[solved] Internet explorer and real player error

When I tried to open my internet explorer this message keep popping up "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience." I thought that it was nothing so i restart my computer couple of time, but when i open the internet explorer the same thing happen. Then i tried to open my Real player but the same message coming up "Real Player has encountered a problem and needs to close. We are sorry for the inconvenience".So, i uninstall the real player and install the new one, but this message come up that won't let me install "RealNetworks Installer has encountered a problem and needs to close. We are sorry for the inconvenience".

My question is what wrong with my internet explorer and real player. Is it some kind of virus causing this? And is there anyway to fix this? When i finished scan my computer with Malwarebyte, the same exact message pop up and freeze my anti malware.

I have window Xp with Internet explorer 8 install if that help. Thank any suggestion wold be appreciated.

 

try running malware bytes in safe mode.also run hijack this in safe mode and post log.

 

My computer couldn't boot to safe mode no matter what, it keep restarting. Here my hijack this log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:41:17 AM, on 9/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Sophea\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Sophea\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sophea\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Sophea\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {8520E338-DAD5-4469-831F-A8FDED2DF696} - (no file)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [lnternet Update] lExplore.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\RunServices: [lnternet Update] lExplore.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sophea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: []

O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1254703864687
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212029532583
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1212029642730
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: vsrca - C:\WINDOWS\security\vsrca.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13050 bytes

 

Hi brick1,

Looking over your HJT Log, I see that you have picked up a very bad infection.

Hopefully we can get rid of this critter. Work through the following steps and post the Logs so I can see what we are dealing with. I will help as much as I am able…….

Step # 1: Remove Hijackthis Entries
• Run HijackThis
• Click on the Scan button
• Put a check beside all of the items listed below (if present):

• O2 - BHO: (no name) - {8520E338-DAD5-4469-831F-A8FDED2DF696} - (no file)
• O4 - HKLM\..\Run: [lnternet Update] lExplore.exe
• O4 - HKLM\..\RunServices: [lnternet Update] lExplore.exe
• O4 - HKLM\..\Policies\Explorer\Run: []
• O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
• O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
• O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
• O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
• O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
• O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
• O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
• O20 - Winlogon Notify: vsrca - C:\WINDOWS\security\vsrca.dll (file missing)
• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.


Step # 2: Run ComboFix

* IMPORTANT !!! Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.


1. Download Combo fix from the following location:
* IMPORTANT !!! Place combofix.exe on your Desktop but DO NOT RUN!

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.

3. Combo will begin to run DO NOTHING while this is happening.
• It will kill a few processes and disconnect you from the internet.
• If by chance it stops prematurely you can re-establish your internet connection by restarting your computer.
• This needs to be done so the program can work most efficiently for you.
Do not attempt to use the internet or anything else while it's doing its job for you.

**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.

If when it's completed you can not get on the internet just reboot the computer

Post the log from comboFix for me located in
c:\comboFix.txt and a fresh HJT Log.


2oG

 

when the combofix run, it ask me about the disclaimer, and then i click yes. Then it gave me an error and shutdown my computer. It normal right.

 

As the instructions say DO NOTHING WHILE IT IS RUNNING!
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
It will disconnect you from the Internet you don't have to.... as I said DO NOTHING! Don't touch the dam mouse!

Uninstall it and Try Again from the top following the instructions and have some patients.....

To un-install:Click START then RUN
Now copy/paste Combofix /u in runbox and click OK.
Note the space between the X and the U, it needs to be there.



This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Now reboot and start the previous instructions at Step 1
to try again....

2oG

 

Ok I got it. Here my Combofix Log:


ComboFix 10-09-25.07 - Sophea 09/26/2010 16:12:54.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.688 [GMT -7:00]
Running from: C:\Documents and Settings\User\desktop\combofix.exe
Command switches used :: /killall
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\Application Data\inst.exe
C:\WINDOWS\search_res.txt
C:\WINDOWS\security\acrsv.bak1
C:\WINDOWS\security\acrsv.bak2
C:\WINDOWS\security\acrsv.ini
C:\WINDOWS\security\acrsv.ini2
C:\WINDOWS\security\acrsv.tmp
C:\WINDOWS\SW_Win2000X48.DLL
C:\WINDOWS\system32\ctwyudjc.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\Thumbs.db
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
T:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2010-08-26 to 2010-09-26 )))))))))))))))))))))))))))))))
.

2010-09-26 20:34:23 . 2010-09-26 20:34:23 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-09-26 20:33:56 . 2010-09-26 20:33:56 -------- d-----w- C:\Documents and Settings\User\Application Data\Tific
2010-09-26 06:06:03 . 2010-09-26 06:06:03 388096 ----a-r- C:\Documents and Settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-26 06:06:02 . 2010-09-26 06:06:02 -------- d-----w- C:\Program Files\Trend Micro
2010-09-26 02:59:19 . 2010-09-26 02:59:19 -------- d-----w- C:\Documents and Settings\User\Application Data\Malwarebytes
2010-09-26 02:59:09 . 2010-04-29 22:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-26 02:59:08 . 2010-09-26 02:59:08 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-09-26 02:59:08 . 2010-04-29 22:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-09-26 02:59:07 . 2010-09-26 02:59:12 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-25 22:16:16 . 2010-09-25 22:16:16 -------- d-sh--w- C:\Documents and Settings\NetworkService\IETldCache
2010-09-19 00:29:01 . 2010-09-19 00:29:00 60808 ----a-w- C:\WINDOWS\system32\S32EVNT1.DLL
2010-09-19 00:29:00 . 2010-09-19 00:29:00 126512 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2010-09-19 00:28:29 . 2010-09-19 00:28:29 -------- d-----w- C:\WINDOWS\system32\drivers\NAV
2010-09-19 00:28:26 . 2010-09-19 00:28:29 -------- d-----w- C:\Program Files\Norton AntiVirus
2010-09-19 00:28:26 . 2010-09-19 00:28:26 -------- d-----w- C:\Program Files\Windows Sidebar
2010-09-19 00:28:04 . 2010-09-19 00:28:04 -------- d-----w- C:\Program Files\NortonInstaller
2010-09-03 21:20:06 . 2010-09-03 21:20:06 -------- d-----w- C:\Documents and Settings\All Users\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 23:20:27 . 2006-09-30 17:59:42 384 ----a-w- C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000C-00001102-00000004-20021102}.dat
2010-09-26 23:20:27 . 2006-09-30 17:59:42 384 ----a-w- C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000C-00001102-00000004-20021102}.dat
2010-09-26 21:56:40 . 2009-10-21 02:50:31 -------- d-----w- C:\Program Files\Gabest
2010-09-26 21:35:05 . 2006-09-30 07:50:13 -------- d-----w- C:\Program Files\Alwil Software
2010-09-26 06:21:02 . 2006-09-30 09:17:16 -------- d-----w- C:\Program Files\Common Files\Real
2010-09-26 06:20:57 . 2006-09-30 09:16:37 -------- d-----w- C:\Program Files\Real
2010-09-26 06:19:36 . 2010-08-19 21:07:27 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-26 01:36:06 . 2007-09-27 22:55:01 -------- d-----w- C:\Documents and Settings\User\Application Data\vlc
2010-09-26 01:16:59 . 2006-09-30 08:47:40 -------- d-----w- C:\Program Files\Google
2010-09-19 00:37:53 . 2006-09-30 09:46:14 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-09-19 00:29:01 . 2006-09-30 09:30:26 -------- d-----w- C:\Program Files\Symantec
2010-09-19 00:29:00 . 2010-09-19 00:29:01 7456 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2010-09-19 00:29:00 . 2010-09-19 00:29:00 805 ----a-w- C:\WINDOWS\system32\drivers\SYMEVENT.INF
2010-09-19 00:28:26 . 2008-11-18 02:52:02 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Norton
2010-09-19 00:12:37 . 2010-01-21 02:01:51 -------- d-----w- C:\Program Files\Norton Security Scan
2010-09-19 00:10:00 . 2009-01-18 23:44:46 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-09-10 21:28:24 . 2010-08-19 20:45:09 -------- d-----w- C:\Program Files\Unlocker
2010-09-10 02:29:23 . 2008-07-02 22:11:35 -------- d-----w- C:\Program Files\Free FLV Converter
2010-09-04 18:27:45 . 2008-08-10 03:34:50 -------- d-----w- C:\Program Files\Microsoft Silverlight
2010-08-25 18:38:07 . 2010-08-25 18:38:07 -------- d-----w- C:\Documents and Settings\All Users\Application Data\TVU Networks
2010-08-25 18:38:07 . 2010-08-25 18:37:49 -------- d-----w- C:\Program Files\TVUPlayer
2010-08-21 00:51:57 . 2010-08-21 00:51:48 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2010-08-19 21:04:27 . 2010-08-19 20:52:39 -------- d-----w- C:\Program Files\Apmebfcookie Removal Tool
2010-08-17 13:17:06 . 2004-08-04 12:00:00 58880 ----a-w- C:\WINDOWS\system32\spoolsv.exe
2010-07-22 15:49:15 . 2004-08-04 12:00:00 590848 ----a-w- C:\WINDOWS\system32\rpcrt4.dll
2010-07-22 05:57:20 . 2009-04-15 02:25:23 5120 ----a-w- C:\WINDOWS\system32\xpsp4res.dll
2010-07-20 22:45:42 . 2010-03-28 23:02:27 717296 ----a-w- C:\WINDOWS\system32\drivers\sptd.sys
2010-07-01 20:59:35 . 2010-07-01 20:59:35 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
2010-06-30 12:31:35 . 2004-08-04 12:00:00 149504 ----a-w- C:\WINDOWS\system32\schannel.dll
.

------- Sigcheck -------

[7] 2010-06-24 12:24:46 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037 (longhorn_ie8_ldr.100616-1800)] . . C:\WINDOWS\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 12:22:03 . 3ED21F3091993DEB015B861C4E1634B7 . 916480 . . [8.00.6001.18939 (longhorn_ie8_gdr.100616-1700)] . . C:\WINDOWS\system32\wininet.dll
[7] 2010-06-24 12:22:03 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939 (longhorn_ie8_gdr.100616-1700)] . . C:\WINDOWS\system32\dllcache\wininet.dll
[7] 2010-05-06 10:41:53 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923 (longhorn_ie8_gdr.100419-1241)] . . C:\WINDOWS\ie8updates\KB2183461-IE8\wininet.dll
[7] 2010-05-06 10:36:27 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014 (longhorn_ie8_ldr.100419-1507)] . . C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[7] 2010-02-25 06:24:37 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904 (longhorn_ie8_gdr.100222-1700)] . . C:\WINDOWS\ie8updates\KB982381-IE8\wininet.dll
[7] 2010-02-25 06:19:44 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995 (longhorn_ie8_ldr.100223-0100)] . . C:\WINDOWS\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[7] 2009-12-21 19:14:05 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876 (longhorn_ie8_gdr.091218-1700)] . . C:\WINDOWS\ie8updates\KB980182-IE8\wininet.dll
[7] 2009-12-21 19:09:28 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967 (longhorn_ie8_ldr.091219-0100)] . . C:\WINDOWS\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 07:45:45 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945 (longhorn_ie8_ldr.091027-0100)] . . C:\WINDOWS\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 07:45:38 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854 (longhorn_ie8_gdr.091026-1700)] . . C:\WINDOWS\ie8updates\KB978207-IE8\wininet.dll
[7] 2009-08-29 08:08:21 . CF0A5FE05BF614C24950D8FAEC1BC309 . 916480 . . [8.00.6001.18828 (longhorn_ie8_gdr.090826-1700)] . . C:\WINDOWS\ie8updates\KB976325-IE8\wininet.dll
[7] 2009-08-29 08:01:44 . 972B226BDAD71C55F3CC9A72BBF8F1C1 . 916480 . . [8.00.6001.22918 (longhorn_ie8_ldr.090827-0100)] . . C:\WINDOWS\$hf_mig$\KB974455-IE8\SP3QFE\wininet.dll
[7] 2009-07-03 17:09:28 . 7E8A47A2E6561274B83E257CE74803FD . 915456 . . [8.00.6001.18806 (longhorn_ie8_gdr.090701-1700)] . . C:\WINDOWS\ie8updates\KB974455-IE8\wininet.dll
[7] 2009-07-03 17:06:51 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896 (longhorn_ie8_ldr.090702-0100)] . . C:\WINDOWS\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll
[7] 2009-06-29 16:23:12 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073 (vista_ldr.090625-2339)] . . C:\WINDOWS\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[7] 2009-04-29 04:56:02 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850 (vista_gdr.090423-0018)] . . C:\WINDOWS\ie7updates\KB972260-IE7\wininet.dll
[7] 2009-04-29 04:49:30 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045 (vista_ldr.090423-0018)] . . C:\WINDOWS\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2009-03-08 11:34:58 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] . . C:\WINDOWS\ie8updates\KB972260-IE8\wininet.dll
[7] 2009-03-03 00:18:25 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827 (vista_gdr.090226-1506)] . . C:\WINDOWS\ie7updates\KB969897-IE7\wininet.dll
[7] 2009-03-03 00:17:40 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020 (vista_ldr.090226-1506)] . . C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2008-12-20 23:56:00 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978 (vista_ldr.081217-1620)] . . C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:15:41 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791 (vista_gdr.081217-1620)] . . C:\WINDOWS\ie7updates\KB963027-IE7\wininet.dll
[7] 2008-10-16 20:38:40 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762 (vista_gdr.081013-1507)] . . C:\WINDOWS\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-10-16 20:24:11 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935 (vista_ldr.081013-1507)] . . C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08:45 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900 (vista_ldr.080820-1506)] . . C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 07:24:31 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735 (vista_gdr.080820-1506)] . . C:\WINDOWS\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-06-23 16:57:41 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705 (vista_gdr.080618-1506)] . . C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-06-23 16:57:41 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705 (vista_gdr.080618-1506)] . . C:\WINDOWS\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2GDR\wininet.dll
[7] 2008-06-23 16:01:51 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861 (vista_ldr.080618-1506)] . . C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 16:01:51 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861 (vista_ldr.080618-1506)] . . C:\WINDOWS\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\SP2QFE\wininet.dll
[7] 2008-06-23 14:54:47 . 972299B7241EC325D8C7E5638C884925 . 666624 . . [6.00.2900.5626 (xpsp_sp3_qfe.080623-1331)] . . C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
[-] 2008-04-21 06:44:29 . 2B0C24AA747A93A28987B6D65A4A74BC . 666112 . . [6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] . . C:\WINDOWS\SoftwareDistribution\Download\4a70167257b9ec465806ced7f92b65d8\sp3gdr\wininet.dll
[-] 2008-04-21 06:24:02 . 26F240C250E5B4B395CB4B178BA75437 . 666624 . . [6.00.2900.5583 (xpsp_sp3_qfe.080417-1431)] . . C:\WINDOWS\SoftwareDistribution\Download\4a70167257b9ec465806ced7f92b65d8\sp3qfe\wininet.dll
[7] 2008-04-14 00:12:08 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ServicePackFiles\i386\wininet.dll
[7] 2007-08-14 01:54:10 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13 (longhorn(wmbla).070711-1130)] . . C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
[7] 2007-06-26 14:35:54 . E1A3DD68B5380B360A7310A64D9BB188 . 665600 . . [6.00.2900.3164 (xpsp_sp2_qfe.070626-1258)] . . C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
[7] 2006-09-14 08:31:30 . D207370287CF769AEBEBF03837784963 . 664576 . . [6.00.2900.2995 (xpsp.060913-0019)] . . C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
[7] 2006-06-23 11:25:31 . 64CE26DB72810B30F7855EA51E1DF836 . 664576 . . [6.00.2900.2937 (xpsp.060623-0011)] . . C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
[7] 2004-08-04 12:00:00 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 23:35:42 139264]
"Google Update"="C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-28 01:56:49 133104]
"Search Protection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 13:05:34 111856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 23:45:08 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 08:14:58 155648]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 08:53:30 65024]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 01:06:52 45056]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 17:50:30 413696]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 21:19:40 69632]
"nwiz"="nwiz.exe" [2005-06-15 09:20:00 1519616]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 09:20:00 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 09:20:00 6803456]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 19:50:42 155648]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-07-01 04:00:24 65536]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-07-01 03:56:34 188416]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 18:44:34 31072]
"CTHelper"="CTHELPER.EXE" [2003-10-06 06:57:32 24576]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 01:30:00 1191936]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 16:47:28 116040]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 13:05:34 111856]
"WatchDog"="C:\Program Files\mobile PhoneTools\WatchDog.exe" [2004-08-14 11:42:20 36864]
"WD Drive Manager"="C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-02-19 10:13:28 438272]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe [2006-10-4 98304]

Here my new HJT Log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:36:23 PM, on 9/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1254703864687
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1212029532583
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1212029642730
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: XoftSpyService - ParetoLogic Inc. - C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/User/My%20Documents/My%20Pictures/animal/Hypo%20Birthday

--
End of file - 11125 bytes

 

That looks better. If at first you don't succeed - read the instructions.. lol

How is it running now? I gotta get some rest but will get back ASAP.

 

Thank for your time, i appreciated it . Never knew i have that much virus. The computer kind of run faster now, but the internet explorer problem keep having problem. When I open it, it either close by itself or the message that said "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience". Any ideas what causing this?

Once again, thank you.

 

you might try uninstalling internet explorer and reinstalling.you might also give firefox a try.i like it better than ie.

 

I can't uninstall the Internet Explorer, it won't let me. I have firefox, but i want to know what cause the message "XXX.exe encountered a problem and needs to close. We are sorry for the inconvenience". Even my real player and window media player give me that same message. Sometime when i boot up, the Windows Genuine Advantage give me same message.

 

You can't uninstall IE but you can download the latest version and install it over the old one....
Try that..

 

Nope, I try to install a new one, but the same thing happen. Now this message pop up "Office Genuine Advantage had encounter a problem" every time i boot my computer. All my media player are having the same problem except vlc. When i try to play something in internet, the window media plugin alway crash in Google Chrome and alway freeze in firefox which i tried to reinstall many time wihtout success. Sometime my Norton give me same message. I think it has something to do with drwtson32.exe or dwwin.exe because dwwin.exe came up every time that message appear (I open my task manager). Any ideas?

Thank.

 

Try this:
http://www.microsoft.com/genuine/diag/

2og

 

Hi 2oldGeek,
The link that you give didn't solve help much. The internet explorer and window media player have the same damn error. When i tried to open it, it close by itself. For Firefox when i tired to play video using window media it close by itself, too. Any suggestion.

Thank you for reply.

 

Sounds like you may have some corrupted system files.

Running SFC /scannow can usually repair the bad system files and clear it up.

I don't have the time to write the instructions for using it so you may have to do some reading..

Here are a couple of links to get you started:

http://pcsupport.about.com/b/2009/05/25/sfc-scannow-repairs-windows-files-the-easy-way.htm

http://www.updatexp.com/scannow-sfc.html

2oG

 

Yes, Yes, Yes, thank you so much. The message is gone now. YOU are the best 2oG. It was the corrupt system file like you said. Once again thank you very much.

 

No "thanks" are necessary. Just remember me in your will, the pay here SUCKS! lol


"Have a Happy"
2oG