Print Page - HELP I am new and stupid in here.

I have at least one worm called VB SO.. I can't get this off my machine cause the Trend micro and all the other free scanners can't do the job. The Worm makes up new files so that the scanner can never finish.

Now what?

From my signature below, download and save too a permanent folder of it's own onto your harddrive
Hijackthis 1.99.1
Open Hijackthis.exe

Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important

[quote name=\'Newfiebullet\' post=\'229878\' date=\'Oct 30 2006, 02:14 PM\']I have at least one worm called VB SO.. I can't get this off my machine cause the Trend micro and all the other free scanners can't do the job. The Worm makes up new files so that the scanner can never finish.

Now what?[/quote]
Here is my hijack log.... I have no idea what this is how to use it but I am trusting you know what this is.. and that there are smarter good guys fighting the virus generators......... As a 35 yr old mother of 2 babies.... I really appreciate your expertise.

Logfile of HijackThis v1.99.1
Scan saved at 11:00:00 AM, on 02/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccUpdUI.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pcclient.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\temp\aubin\patch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis1.99.1\hijackthis_sfx.exe
C:\Hijackthis1.99.1\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com (http://\"http://rogers.yahoo.com\")
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm080YYCA (http://\"http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm080YYCA\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab (http://\"http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162407573571 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162407573571\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: lxcj_device - Unknown owner - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Can you do the following please
Download and save [color=\"red\"]Brute Force Uninstaller[/color] (http://\"http://www.merijn.org/files/bfu.zip\")[/b] to the desktop

Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to, click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

[color=\"red\"]RIGHT-CLICK HERE[/color] (http://\"http://metallica.geekstogo.com/alcanshorty.bfu\")[/b] and choose "Save As" (in IE it's "Save Target As") in order to download [color=\"red\"]Alcan worm remover[/color].
Save it then transfer to the
same folder you made earlier (c:\BFU).

Go to Start > My Computer and navigate to the C:\BFU folder.

Start the Brute Force Uninstaller by doubleclicking BFU.exe
Next to the scriptline to execute field click the folder icon (http://metallica.geekstogo.com/foldericon.png)
and select alcanshorty.bfu
Press Execute and let it do it's job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

After you do the above
Can you do the following
RIGHT CLICK on Hijackthis.exe and rename it too
Newfie.exe
Do a Fresh scan and save logfile with Newfie.exe (Hijackthis) and post the fresh log please

Could you also
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\") and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from combofix please

Logfile of HijackThis v1.99.1
Scan saved at 3:12:49 PM, on 05/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccVScan.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OL\TMAS_OL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis1.99.1\HijackThis.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OL\TMAS_OLSentry.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com (http://\"http://rogers.yahoo.com\")
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm080YYCA (http://\"http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm080YYCA\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab (http://\"http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162407573571 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162407573571\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: lxcj_device - Unknown owner - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

you didn't appear to do anything I asked

Can you make sure you follow these instructions closely please

Can you do the following
Download and save [color=\"red\"]Brute Force Uninstaller[/color] (http://\"http://www.merijn.org/files/bfu.zip\")[/b] to the desktop

Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to, click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

[color=\"red\"]RIGHT-CLICK HERE[/color] (http://\"http://metallica.geekstogo.com/alcanshorty.bfu\")[/b] and choose "Save As" (in IE it's "Save Target As") in order to download [color=\"red\"]Alcan worm remover[/color].
Save it then transfer to the
same folder you made earlier (c:\BFU).

Go to Start > My Computer and navigate to the C:\BFU folder.

Start the Brute Force Uninstaller by doubleclicking BFU.exe
Next to the scriptline to execute field click the folder icon (http://metallica.geekstogo.com/foldericon.png)
and select alcanshorty.bfu
Press Execute and let it do it's job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

After you do the above
Can you do the following
RIGHT CLICK on Hijackthis.exe and rename it too
Newfie.exe
Do a Fresh scan and save logfile with Newfie.exe (Hijackthis) and post the fresh log please

Could you also
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\") and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from combofix please

[quote name=\'guestolo\' post=\'232942\' date=\'Nov 5 2006, 02:22 PM\']you didn't appear to do anything I asked

Can you make sure you follow these instructions closely please

Can you do the following
Download and save [color=\"red\"]Brute Force Uninstaller[/color] (http://\"http://www.merijn.org/files/bfu.zip\")[/b] to the desktop

Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to, click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

[color=\"red\"]RIGHT-CLICK HERE[/color] (http://\"http://metallica.geekstogo.com/alcanshorty.bfu\")[/b] and choose "Save As" (in IE it's "Save Target As") in order to download [color=\"red\"]Alcan worm remover[/color].
Save it then transfer to the
same folder you made earlier (c:\BFU).

Go to Start > My Computer and navigate to the C:\BFU folder.

Start the Brute Force Uninstaller by doubleclicking BFU.exe
Next to the scriptline to execute field click the folder icon (http://metallica.geekstogo.com/foldericon.png)
and select alcanshorty.bfu
Press Execute and let it do it's job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

After you do the above
Can you do the following
RIGHT CLICK on Hijackthis.exe and rename it too
Newfie.exe
Do a Fresh scan and save logfile with Newfie.exe (Hijackthis) and post the fresh log please

Could you also
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\") and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from combofix please[/quote]
Here is the COMBO FIX LOG FOLLOWED BY THE UPDATED HIJACK THIS AS YOU REQUESTED. THANKS!

Geoffrey - 06-11-05 15:43:25.44 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Geoffrey\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\bszip.dll

((((((((((((((((((((((((((((((( Files Created from 2006-10-05 to 2006-11-05 ))))))))))))))))))))))))))))))))))

2006-11-05 11:18 75,920 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-11-02 08:51 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-10-16 07:57 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2006-10-16 07:55 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2006-10-16 07:55 638,976 --a------ C:\WINDOWS\system32\divx.dll
2006-10-16 07:55 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-10-16 07:55 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2006-10-16 07:55 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2006-10-16 07:55 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2006-10-16 07:55 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2006-10-16 07:55 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-10-16 07:55 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-05 06:13 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-04 14:53 -------- d-------- C:\Program Files\Common Files
2006-11-04 09:46 -------- d-------- C:\Program Files\TOD 072006
2006-11-03 19:22 -------- d-------- C:\Program Files\Lexmark 8300 Series
2006-11-03 19:19 -------- d-------- C:\Program Files\Internet Explorer
2006-11-03 19:19 -------- d-------- C:\Program Files\Google
2006-11-02 10:57 -------- d-------- C:\Program Files\HijackThis
2006-11-01 17:00 -------- d-------- C:\Program Files\Microsoft Works
2006-10-31 15:23 -------- d-------- C:\Program Files\Trend Micro
2006-10-31 14:51 -------- d-------- C:\Program Files\Microsoft Office
2006-10-31 14:16 -------- d-------- C:\Program Files\Grisoft
2006-10-23 22:28 -------- d-------- C:\Program Files\Common Files\AVSMedia
2006-10-23 22:28 -------- d-------- C:\Program Files\AVSMedia
2006-10-23 21:29 -------- d-------- C:\Documents and Settings\Geoffrey\Application Data\vlc
2006-10-23 21:13 -------- d-------- C:\Program Files\VideoLAN
2006-10-23 08:36 7025 --a------ C:\Documents and Settings\Geoffrey\Application Data\AVSDVDPlayer.m3u
2006-10-18 08:34 -------- d-------- C:\Documents and Settings\Geoffrey\Application Data\Google
2006-10-17 14:03 -------- d-------- C:\Program Files\LimeWire
2006-10-04 13:27 -------- d-------- C:\Program Files\PeerGuardian2
2006-09-29 12:01 -------- d-------- C:\Program Files\Java
2006-09-29 11:59 -------- d-------- C:\Program Files\Common Files\Java
2006-09-29 11:55 243512 --a------ C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw.exe
2006-09-26 08:02 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-26 08:02 -------- d-------- C:\Program Files\Lexmark Applications
2006-09-22 07:15 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-21 07:07 -------- d-------- C:\Documents and Settings\Geoffrey\Application Data\Macromedia
2006-09-20 14:36 -------- d---s---- C:\Documents and Settings\Geoffrey\Application Data\Microsoft
2006-09-20 09:31 -------- d-------- C:\Program Files\MSN Messenger
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 20:27 31248 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2006-09-06 20:27 197648 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2006-09-06 20:09 1051456 --a------ C:\WINDOWS\system32\drivers\VsapiNT.sys
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SHS"="\"C:\\Program Files\\Rogers\\SelfHealing\\SHS.exe\" /background"
"Update Manager"="\"C:\\Program Files\\Rogers\\Update Manager\\UpdateManager.exe\" /background"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"PeerGuardian"="C:\\Program Files\\PeerGuardian2\\pg2.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"OE"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\TMAS_OE\\TMAS_OEMon.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LXCJCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCJtime.dll,_RunDLLEntry@16"
"lxcjmon.exe"="\"C:\\Program Files\\Lexmark 8300 Series\\lxcjmon.exe\""
"EzPrint"="\"C:\\Program Files\\Lexmark 8300 Series\\ezprint.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\pccguide.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-05 15:45:08.18
C:\ComboFix.txt ... 06-11-05 15:45

******

Logfile of HijackThis v1.99.1
Scan saved at 3:46:01 PM, on 05/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis1.99.1\Newfie.exe.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com (http://\"http://rogers.yahoo.com\")
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm080YYCA (http://\"http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm080YYCA\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab (http://\"http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162407573571 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162407573571\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: lxcj_device - Unknown owner - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Can you do the following please
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Additionally
Go to either of these links
http://virusscan.jotti.org/ (http://\"http://virusscan.jotti.org/\")
OR
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")

Use the browse button and navigate to the file on your harddrive

C:\WINDOWS\system32\drivers\oreans32.sys <-this file,
Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please

Uninstall List from Hijack this:

Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.8
Adobe Shockwave Player
APOLLO P-2100U Series Printer
BitLord 1.1
Google Toolbar for Internet Explorer
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 6
Lexmark 8300 Series
LimeWire 4.12.6
Macromedia Flash Player 8
Microsoft Office Professional Edition 2003
Mozilla Firefox (1.5.0.8)
MSN Messenger 7.5
Nero Suite
Panda ActiveScan
PeerGuardian 2.0
Print to Fax
Rhapsody Player Engine
Rogers Self Healing (remove only)
Rogers Update Manager (remove only)
Rogers Yahoo! Applications
TOD 072006
Trend Micro PC-cillin Internet Security 2007
Trend Micro PC-cillin Internet Security 2007
VideoLAN VLC media player 0.8.5

Scan of : oreans32.sys :

Service load: 0% 100% File: oreans32.sys Status: [color=\"#00bb00\"]OK[/color] (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 21dc5b289dce2d32a32baab7bcf29a6a Packers detected: -Scanner results AntiVir Found nothingArcaVir Found nothingAvast Found nothingAVG Antivirus Found nothingBitDefender Found nothingClamAV Found nothingDr.Web Found nothingF-Prot Antivirus Found nothingF-Secure Anti-Virus Found nothingFortinet Found nothingKaspersky Anti-Virus Found nothingNOD32 Found nothingNorman Virus Control Found nothingVirusBuster Found nothingVBA32 Found nothing

STATUS: FINISHEDComplete scanning result of "oreans32.sys", received in VirusTotal at 11.17.2006, 19:14:08 (CET).

AntivirusVersionUpdateResultAntiVir7.2.0.3911.17.2006 no virus foundAuthentium4.93.811.17.2006 no virus foundAvast4.7.892.011.15.2006 no virus foundAVG38611.16.2006 no virus foundBitDefender7.211.17.2006 no virus foundCAT-QuickHeal8.0011.17.2006 no virus foundClamAVdevel-2006042611.17.2006 no virus foundDrWeb4.3311.17.2006 no virus foundeSafe7.0.14.011.16.2006 no virus foundeTrust-InoculateIT23.73.5811.17.2006 no virus foundeTrust-Vet30.3.319711.17.2006 no virus foundEwido4.011.17.2006 no virus foundFortinet2.82.0.011.17.2006 no virus foundF-Prot3.16f11.16.2006 no virus foundF-Prot44.2.1.2911.17.2006 no virus foundIkarus0.2.65.011.17.2006 no virus foundKaspersky4.0.2.2411.17.2006 no virus foundMcAfee489711.16.2006 no virus foundMicrosoft1.1609 11.17.2006 no virus foundNOD32v2187011.17.2006 no virus foundNorman5.80.0211.17.2006 no virus foundPanda9.0.0.411.16.2006 no virus foundPrevx1V211.17.2006 no virus foundSophos4.11.011.16.2006 no virus foundTheHacker6.0.3.12011.17.2006 no virus foundUNA1.8311.17.2006 no virus foundVBA323.11.111.16.2006 no virus foundVirusBuster4.3.15:911.17.2006 no virus found

Aditional InformationFile size: 33824 bytesMD5: 21dc5b289dce2d32a32baab7bcf29a6aSHA1: b843fe0e71b4475ee390d133fa14aa1d68d1ac0dVirusTotal (http://\"http://www.virustotal.com/\") is a free service offered by Hispasec Sistemas (http://\"http://www.hispasec.com/\"). There are no guarantees about the availability and continuity

It's been awhile
Can you post a fresh Hijackthis log please

Logfile of HijackThis v1.99.1
Scan saved at 10:40:53 AM, on 19/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com (http://\"http://rogers.yahoo.com\")
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm080YYCA (http://\"http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm080YYCA\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab (http://\"http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab\")
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (http://\"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162407573571 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162407573571\")
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab (http://\"http://www3.ca.com/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab (http://\"http://www.live365.com/players/play365.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: lxcj_device - Unknown owner - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

We should update your version of Sun Java to plug up security holes that malware can exploit
==Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9 (http://\"http://java.sun.com/javase/downloads/index.jsp\")

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement[/i]".
The page will refresh.
Click on the link to download Windows Offline Installation Multi-language

Save the file to your Desktop.
Don't install it yet

Access your Add/remove programs via Control Panel
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
eg..J2SE Runtime Environment 5.0 Update 6
It should have the following icon next to it: (http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif)
Select it and click Remove

Afterwards
Do a "System scan only" with Hijackthis and put a check next to these entries:

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm080YYCA (http://\"http://edits.mywebsearch.com/toolbaredits/...?p=ZUxdm080YYCA\")
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab (http://\"http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab\")

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer

Go ahead and install the latest version of Sun java from the installer on your desktop
After installation you can delete the installer

Also, I suggest that you download and install these 2 tools
Yours for free, hold onto them

Download and Install
Ad-Aware SE Personal 1.06 (http://\"ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe\")

Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Close out after it is updated, as we will need it later
Open Ad-Aware SE 1.06
Click START>>>NEXT

When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process
===================================

Download and Install Spybot 1.4 from
HERE (http://\"http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1\")

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
Updates are successful when they have a Green check next to them
After update is complete,

Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer to finish any cleaning process

Post one last fresh hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 6:26:22 PM, on 19/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\WINDOWS\system32\sessmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Hijackthis1.99.1\Newfie.exe.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com (http://\"http://rogers.yahoo.com\")
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (http://\"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162407573571 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162407573571\")
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab (http://\"http://www3.ca.com/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab (http://\"http://www.live365.com/players/play365.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: lxcj_device - Unknown owner - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Ran both again here is the final hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 1:00:54 PM, on 20/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Hijackthis1.99.1\Newfie.exe.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com (http://\"http://rogers.yahoo.com\")
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (http://\"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162407573571 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162407573571\")
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab (http://\"http://www3.ca.com/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab (http://\"http://www.live365.com/players/play365.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: lxcj_device - Unknown owner - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Sorry for the delay, I was having trouble accessing the forum yesterday
How is everything running now?
It looks good

I think there is something still running as executable... in the background... here is the Kaspersky scan .. the Panda came up with nothing last night.

You have no idea how much I appreciate your time and help!

Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C11085D1-7FDE-4372-A6C3-5ADF1BDDB220}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\ActiveScan\Panda ActiveScanPSK_NAMES Object is locked skipped C:\WINDOWS\system32\ActiveScan\Panda ActiveScanPSK_NAMES2 Object is locked skipped C:\WINDOWS\system32\asfiles.txt Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C: \WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

Here is the Log From Trend Micro.... It wouldn't allow it to finish... These are all remote access errors and corruptions.. but I have no Idea how to get this @!^%$#&*^%thing off my computer.......

[font=\"Times New Roman\"]

MS06-058 Powerpoint (924163)

MS06-054 Publisher (910729)

MS06-003 Outlook and Exchange Svr (902412)

MS06-012 MS Office (905413)

MS06-027 MS Word (917336)

MS06-028 Powerpoint (916768)

MS06-037 Excel (917285)

MS06-039 Ms Office Filters (915384)

MS06-048 Ms Office Vulnerabilities Could allow remote execution

[/font]

[font=\"Times New Roman\"] [/font]

[font=\"Times New Roman\"] [/font]

Logfile of HijackThis v1.99.1
Scan saved at 12:46:37 PM, on 22/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis1.99.1\Newfie.exe.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com (http://\"http://rogers.yahoo.com\")
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (http://\"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162407573571 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162407573571\")
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab (http://\"http://www3.ca.com/securityadvisor/virusinfo/webscan.cab\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab (http://\"http://www.live365.com/players/play365.cab\")
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: lxcj_device - Unknown owner - C:\WINDOWS\system32\lxcjcoms.exe

BUMP

What happened to the AntiVirus software you had on your computer?
Trend Micro seems to be uninstalled
Is it expired?
Do you need a free solution?

Also, It's a good idea to visit Office updates
Click on the following link
http://office.microsoft.com/en-us/downloads/default.aspx (http://\"http://office.microsoft.com/en-us/downloads/default.aspx\")
On the left hand side click on OFFICE UPDATE
Let it scan for updates
Then "Agree and Install" all Required updates

Keep revisiting till you have all required updates installed
I like to install the updates without CD requirement

Quote

I think there is something still running as executable

What do you mean by that?
What do you think is running that shouldn't be?

Here is a copy of the Task manager executables list...... Many of the Unknown executables toggle and use space at quick switch intervals..if I end them they just restart. When I shut down.....there is a notification of other users currently on the system.. blah blah.....you will loose and unsaved information....etc

The system runs retardedly slow
Outlook is weird
My main Windows screen is different colours
mouse does not respond the way it should..

I think I am being remotely operated.. Why? I have no idea.. we are soooooooo boring ... no one wants our computer junk!

I lost the Trend Micro as it was a trial version. I have scanned and cleaned every day for a week..with spybot and Lavasoft and bitlord and panda and Clean up and everything .. you have to remember I have no idea what I am doing so maybe I screwed it up.

Thanks for all your time and patience.

N

Can you ensure that the XP firewall is enabled in the Control panel
START>>Control Panel>>security center>>Windows firewall

Also, can I have a look at the following
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

+Also, Download GMER from here:
http://www.gmer.net/gmer.zip (http://\"http://www.gmer.net/gmer.zip\")

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for "Show All".
DO NOT select Show All
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Here are the two logs you requested. Also regarding the Firewall I did not realize that it was down and when I tried to turn it on there was a pop up telling me that shared user and could not turn it on

/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> .

Thanks! I know this is probably driving you nuts bye now! I appreciate your time.

Nancy

Hijack Uninstall Log

Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.8
Adobe Shockwave Player
APOLLO P-2100U Series Printer
BitLord 1.1
CleanUp!
Google Toolbar for Internet Explorer
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 9
Kaspersky Online Scanner
Lexmark 8300 Series
LimeWire 4.12.6
Macromedia Flash Player 8
Microsoft Office Professional Edition 2003
Mozilla Firefox (1.5.0.8)
MSN Messenger 7.5
Nero Suite
Panda ActiveScan
PeerGuardian 2.0
Print to Fax
RegCure 1.0.0.43
Registry Mechanic 6.0
Rhapsody Player Engine
Rogers Self Healing (remove only)
Rogers Update Manager (remove only)
Rogers Yahoo! Applications
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Spybot - Search & Destroy 1.4
TOD 072006
VideoLAN VLC media player 0.8.5
Windows Media Format Runtime
Windows Media Player 10

GMER 1.0.12.11889 - http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2006-11-25 17:54:24
Windows 5.1.2600 Service Pack 2

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-1844237615-1935655697-1202660629-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:uggc://znvy.tbbtyr.pbz/znvy/?ivrj=pungvageb&qrfg=uggc%3N%2S%2Sznvy.tbbtyr.pbz%2Sznvy%2S%3Snhgu%3QQDNNNULNNNOj4Y46VRqN4AxFYLdhxdkUZvsXJAmW9LLaWAXRLy6eoTyfkZTp96G8TFwWTjvUbWJVgk
uvcXtrYtioClklYTydoiGPQq9lP6JCDFnci0YWzdaxtrvlOZYtxuBr_nrdZDRIk50PqofrabajaR8NCt
p
DdFDoYypOqKcwTOZdWk_rfD%26mk%3Q1vhxh0348sz3j&fuin=1 0x06 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1844237615-1935655697-1202660629-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:uggc://knqf.mrqb.pbz//nqf2/p?n=148798;k=1053;t=27,0;p=272000035,272000035;v=0;a=272;f=0;v=0;h=X2XaHjbNNURNNQi
NBIfNNNNC;r=v;f=0;t=27;j=8;z=579;m=0.9276132625382296;x=uggc://jjj.yvir365.pbz/ptv-ova/pyvpxf.ptv?nqgenpx=CZ:25:YVI-in_ivc120k60:1211064834&hey=uggcf%3N%2S%2Sfgber.yvir365.pbz%2Sbeqref%2Sbeqresbez-yvfgra.yvir 0x10 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1844237615-1935655697-1202660629-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
F
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
F
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 0x14 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-1844237615-1935655697-1202660629-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:uggc://fqyp-rfq.fha.pbz/RFQ28/WFPQY/wqx/1.5.0_09_o03/wer-1_5_0_09-jvaqbjf-v586-c.rkr?NhguCnenz=1163970045_9n263o9p57p910oo330nq7rsrs58o642&GHey=na1acQcoXbq7xFLeEBuRAGbaVhp1J0Q1Yp4aKm+cTSSenavkqPqtkQGCoJ4=&GvpxrgVq=qyy9BjECArN++j==&TebhcAnzr=FQYP&OUbfg=fqyp4u.fha.pbz&SvyrCngu=/RFQ28/WFPQY/wqx/1.5.0_09_o03/wer-1_5_0_09-jvaqbjf-v586-c.rkr&Svyr=wer-1_5_0_09-jvaqbjf-v586-c.rkr 0x16 0x00 0x00 0x00 ...

---- Files - GMER 1.0.12 ----

ADS C:\Hijackthis1.99.1\Newfie.exe.exe:SummaryInformation
ADS C:\Hijackthis1.99.1\Newfie.exe.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

---- EOF - GMER 1.0.12 ----

Can you give me the exact error message when you try and turn on the firewall

Also, are there other users on this computer?
Any with Adminstrative privileges?

Here is the error message:

Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the windows firewall internet connection sharing (ICS) service?

[color=\"#ff0000\"] I answer (Y)[/color]

Starting windows firewall internet connection sharing (ICS) service

Windows cannot start firewall internet connection sharing (ICS) service
...........

The firewall is always set to on with no exceptions checked. I think it is disabeling the firewall via the executable.....not sure..

I will copy the processes again so that you can see what I am seing.... one sec.

TheTechGuide Forum

General Category => Tech Clinic => Topic started by: Newfiebullet on October 30, 2006, 03:14:01 PM