Spyware, Viruses, & Security forum

General discussion

for months any windows update link goes to msn.com- help

by Lisa / October 18, 2008 5:05 PM PDT

Ive tried everything to fix this- no matter where i click a link to get windows update page it goes right to msn.com- ive even uninstalled avg and zonealarm and turned off windows firewall- no luck- i even reset IE7 back to manufacturers settngs- no luck-
ive run online virusscans- nothing- ccleaner- no luck- im at a loss. turned all my securities to low- still msn.com no matter what- i just dont know what to try-

windows xp- IE7, za up to date- new avast free up to date- had to run live clean sweep a few times- still cant get to windows update- can it have something to do with active x? im stumped (again)

Discussion is locked
You are posting a reply to: for months any windows update link goes to msn.com- help
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: for months any windows update link goes to msn.com- help
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Follow the instructions...
by jahnjahn / October 18, 2008 6:57 PM PDT

to install and scan with Malwarebytes Anti-Malware in post 2 HERE.

If still no joy open your Hosts file (with Notepad) at C:\Windows\system32\drivers\etc. Normally, each entry will begin with 127.0.0.1. If not, post the odd entry/ies back on this thread. Ignore the lines that begin with #.

Collapse -
Re: Windows Update redirected to msn.com
by Carol~ Moderator / October 18, 2008 7:08 PM PDT

Lisa..

Did you try scanning with Malwarebytes' Anti-Malware? You might want to try installing it and scanning in Safe Mode. (Safe Mode isn't imperative, but it would help) MBAM has shown to help some user's with the same problem as you're experiencing. Hopefully, it will do the same for you.

Download Malwarebytes Anti-Malware from:
http://www.besttechie.net/tools/mbam-setup.exe

Or from MajorGeeks:
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

'Double Click mbam-setup.exe to install the application.

-Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
-If an update is found, it will download and install the latest version.
-Once the program has loaded, select Perform QUICK Scan, then click Scan.
-The scan may take some time to finish,so please be patient.
-When the scan is complete, click OK
-On the main scanner screen, click on Show Results to view what was detected.
-Make sure that everything is checked, and click Remove Selected.
-When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.

**If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll'

Let us know if it helps. If it doesn't, there ARE additional options available to you which will.

Best of luck..
Carol

Collapse -
no luck yet
by Lisa / October 19, 2008 4:07 AM PDT

i ran that program- it found i think 26 baddies- so i removed then rebooted- went to windows update site and the page loaded, but an error occured ( i think its an active x problem, i cant get the active x prompt to run it no matter what i do or what page im on now) then when i closed IE and tried again it goes right to msn again.

Collapse -
Re: No luck yet
by Carol~ Moderator / October 19, 2008 9:21 AM PDT
In reply to: no luck yet

Lisa..

After you ran the scan and removed the "26 baddies", did you run another scan to make sure you're completely clean?

You wrote that the page loaded, but "an error occurred". Do you happen to know what that error was? You also said you "can't get the active x prompt to run it". Are you having problems with all ActiveX's, or just with Windows Updates? Can you get the updates, if you set them to install automatically? Whether or not it makes a difference, I don't know. But a little more information might help.

When you open IE and go to Tools>Internet Options>Security Tab and click on Trusted Sites, then the "sites" button, do you show the following on the list?

http://*.update.microsoft.com
https://*.update.microsoft.com
http://download.windowsupdate.com

If it is an ActiveX issue, when you click on custom level, on the security tab, are you sure you have the correct Active X setttings?

Download Signed ActiveX controls
Download Unsigned ActiveX controls
Initialize and script ActiveX controls not marked as safe
Run ActiveX controls and plug-ins
Script ActiveX controls marked safe for scripting

If you are getting a specific error, see if anything here helps:

http://support.microsoft.com/?kbid=883821

In lieu of asking unrelated questions, it might help to know what the error message was. I see other's with the same problem, each with a different way of dealing with it.

Collapse -
ok followed the instructions
by Lisa / October 19, 2008 9:55 AM PDT
In reply to: Re: No luck yet

on the windows update error it just sais this
The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.
For self-help options:

Frequently Asked Questions

Find Solutions

Windows Update Newsgroup
For assisted support options:

Microsoft Online Assisted Support
I still get this after changing the setting in my security about the active x as you suggested- i still do not even get the active x yellow warning at the top of th window.

i reran that scan malware thing and both scans find the following - seems to come back after i reboot

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{101e9aeb-9fc1-4eb4-a72e-c3f0a5f8462e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.59 85.255.112.126 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{101e9aeb-9fc1-4eb4-a72e-c3f0a5f8462e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.59 85.255.112.126 -> No action taken.

those 2 files are in both the reports from the scans. its like it keesp coming back at boot up?

i asked the program to remove all teh bad ones but i dont think it removed these.

running a third scan to see if they are found again.avast doesnt see these 2 files or this trojan at all i think.

Collapse -
cant run anything
by Lisa / October 19, 2008 10:28 AM PDT

i tried to run F-Secure Online Virus Scanner but due to the active x problem i cant run anything. i am googling how to solve the ctive x problem- not sure what sites to trust for info anymore exept here.

Collapse -
You changed the ActiveX settings?
by Carol~ Moderator / October 19, 2008 12:18 PM PDT
In reply to: cant run anything

'I still get this after changing the setting in my security about the active x as you suggested'

Sorry, I must have overlooked the above. I meant for you to look at those specifically. Are they all at the default settings, or did you change them?

Collapse -
settings
by Lisa / October 19, 2008 12:42 PM PDT

they were default - i changed them and can set them back- but that didnt help. i printed the post and am trying all that now. i managed to get the adaware 2008 freeware download to start so i will try that too- teh other adaware i had wouldnt update- sounds to me now this whole mess is that virus blocking me no matter what i try. lol. will follow teh instructions in the posts and let ya know how it went- thanks so much all for teh help.

Collapse -
Re: Ok followed instructions
by Carol~ Moderator / October 19, 2008 11:57 AM PDT

Lisa..

It's my feeling you first need to deal with the Trojan.DNSChanger entries MBAM found, before proceeding further. One of the developers of MBAM claims it removes Trojan.DNSChanger, but I'm not sure that's the case. You might want to give it one more try.

Did run the scan in Safe Mode, as I suggested above? Before running another scan in Safe Mode with MBAM, unhide your files and folders. Also disable System Restore. (Something you would have needed to do eventually, had the infections you removed found their way into your restore points) You'll need to re-enable it when all is done. You mentioned you ran CCleaner at one point. You might want to run it again, after scanning.

Lisa, there's one other thing you could check, which seemed to have helped some in your same situation. Go to the Control Panel>Network Connections>Local Area Connection. Click on it's Properties. On the General Tab highlight "Internet Protocol (TCP/IP)". After clicking the Properties button there should be a tick mark next to ""Obtain DNS server address automatically". The user at this forum, found it had been changed to "Use the following DNS server addressess" (with addresses entered), instead. I'm NOT saying this will turn things around for you, but something you might want to look into.

Marianna may have some other recommendations. Otherwise, I would suggest posting a HijackThis log, whether any of the above helps, or not. It enables those who analyze them, to have a complete and thorough look at what's going on. And to also use tools we don't use here. We don't analyze HJT logs at this forum, but you'll find a list which do at the below link, along with instructions on how to download and install HJT.

http://forums.cnet.com/5208-4_102-0.html?forumID=32&threadID=255339&messageID=2533167

I wish you the very best of luck..
Carol

Collapse -
to everyone
by Lisa / October 22, 2008 5:24 PM PDT

i just wanted to thank everyone for helping me- im sorry also if i caused a stir here. this bug is now gone....... and i actually got the windows update site to work..all my pages now load without errors. im so thrilled- and thank you for recommending 2 great programs and a site that could help one on one. that along with this great forum here sure got me out of an aggrevating spot.
ok im headed back to update every dang anti type program i have- going to be even more cautious now.. again, thanks so much, everyone.:)

Collapse -
Great News!
by Carol~ Moderator / October 22, 2008 5:42 PM PDT
In reply to: to everyone

Lisa..

You didn't cause a stir. We're just glad you were able to get "up and running". I would wait just a bit longer, to see if TomK has anything else to suggest or add. He may even have you post one last log, just to be 100% sure. I don't know. But generally, the helpers will post back, after suggesting you run a scan. Meanwhile, you did some good work!

Stay safe and clean..
Carol

Collapse -
Windows Update has encountered an error
by Carol~ Moderator / October 19, 2008 12:34 PM PDT

Lisa..

Have a look here.

"Error message when you try to install updates from the Windows Update Web site on a Windows XP-based computer: "Windows Update has encountered an error and cannot display the requested page""

http://support.microsoft.com/?kbid=914226

Collapse -
so far so good
by Lisa / October 19, 2008 1:18 PM PDT

ok the latest in safe mode scan came up clean 0 items found- ran it again after a normal boot- came up clean again.
so now im going to try the article about fixing the windows update error - thanks so much

Collapse -
You're welcome. Sounds good to me :)
by Carol~ Moderator / October 19, 2008 1:31 PM PDT
In reply to: so far so good

You "did good"! If you are clean, and what's in article doesn't help, there may be some other things to try. I'm keeping my fingers crossed... as I call it night. Don't get yourself into trouble while I'm gone. Wink

Collapse -
Only These Two?
by Bugbatter / October 19, 2008 1:16 PM PDT

Those are registry entries.
Did MBAM remove any files? That problem usually has a hidden file component.

If not, I suggest following Carol's instructions to post a HijackThis log. Here is Trend Micro's list of malware removal forums:
http://hjt-data.trend-braintree.com/hjt/analyzethis/index.php?report=7784239

Collapse -
so far.........
by Lisa / October 19, 2008 2:56 PM PDT
In reply to: Only These Two?

so far it only found those 2 and did remove them... so far.. im scanning again. i set the comp to show all files and hidden files. just finished... they are back.

ok on a side note how do I find the run command on xp? so i can fix the windows update mess.
ive searched high and low-

ok headed to the Hijack option now. since these boogers wont go away.lol.

Collapse -
'...'I've searched high and low'...
by Carol~ Moderator / October 19, 2008 4:03 PM PDT
In reply to: so far.........

You're searching too low. The answer is higher. And just a little deeper. Wink

Collapse -
thanks so much
by Lisa / October 19, 2008 5:47 PM PDT

ive had this dang comp 2 years- i never saw that "run" before- lol- i looked over and there it was ,after your clues jump started my brain again. ,- thanks- ok i ran the hijackthis- wow- what a mess i think i have- i didnt think i could post th resultshere so i joined one of the forums there and posted it there- those 2 baddies are back again- i also saw some other strange files in there- will post back with results on this and the windows update thing when its fixed - thanks again so much.

Collapse -
You're Welcome
by Bugbatter / October 20, 2008 7:54 AM PDT
In reply to: thanks so much

Glad to see that you were able to get your log posted. As I mentioned in my other post that included a link to a fix in progress, others are having this problem as well, so you are not alone. I'm sure your problem will be resolved soon.

Collapse -
the windows updaet thing- im getting so close
by Lisa / October 20, 2008 8:12 AM PDT
In reply to: You're Welcome

ok i can now get windows update to open and not in msn anymore- yaaa. but its to this error
The website has encountered a problem and cannot display the page you are trying to view. Take the following steps to try solving the problem:
Refresh the page.
In Internet Explorer, delete your Temporary Internet Files by going to the Tools menu and clicking Internet Options.
Close and then re-open Internet Explorer.

Internet Explorer (Add-ons Disabled) mode only prevents the use of ActiveX controls, including those used by the Microsoft Update website. To get updates using this browser mode, you need to turn on Automatic Updates on your computer or visit the Windows Update website.
now i dont have any add ons disabled in internet explorer that i can find- so wierd .i have aytoupdates on in my comp- but i cant get any updtes either way.

Collapse -
Hi, Lisa
by Bugbatter / October 20, 2008 8:24 AM PDT

I suggest mentioning this to your helper who is working with you on your log. If you posted your log at one of the forums listed on the Trend Micro page you are in good hands. Happy

Collapse -
thanks so much
by Lisa / October 20, 2008 9:59 AM PDT
In reply to: Hi, Lisa

i must have mentioned the update and axtivex thing over there- right now they have me clearing and updating my java- apparently mine was old . i wonder if thats how those boogers got in? my fault for putting off teh update java window i was getting. - thanks so much for the help-

Collapse -
You're quite welcome, Lisa
by Carol~ Moderator / October 20, 2008 10:18 AM PDT
In reply to: thanks so much

I'm glad to hear my clues "jump started" your brain. I had faith that you'd figure it out in .. "no time flat"! Wink

I hope you get things cleared up soon..

Good luck...
Carol

Collapse -
Windows Update goes to MSN - try the Router or ISP
by jools23 / October 22, 2008 7:02 AM PDT
In reply to: so far.........

Same problems as Lisa - only on a new build computer, and virgin HDD - known working (kosher!) MS XP PRo SP2 etc - all the time (8 at least) over the last week, no windows update - goes to MSN - and even Java comes up with somewhere in the US - about to run malware etc as suggested - but saw the suggestion taht it may have been the router - I'm fortunate - I've got cable and phone broadband - chaneg to cable and hey presto! I can access the update site and everything is hunky dory - now formatting my new 1Tb drive for the NINTH time (have you any idea how long that takes - 'cause I do!) to do a fresh install! I'll have words with the ISP in the morning - STRONG ones! Hope this may help anyone who stumbles across this excellent forum - thanks for all the hints and advice - Lisa can you take your computer to another location and try it? Many, Many thanks to everyone who's contributed!

Collapse -
Absolutely
by sasawatc / October 26, 2008 10:29 PM PDT

Your problem is absolutely like me if you can solve it please tell me.

Collapse -
She DID solve her problem..
by Carol~ Moderator / October 28, 2008 12:13 AM PDT
In reply to: Absolutely

Your problem may not be the exact same problem as hers, but if it is, and you wish to know how she solved her's, it's mentioned in the last paragraph of the above post. She downloaded and installed HijackThis. As per the instructions in the below thread.

http://forums.cnet.com/5208-4_102-0.html?forumID=32&threadID=255339&messageID=2533167

She then went to one of the forums on left side of the page on the following list. (We don't analyze them here, hence the list)

http://hjt-data.trend-braintree.com/hjt/analyzethis/index.php

Hope this helps..
Carol

Collapse -
Please help me!
by sasawatc / October 28, 2008 11:59 PM PDT

I use the Hijack This to scan then I don't know what to fix please tell me what to fix and this is the logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:36, on 10/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svcadmin.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sasawat's Enterprise
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.1.1.44:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdsrs.exe] C:\WINDOWS\system32\kdsrs.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\LClock.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9415116F-78E2-4E92-8A3D-1D796ACDEA36}: NameServer = 85.255.115.37,85.255.112.144
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Anyplace Control Security - Unknown owner - C:\WINDOWS\svcadmin.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 12911 bytes

Collapse -
I see a few things.
by R. Proffitt Forum moderator / October 29, 2008 12:09 AM PDT
In reply to: Please help me!

While I think it's best to leave HJT reading to HJT forums.

1. Is that the NY DOWNLOADER TROJAN?
2. Does Windows Defender and Norton co-exist?
3. Why is the machine so "loaded"? Why not downsize to something less complicated?

Collapse -
How to post a HJT forums?
by sasawatc / October 29, 2008 12:17 AM PDT
In reply to: I see a few things.

How to post a HJT forums?

Collapse -
I asked you three questions first.
by R. Proffitt Forum moderator / October 29, 2008 12:22 AM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?