nick_degenste

Maniac, So far so good, my menu is back to normal and things seem to be running more smoothly. Questions: I should get an updated Jave, Adobe Reader, keep my browser updated? Any thing else? Should Symantec still be used as my antivirus or should I be using something else? I guess in general my question is how to keep this from happening again? Nick

Maniac, It found one item that was fixed. The log is attached below. tdsskiller_log.zip

Maniac, This was able to scan. The report is attached. RKUnhookerReport.zip

Still not working. I started the scan and it again froze the computer and a scan did not take place. Nick

Maniac, After selecting all my drives I click OK and the program dosen't look like anything is happening (and there is no sound coming from the computer). The first time I tried my computer automatically restarted and then I started the scan again and the system froze. Following my forced shutdown the computer booted back up and now I can't get on the internet. My IP address is 0.0.0.0 and resetting both my router and modem did not fix that problem. My router and modem both work because I am now online on another computer. Not sure what to do now. Nick

Here are the latest Combo-Fix results combo_fix_log.zip

Borislav, Step 1 was fine Step 2 was fine (but I later realized that I didn't look for hidden folders which did contain some of the files you mentioned). I restarted here and maybe shouldn't have because you didn't explicitly instruct to do this. It took a long while to reboot and then I got the white screen with the deactivated active desktop. Step 3 with Combo-Fix took a while. Shortly after combofix started I got a message saying: "Combofix has detected the presence of rootkit activity and needs to reboot the machine". After the reboot things apparently went fine. I noticed from the Combo-Fix.txt log that I still have some Java/Sun folders I didn't delete yet. I've attached the three files you requested. nick attached_files.zip

Borislav, Thanks for helping me. I have zipped DDS.txt and Attach.txt. Apparently DDS.txt is too large to copy&paste into the message. Nick dds___Attach.zip

Uploaded whole Hijack this log file: hijackthis.zip

Hijack this log file: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:37:53 PM, on 10/4/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lkcitdl.exe C:\WINDOWS\system32\lkads.exe C:\WINDOWS\system32\lktsrv.exe C:\Program Files\National Instruments\MAX\nimxs.exe C:\WINDOWS\system32\nicitdl5.exe C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe C:\WINDOWS\system32\nisvcloc.exe C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\nipalsm.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe ;

Hopefully someone can help me. I originally had some malware on the computer, I was getting some windows popping up, something about TrojanSPM/LX. At some point I had a green wallpaper screen with a message saying "Your system is infected" the appearance of my window frames and Taskbar is strange (old-school grey) instead of the more modern xp sp3 blue that is normal for me. I've scanned my computer with my updated anti-virus software (Symantec) and with the updated Malwarebytes. Both did remove some stuff but at this point they both show no infections, however my taskbar is strange looking and I have some internet explorer popups that are not normal. I've gone through the "I'm Infected - what do I do now?" instructions specifically the last thing did't execute correctly: ---I've Disabled CD-ROM emulator using Defogger ---I've run the DDS agent and have both files saved (although I'm not clear on how I know if I have a script blocker installed) ---GMER rootkit scan was not able to execute, I start scanning and the system more or less freezes up (twice) I've also scanned the computer with some of the other free online scanners (F-Secure and Kapersky) and both of these show some infection ---F-secure removed some stuff but showed a file SE11.exe that it could not remove ---Kapersky showed some number of malware related files (and I could not save the log file for some reason) Please help! Thanks Nick Below I've attached: ---Malwarebytes quickscan output: Malwarebytes Output Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4736 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/3/2010 3:11:14 PM mbam-log-2010-10-03 (15-11-14).txt Scan type: Quick scan Objects scanned: 156775 Time elapsed: 18 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)