMON] C:\Program Files\Internet Explorer\RAVZTMON.exe
O4 - HKLM\..\Run: [AVPZX] C:\WINDOWS\Fonts\AVPZX.exe
O4 - HKLM\..\Run: [AVPDH] C:\WINDOWS\system32\AVPDH.exe
O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe
O4 - HKLM\..\Run: [AVPWD] C:\WINDOWS\system32\AVPWD.exe
O4 - HKLM\..\Run: [AVPWL] C:\WINDOWS\system32\AVPWL.exe
O4 - HKLM\..\Run: [RAVJZMON] C:\Program Files\Internet Explorer\RAVJZMON.exe
O4 - HKLM\..\Run: [WinForm] C:\WINDOWS\WinForm.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exe
O4 - HKLM\..\Run: [RAVWDMON] C:\Program Files\Internet Explorer\RAVWDMON.exe
O4 - HKLM\..\Run: [RAV00A0] C:\WINDOWS\system32\RAV00A0.exe
O4 - HKLM\..\Run: [RAVWLMON] C:\Program Files\Internet Explorer\RAVWLMON.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe027.dll
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm...&btn=yahoomail (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfc...allyesPara=816 (file missing)
O9 - Extra button: 3721CMail - {5D73EE86-05F1-49ed-B850-E423120EC329} - http://cmail.3721.com?fb=client (file missing)
O9 - Extra button: Yahoo Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm...ns&btn=yassist (file missing)
O9 - Extra button: (no name) - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mssql.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mssql.dll
O11 - Options group: [!CNS] Chinese keywords
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://sterlingstone.dipmap.com:85/c...ecker_6100.cab
O16 - DPF: {538FDFF9-E76D-490A-96E6-DC5BE86E27CA} (Export.ctlExport) - http://intra.strongjewel.com/strong/.../prjExport.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094063150316
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {C72242D0-3AB5-453D-842C-8A3C9AC0838D} - http://download.sidestep.com/get/k00719/sb027.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://sterlingstone.dipmap.com:85/c...dFile_6100.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?319
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: mydpri.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO. EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID. EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Hi Dave,

Howcome the logfile doesn't show here? Another comp is having problem with webpages...they all push me to the edge. I want to bury my head in the sand right now actually. Do I have to notify the admin why the logfile doesn't show up?

Incomplete log.

New users cannot post live links to combat spam.

I am the admin here, i have just validated the post.

Also, calm down mate, these things take time and I'd advise to do one PC at a time.

How many PCs do you have?

Hi evilFantasy,

Finally the logfile showed up...what do you mean incomplete? That's from the HJT logfile....the problem is with outlook (cannot receive/ send emails, very very long then crash). The other comp problem is with opening webpages (error must be closed program). Thx so much, please let me know what to do....

O sorry Dave,

It's because they call me up & down the stair....one problem after another, I just got here (for God sake). Well, I think there're about 12 maybe 3 more, but the network not stable, so I could not see all of them right now. Thx a bunch guys, my fingers r sweating a bit.

12 PCs?

Yikes.

Looks like you have a few busy days EF!

On another note feel free to make a donation.

This site is primarily intended to help the standalone home user, not big business.

Fixing 12 machines is pushing it a bit.

The log is missing the top part. It should start with Logfile of Trend Micro HijackThis v2.0.2

Also, HijackThis (HJT) logs are a tool to help identify potential problems. It is not a cure for spyware and virus. Simply deleting the entries is the first step in getting rid of the problem. Your other two posts are not completed and the problems are likely to come right back unless followed through with additional instruction. I understand your at work and time is at at premium. But unless all steps are followed through the problems will continue.

What I am going to suggest is find a new IT guy and quick. Even if you have to call in a 24 hour Tech like Geek Squad. No reliable Antivirus/Firewall is one thing. But you are putting not only your company but your clients information at risk in the state the computers are under.

There is no way we can do 12 computers at once in these forums.
If you want to tackle one at a time I will help if it is OK with Dave.

OK Dave & evilFan,

I'll ask the manager for the donation, but in the meantime any solution that I have to do? Sorry evil, ya..there's the top portion....here you go

Logfile of HijackThis v1.99.1
Scan saved at 9:52:50 AM, on 8/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\winow.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\dhdins.exe
C:\WINDOWS\system32\mydins.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\wmsj.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft Office\Office\1033\msohelp.exe
C:\WINDOWS\system32\dhdins.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\DOCUME~1\sbtar\LOCALS~1\Temp\ck3.jpg.exe
C:\DOCUME~1\sbtar\LOCALS~1\Temp\c8.jpg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\sbtar\LOCALS~1\Temp\Rar$EX02.625\Hijac kThis.exe

I don't want to stop people getting help.

But, this site is intended to help people who are not in a position to call an engineer @ up-to £100PH, or people who are willing to help others in return for getting help.

Fixing 12 machines takes considerable time, it means the volunteers here are busy with one person when they could better spend their time with many more.

Calling an engineer out would probably cost anything around £1000 for 12 machines, so on that basis together with the fact you are from a big company who lets be honest is probably not short on cash it would be unfair on the whole community to not insist on making a donation.

Thanks.

First, is the Norton/Symantec up to date and working?

Go into add/remove programs and see if anything you know shouldn't be there has been installed that you can un-install.

If you don't have Spybot Search & Destroy please download/install it. Here
Check for updates now and get any updates.
Look for the Immunize feature in Spybot and use it.
Do not use the Teatimer function.
Run Spybot and let it fix what it finds

Then post a fresh HJT log.