Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

my hijackthis logfile


  • Please log in to reply
4 replies to this topic

#1 chromeclassicxl

chromeclassicxl

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 13 January 2008 - 04:23 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:22:32 PM, on 1/13/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\sanovjwi.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394662E901F0
9DDF7618419154310B87659CA5E04E4F70C46E0F2CBC14E4C09D775A67
O4 - HKLM\..\Run: [c0b458de] rundll32.exe "C:\WINDOWS\System32\bswxxnax.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/c...::/xpreload.ocx
O23 - Service: DomainService - - C:\WINDOWS\System32\sanovjwi.exe

    Advertisements

Register to Remove


#2 SNOWHITE

SNOWHITE

    Retired GTG Staff

  • Authentic Member
  • PipPip
  • 165 posts

Posted 26 January 2008 - 09:45 AM

Hello chromeclassicxl, Sorry for the late reply, but as you can see we handle more than our fair share of logs. If you still have problems please post a fresh HijackThis log and we can begin the cleaning process. Regards,
SNOWHITE
Posted Image

#3 chromeclassicxl

chromeclassicxl

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 26 January 2008 - 10:02 AM

Logfile of HijackThis v1.99.1
Scan saved at 8:01:24 AM, on 1/26/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\sanovjwi.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\mrofinu.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394662E901F3
D2907D4E66914B5C1E9E689DB6FC45715EC67A0924A04FA6C784200C67D36D
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [c0b458de] rundll32.exe "C:\WINDOWS\System32\cxxpcvow.dll",b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/c...::/xpreload.ocx
O23 - Service: DomainService - - C:\WINDOWS\System32\sanovjwi.exe

#4 SNOWHITE

SNOWHITE

    Retired GTG Staff

  • Authentic Member
  • PipPip
  • 165 posts

Posted 26 January 2008 - 10:13 AM

Your log shows that you are using an unpatched version of Windows XP. It is CRITICAL that you update to Service Pack 1a with enhanced security features and all critical patches. Without doing this right away, you are wide open to re-infection and other security risks which are prone to an unpatched system and we are just wasting our time. By applying all critical updates/patches up to, but not including, SP2, you will close many of these holes and not keep getting infected while cleaning your machine.

Please visit this link: Microsoft Service Pack 1a
and follow the directions for Express Installation under "Installing SP1a on Your Computer".

Apply the update and reboot. Then run Hijackthis and post back with a new log.

IMPORTANT: DO NOT update to Service pack 2. Doing so before your computer is malware free can cause Windows to become unstable. You may update to SP2 when your sure the system is clean.


Regards,

Edited by SNOWHITE, 26 January 2008 - 10:15 AM.

SNOWHITE
Posted Image

#5 chromeclassicxl

chromeclassicxl

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 26 January 2008 - 10:24 AM

OK thank you Snowwhite!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users