can someone please help me with my hijackthis log

Discussion in 'Windows - Virus and spyware problems' started by afgun, Oct 8, 2006.

  1. afgun

    afgun Member

    Joined:
    Oct 8, 2006
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    11
    someone please help me my computer is acting abit funny and i just wanted someone to check my hijackthis log to see if everything is ok thanx in advance everyone

    Logfile of HijackThis v1.99.1
    Scan saved at 19:22:20, on 08/10/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\SpywareDetector\SDService.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\Program Files\Multimedia Combo Set\MouseDrv.exe
    C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
    C:\Program Files\Softwin\BitDefender9\bdmcon.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\progra~1\softwin\bitdef~1\bdswitch.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Common Files\{90033E6E-0822-2057-1116-02021103002c}\Update.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\WINDOWS\system32\RDSHOST.exe
    C:\WINDOWS\system32\sessmgr.exe
    C:\Documents and Settings\Wahid\Desktop\gba\VisualBoyAdvance-1.8.0-beta3\VisualBoyAdvance.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Wahid\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WireLessMouse ] "C:\Program Files\Multimedia Combo Set\MouseDrv.exe"
    O4 - HKLM\..\Run: [WireLessKeyboard ] "C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe"
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
    O4 - HKLM\..\Run: [mwizqyd.dll] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\mwizqyd.dll,zxwighe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160256677687
    O17 - HKLM\System\CCS\Services\Tcpip\..\{62802FDB-3979-4527-BB44-5368178AE173}: NameServer = 212.139.132.5 212.139.132.4
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
     
    afgun, Oct 8, 2006
    #1
  2. kateman

    kateman Regular member

    Joined:
    Jul 22, 2006
    Messages:
    574
    Likes Received:
    0
    Trophy Points:
    26
    I dont like the look of this one. Its name is the same as the folder and that could mean a trojan. I dont see much protection on your computer from this log. You should scan this with whatever you have and if nothing turns up then get ewido and avast anti-virus onto it, again if nothing turns up then its clean.

    O4 - HKLM\..\Run: [mwizqyd.dll] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\mwizqyd.dll,zxwighe

    The rest is fine
     
    kateman, Oct 21, 2006
    #2
  3. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    @kateman, if you meant Ewido Anti-spyware, it is no more. It is now called AVG Anti-spyware 7.5.

    @afgun, kateman is right about the entry he mentioned, but didn't mention you have to delete that file manually.

    The scanners will not pick it out and remove it. As of now(last time I checked was last week), no one knows where this file is coming from or what infection it is from. Scanners with heuristics will find it, but even they won't delete it. So, fix the entry with HjT and then delete the file: C:\WINDOWS\System32\[bold]mwizqyd.dll[/bold]
     
    Last edited: Oct 21, 2006
    Niobis, Oct 21, 2006
    #3

Share This Page