for months any windows update link goes to msn.com- help

i ran that program- it found i think 26 baddies- so i removed then rebooted- went to windows update site and the page loaded, but an error occured ( i think its an active x problem, i cant get the active x prompt to run it no matter what i do or what page im on now) then when i closed IE and tried again it goes right to msn again.

Lisa..

After you ran the scan and removed the "26 baddies", did you run another scan to make sure you're completely clean?

You wrote that the page loaded, but "an error occurred". Do you happen to know what that error was? You also said you "can't get the active x prompt to run it". Are you having problems with all ActiveX's, or just with Windows Updates? Can you get the updates, if you set them to install automatically? Whether or not it makes a difference, I don't know. But a little more information might help.

When you open IE and go to Tools>Internet Options>Security Tab and click on Trusted Sites, then the "sites" button, do you show the following on the list?

http://*.update.microsoft.com
https://*.update.microsoft.com
http://download.windowsupdate.com

If it is an ActiveX issue, when you click on custom level, on the security tab, are you sure you have the correct Active X setttings?

Download Signed ActiveX controls
Download Unsigned ActiveX controls
Initialize and script ActiveX controls not marked as safe
Run ActiveX controls and plug-ins
Script ActiveX controls marked safe for scripting

If you are getting a specific error, see if anything here helps:

http://support.microsoft.com/?kbid=883821

In lieu of asking unrelated questions, it might help to know what the error message was. I see other's with the same problem, each with a different way of dealing with it.

on the windows update error it just sais this
The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.
For self-help options:

Frequently Asked Questions

Find Solutions

Windows Update Newsgroup
For assisted support options:

Microsoft Online Assisted Support
I still get this after changing the setting in my security about the active x as you suggested- i still do not even get the active x yellow warning at the top of th window.

i reran that scan malware thing and both scans find the following - seems to come back after i reboot

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{101e9aeb-9fc1-4eb4-a72e-c3f0a5f8462e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.59 85.255.112.126 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{101e9aeb-9fc1-4eb4-a72e-c3f0a5f8462e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.59 85.255.112.126 -> No action taken.

those 2 files are in both the reports from the scans. its like it keesp coming back at boot up?

i asked the program to remove all teh bad ones but i dont think it removed these.

running a third scan to see if they are found again.avast doesnt see these 2 files or this trojan at all i think.

i tried to run F-Secure Online Virus Scanner but due to the active x problem i cant run anything. i am googling how to solve the ctive x problem- not sure what sites to trust for info anymore exept here.

'I still get this after changing the setting in my security about the active x as you suggested'

Sorry, I must have overlooked the above. I meant for you to look at those specifically. Are they all at the default settings, or did you change them?

they were default - i changed them and can set them back- but that didnt help. i printed the post and am trying all that now. i managed to get the adaware 2008 freeware download to start so i will try that too- teh other adaware i had wouldnt update- sounds to me now this whole mess is that virus blocking me no matter what i try. lol. will follow teh instructions in the posts and let ya know how it went- thanks so much all for teh help.

Lisa..

It's my feeling you first need to deal with the Trojan.DNSChanger entries MBAM found, before proceeding further. One of the developers of MBAM claims it removes Trojan.DNSChanger, but I'm not sure that's the case. You might want to give it one more try.

Did run the scan in Safe Mode, as I suggested above? Before running another scan in Safe Mode with MBAM, unhide your files and folders. Also disable System Restore. (Something you would have needed to do eventually, had the infections you removed found their way into your restore points) You'll need to re-enable it when all is done. You mentioned you ran CCleaner at one point. You might want to run it again, after scanning.

Lisa, there's one other thing you could check, which seemed to have helped some in your same situation. Go to the Control Panel>Network Connections>Local Area Connection. Click on it's Properties. On the General Tab highlight "Internet Protocol (TCP/IP)". After clicking the Properties button there should be a tick mark next to ""Obtain DNS server address automatically". The user at this forum, found it had been changed to "Use the following DNS server addressess" (with addresses entered), instead. I'm NOT saying this will turn things around for you, but something you might want to look into.

Marianna may have some other recommendations. Otherwise, I would suggest posting a HijackThis log, whether any of the above helps, or not. It enables those who analyze them, to have a complete and thorough look at what's going on. And to also use tools we don't use here. We don't analyze HJT logs at this forum, but you'll find a list which do at the below link, along with instructions on how to download and install HJT.

http://forums.cnet.com/5208-4_102-0.html?forumID=32&threadID=255339&messageID=2533167

I wish you the very best of luck..
Carol

i just wanted to thank everyone for helping me- im sorry also if i caused a stir here. this bug is now gone....... and i actually got the windows update site to work..all my pages now load without errors. im so thrilled- and thank you for recommending 2 great programs and a site that could help one on one. that along with this great forum here sure got me out of an aggrevating spot.
ok im headed back to update every dang anti type program i have- going to be even more cautious now.. again, thanks so much, everyone.

Lisa..

You didn't cause a stir. We're just glad you were able to get "up and running". I would wait just a bit longer, to see if TomK has anything else to suggest or add. He may even have you post one last log, just to be 100% sure. I don't know. But generally, the helpers will post back, after suggesting you run a scan. Meanwhile, you did some good work!

Stay safe and clean..
Carol

Lisa..

Have a look here.

"Error message when you try to install updates from the Windows Update Web site on a Windows XP-based computer: "Windows Update has encountered an error and cannot display the requested page""

http://support.microsoft.com/?kbid=914226

ok the latest in safe mode scan came up clean 0 items found- ran it again after a normal boot- came up clean again.
so now im going to try the article about fixing the windows update error - thanks so much

You "did good"! If you are clean, and what's in article doesn't help, there may be some other things to try. I'm keeping my fingers crossed... as I call it night. Don't get yourself into trouble while I'm gone.

Those are registry entries.
Did MBAM remove any files? That problem usually has a hidden file component.

If not, I suggest following Carol's instructions to post a HijackThis log. Here is Trend Micro's list of malware removal forums:
http://hjt-data.trend-braintree.com/hjt/analyzethis/index.php?report=7784239

so far it only found those 2 and did remove them... so far.. im scanning again. i set the comp to show all files and hidden files. just finished... they are back.

ok on a side note how do I find the run command on xp? so i can fix the windows update mess.
ive searched high and low-

ok headed to the Hijack option now. since these boogers wont go away.lol.

You're searching too low. The answer is higher. And just a little deeper.

ive had this dang comp 2 years- i never saw that "run" before- lol- i looked over and there it was ,after your clues jump started my brain again. ,- thanks- ok i ran the hijackthis- wow- what a mess i think i have- i didnt think i could post th resultshere so i joined one of the forums there and posted it there- those 2 baddies are back again- i also saw some other strange files in there- will post back with results on this and the windows update thing when its fixed - thanks again so much.

Glad to see that you were able to get your log posted. As I mentioned in my other post that included a link to a fix in progress, others are having this problem as well, so you are not alone. I'm sure your problem will be resolved soon.

ok i can now get windows update to open and not in msn anymore- yaaa. but its to this error
The website has encountered a problem and cannot display the page you are trying to view. Take the following steps to try solving the problem:
Refresh the page.
In Internet Explorer, delete your Temporary Internet Files by going to the Tools menu and clicking Internet Options.
Close and then re-open Internet Explorer.

Internet Explorer (Add-ons Disabled) mode only prevents the use of ActiveX controls, including those used by the Microsoft Update website. To get updates using this browser mode, you need to turn on Automatic Updates on your computer or visit the Windows Update website.
now i dont have any add ons disabled in internet explorer that i can find- so wierd .i have aytoupdates on in my comp- but i cant get any updtes either way.

I suggest mentioning this to your helper who is working with you on your log. If you posted your log at one of the forums listed on the Trend Micro page you are in good hands.

i must have mentioned the update and axtivex thing over there- right now they have me clearing and updating my java- apparently mine was old . i wonder if thats how those boogers got in? my fault for putting off teh update java window i was getting. - thanks so much for the help-

I'm glad to hear my clues "jump started" your brain. I had faith that you'd figure it out in .. "no time flat"!

I hope you get things cleared up soon..

Good luck...
Carol

Same problems as Lisa - only on a new build computer, and virgin HDD - known working (kosher!) MS XP PRo SP2 etc - all the time (8 at least) over the last week, no windows update - goes to MSN - and even Java comes up with somewhere in the US - about to run malware etc as suggested - but saw the suggestion taht it may have been the router - I'm fortunate - I've got cable and phone broadband - chaneg to cable and hey presto! I can access the update site and everything is hunky dory - now formatting my new 1Tb drive for the NINTH time (have you any idea how long that takes - 'cause I do!) to do a fresh install! I'll have words with the ISP in the morning - STRONG ones! Hope this may help anyone who stumbles across this excellent forum - thanks for all the hints and advice - Lisa can you take your computer to another location and try it? Many, Many thanks to everyone who's contributed!

Your problem is absolutely like me if you can solve it please tell me.

Your problem may not be the exact same problem as hers, but if it is, and you wish to know how she solved her's, it's mentioned in the last paragraph of the above post. She downloaded and installed HijackThis. As per the instructions in the below thread.

http://forums.cnet.com/5208-4_102-0.html?forumID=32&threadID=255339&messageID=2533167

She then went to one of the forums on left side of the page on the following list. (We don't analyze them here, hence the list)

http://hjt-data.trend-braintree.com/hjt/analyzethis/index.php

Hope this helps..
Carol

I use the Hijack This to scan then I don't know what to fix please tell me what to fix and this is the logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:36, on 10/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svcadmin.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sasawat's Enterprise
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.1.1.44:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdsrs.exe] C:\WINDOWS\system32\kdsrs.exe
O4 - HKLM\..\Run: [RemoteControl "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9415116F-78E2-4E92-8A3D-1D796ACDEA36}: NameServer = 85.255.115.37,85.255.112.144
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 12911 bytes

While I think it's best to leave HJT reading to HJT forums.

1. Is that the NY DOWNLOADER TROJAN?
2. Does Windows Defender and Norton co-exist?
3. Why is the machine so "loaded"? Why not downsize to something less complicated?

How to post a HJT forums?

But your answer is at http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=255339&messageID=2533167&tag=forums06;forum-threads with 6 possible forums to work with.