My system was in SERIOUS trouble 3 nights ago, but I've spent many hours doing the recommended solutions. here goes:
trendmicro: clean
adaware: keeps finding the same stuff no matter how many times I run it
Spybot: clean after 2 tries
CW shredder: clean
TDS: this made this biggest difference, system runs much better (not 100% yet...) TDS found and fixed 5 trojans, but complains it can't open "l?sass.exe" because its locked.
Below is the Hijackthis log. Thanks in advance for your help!
John M.
Logfile of HijackThis v1.99.1
Scan saved at 8:22:24 PM, on 3/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\DATACA~1\FLashKsk.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\system32\l?a**.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F207EE13-5AFA-0202-8799-72A2ADA06DE7} - C:\WINDOWS\system32\rymhs.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [DataCaching] C:\PROGRA~1\DATACA~1\FLashKsk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [w8dd1ptp] C:\Program Files\w8dd1ptp\w8dd1ptp.exe
O4 - HKLM\..\Run: [vmvmbup] C:\WINDOWS\vmvmbup.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitepmi32.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\system32\sysmonnt
O4 - HKCU\..\Run: [Laut] C:\Documents and Settings\Erin Masotta\Application Data\econ.exe
O4 - HKCU\..\Run: [Ntunjbzw] C:\WINDOWS\system32\l?a**.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {559D6FF6-51A6-4EF1-865E-DEDB0D1868E6} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {73CBA1CA-1F7A-4C2C-B69B-3215AAF50404} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {B7B6F375-CA61-4D3D-96A6-9E31E03844DF} - http://www.comcast.net (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {539DA0E0-74A7-11D9-9669-0800200C9A66} - http://www.ouchvideo...viewer_ic13.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe