Anyone see a problem witrh this?

[shawndiaz]

A friends HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:14:21 PM, on 6/10/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\PSIService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\Josie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.teet.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.teet.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
- (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop
Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sys02807365838-1] C:\WINDOWS\sys02807365838-1.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [9445c99d] rundll32.exe "C:\WINDOWS\System32\vxyspsoo.dll",b
O4 - HKLM\..\Run: [BM9776fa01] Rundll32.exe
"C:\WINDOWS\System32\hgeytcyv.dll",s
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe
-boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program
Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. -
C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak
Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner -
C:\WINDOWS\System32\PSIService.exe


I can't see any obvious errors..

 

[David B.]

We don't analyze HJT logs here, there are specific forums on the web that
provide this service.

 

[Nepatsfan]

A friends HijackThis Log:

<snipped>

You might want to post your HijackThis log on one of the following forums.

CastleCops HijackThis Forum
http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

Aumha Forums - HijackThis Logs
http://forum.aumha.org/

HijackThis Logs and Analysis
http://www.bleepingcomputer.com/forums/HijackThis_Logs_and_Analysis-f22.html

HijackThis Logs and Spyware/Malware Removal
http://forums.whatthetech.com/HijackThis_Logs_and_Infections_Removal_f27.html

Spyware Warrior HijackThis Logs
http://spywarewarrior.com/viewforum.php?f=5

These forums are staffed by volunteers who have demonstrated their ability to
interpret these logs and provide safe and helpful assistance. Also, the forums
are moderated, adding a degree of assurance that the advice given is valid.

That said, my money's on these entries being malware related.

O4 - HKLM\..\Run: [sys02807365838-1] C:\WINDOWS\sys02807365838-1.exe
O4 - HKLM\..\Run: [9445c99d] rundll32.exe "C:\WINDOWS\System32\vxyspsoo.dll",b
O4 - HKLM\..\Run: [BM9776fa01] Rundll32.exe "C:\WINDOWS\System32\hgeytcyv.dll",s

That's just for starters. There may be more. That's why you should post the log
to one of the forums listed above.

Good luck

Nepatsfan

 

[MAP]

A friends HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:14:21 PM, on 6/10/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\PSIService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\Josie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.teet.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.teet.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client
Foundation\CFD.exe O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
/STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program
Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sys02807365838-1] C:\WINDOWS\sys02807365838-1.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [9445c99d] rundll32.exe
"C:\WINDOWS\System32\vxyspsoo.dll",b O4 - HKLM\..\Run: [BM9776fa01]
Rundll32.exe "C:\WINDOWS\System32\hgeytcyv.dll",s
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program
Files\AdwareAlert\AdwareAlert.exe -boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program
Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software
Updater.exe O6 - HKCU\Software\Policies\Microsoft\Internet
Explorer\Control Panel present O8 - Extra context menu item: E&xport
to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o.
- C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co.,
Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman
Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner -
C:\WINDOWS\System32\PSIService.exe


I can't see any obvious errors..

Ones to look at.

O4 - HKLM\..\Run: [9445c99d] rundll32.exe
"C:\WINDOWS\System32\vxyspsoo.dll",b
O4 - HKLM\..\Run: [BM9776fa01] Rundll32.exe
"C:\WINDOWS\System32\hgeytcyv.dl


http://www.hijackthis.de/index.php?langselect=english
http://hjt.networktechs.com/

 

[pcbutts1 [MS MVP]]

You have the Trojan.Vundo but your main problem is you have no service packs
installed. Update your system.