HELP I am new and stupid in here.

[Newfiebullet]

Logfile of HijackThis v1.99.1
Scan saved at 12:46:37 PM, on 22/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis1.99.1\Newfie.exe.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162407573571
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: lxcj_device - Unknown owner - C:\WINDOWS\system32\lxcjcoms.exe

[Newfiebullet]

BUMP

[guestolo]

What happened to the AntiVirus software you had on your computer?
Trend Micro seems to be uninstalled
Is it expired?
Do you need a free solution?

Also, It's a good idea to visit Office updates
Click on the following link
http://office.microsoft.com/en-us/downloads/default.aspx
On the left hand side click on OFFICE UPDATE
Let it scan for updates
Then "Agree and Install" all Required updates

Keep revisiting till you have all required updates installed
I like to install the updates without CD requirement

I think there is something still running as executable

What do you mean by that?
What do you think is running that shouldn't be?

[Newfiebullet]

Here is a copy of the Task manager executables list...... Many of the Unknown executables toggle and use space at quick switch intervals..if I end them they just restart.  When I shut down.....there is a notification  of  other users currently on the system.. blah blah.....you will loose and unsaved information....etc

The system runs retardedly slow
Outlook is weird
My main Windows screen is different colours
mouse does not respond the way it should..
 
I think I am being remotely operated..  Why? I have no idea.. we are soooooooo boring ... no one wants our computer junk!

I lost the Trend Micro as it was a trial version.  I have scanned and cleaned every day for a week..with spybot and Lavasoft and bitlord and panda and Clean up and everything ..  you have to remember I have no idea what I am doing so maybe I screwed it up.

Thanks for all your time and patience.

N

[guestolo]

Can you ensure that the XP firewall is enabled in the Control panel
START>>Control Panel>>security center>>Windows firewall

Also, can I have a look at the following
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

+Also, Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for "Show All".
DO NOT select Show All
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

[Newfiebullet]

Here are the two logs you requested.  Also regarding the Firewall I did not realize that it was down and when I tried to turn it on there was a pop up telling me that shared user and could not turn it on http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> .  

Thanks! I know this is probably driving you nuts bye now!  I appreciate your time.

Nancy



Hijack Uninstall Log

Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.8
Adobe Shockwave Player
APOLLO P-2100U Series Printer
BitLord 1.1
CleanUp!
Google Toolbar for Internet Explorer
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 9
Kaspersky Online Scanner
Lexmark 8300 Series
LimeWire 4.12.6
Macromedia Flash Player 8
Microsoft Office Professional Edition 2003
Mozilla Firefox (1.5.0.
MSN Messenger 7.5
Nero Suite
Panda ActiveScan
PeerGuardian 2.0
Print to Fax
RegCure 1.0.0.43
Registry Mechanic 6.0
Rhapsody Player Engine
Rogers Self Healing (remove only)
Rogers Update Manager (remove only)
Rogers Yahoo! Applications
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Spybot - Search & Destroy 1.4
TOD 072006
VideoLAN VLC media player 0.8.5
Windows Media Format Runtime
Windows Media Player 10





GMER 1.0.12.11889 - http://www.gmer.net
Rootkit scan 2006-11-25 17:54:24
Windows 5.1.2600 Service Pack 2


---- Registry - GMER 1.0.12 ----

Reg  \Registry\USER\S-1-5-21-1844237615-1935655697-1202660629-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:uggc://znvy.tbbtyr.pbz/znvy/?ivrj=pungvageb&qrfg=uggc%3N%2S%2Sznvy.tbbtyr.pbz%2Sznvy%2S%3Snhgu%3QQDNNNULNNNOj4Y46VRqN4AxFYLdhxdkUZvsXJAmW9LLaWAXRLy6eoTyfkZTp96G8TFwWTjvUbWJVgk
uvcXtrYtioClklYTydoiGPQq9lP6JCDFnci0YWzdaxtrvlOZYtxuBr_nrdZDRIk50PqofrabajaR8NCt
p
DdFDoYypOqKcwTOZdWk_rfD%26mk%3Q1vhxh0348sz3j&fuin=1                                                                     0x06 0x00 0x00 0x00 ...
Reg  \Registry\USER\S-1-5-21-1844237615-1935655697-1202660629-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:uggc://knqf.mrqb.pbz//nqf2/p?n=148798;k=1053;t=27,0;p=272000035,272000035;v=0;a=272;f=0;v=0;h=X2XaHjbNNURNNQi
NBIfNNNNC;r=v;f=0;t=27;j=8;z=579;m=0.9276132625382296;x=uggc://jjj.yvir365.pbz/ptv-ova/pyvpxf.ptv?nqgenpx=CZ:25:YVI-in_ivc120k60:1211064834&hey=uggcf%3N%2S%2Sfgber.yvir365.pbz%2Sbeqref%2Sbeqresbez-yvfgra.yvir                                                           0x10 0x00 0x00 0x00 ...
Reg  \Registry\USER\S-1-5-21-1844237615-1935655697-1202660629-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
F
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
F
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF                                                                                                                     0x14 0x00 0x00 0x00 ...
Reg  \Registry\USER\S-1-5-21-1844237615-1935655697-1202660629-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:uggc://fqyp-rfq.fha.pbz/RFQ28/WFPQY/wqx/1.5.0_09_o03/wer-1_5_0_09-jvaqbjf-v586-c.rkr?NhguCnenz=1163970045_9n263o9p57p910oo330nq7rsrs58o642&GHey=na1acQcoXbq7xFLeEBuRAGbaVhp1J0Q1Yp4aKm+cTSSenavkqPqtkQGCoJ4=&GvpxrgVq=qyy9BjECArN++j==&TebhcAnzr=FQYP&OUbfg=fqyp4u.fha.pbz&SvyrCngu=/RFQ28/WFPQY/wqx/1.5.0_09_o03/wer-1_5_0_09-jvaqbjf-v586-c.rkr&Svyr=wer-1_5_0_09-jvaqbjf-v586-c.rkr  0x16 0x00 0x00 0x00 ...

---- Files - GMER 1.0.12 ----

ADS  C:\Hijackthis1.99.1\Newfie.exe.exe:SummaryInformation                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        
ADS  C:\Hijackthis1.99.1\Newfie.exe.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    

---- EOF - GMER 1.0.12 ----

[guestolo]

Can you give me the exact error message when you try and turn on the firewall

Also, are there other users on this computer?
Any with Adminstrative privileges?

[Newfiebullet]

Here is the error message:

Windows Firewall settings cannot be displayed because the associated service is not running.  Do you want to start the windows firewall internet connection sharing (ICS) service?

[color=\"#ff0000\"] I answer (Y)[/color]

Starting windows firewall internet connection sharing (ICS) service

Windows cannot start firewall internet connection sharing (ICS) service
...........

The firewall is always set to on with no exceptions checked.  I think it is disabeling the firewall via the executable.....not sure..

I will copy the processes again so that you can see what I am seing.... one sec.