Charles W Posted December 9, 2010 ID:358911 Share Posted December 9, 2010 i was on the internet the other day and visited some site (i forget which one), but there was a popup that said firefox update recommended, and i usually trust firefox, and this one looked legit, but when i executed it, i knew i made a mistake, and i think thats the problem. anyway, i now have ads pop up every five minutes or so (even if i have no internet), and when i run mbam, it scans for about 3 minutes and then my computer restarts without warning. i ran hijackthis and heres my log. any help would be appreciated. thanks!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 5:34:14 PM, on 12/9/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\savedump.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\AGRSMMSG.exeC:\Program Files\ltmoh\Ltmoh.exeC:\PROGRA~1\LAUNCH~1\CPLBCL53.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Charles\My Documents\Downloads\HijackThis.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [LaunchApp] AlaunchO4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exeO4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXEO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSyncO4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSyncO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonO4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logonO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [JP595IR86O] C:\DOCUME~1\Charles\LOCALS~1\Temp\Wdl.exeO4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: Google ????... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.htmlO8 - Extra context menu item: ??? Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Download Video - {3B54DEAB-C6D4-48a8-8C32-A70558643400} - C:\Program Files\FinalVideoDownloader\fvdRunner.htmlO9 - Extra button: Link to post Share on other sites More sharing options...
Firefox Posted December 9, 2010 ID:358912 Share Posted December 9, 2010 Hi, and Welcome to Malwarebytes!Please read the following so that you can begin the cleaning process:As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here. After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.One of the expert helpers there will give you one-on-one assistance when one becomes available.Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours.Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.OrYou may send a Private Message to a Moderator asking for assistance.Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here.Please be patient, someone will assist you as soon as it is possible.PS: Please use the "ADDREPLY" button instead of other ones when you start replying. Link to post Share on other sites More sharing options...
daledoc1 Posted December 9, 2010 ID:358916 Share Posted December 9, 2010 i was on the internet the other day Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Please be sure to follow Firefox's instructions, but do take note that XP SP2 is no longer supported by MS and is not receiving updates and is very insecure (ditto IE 6). This may be one reason why your machine became infected in the first place.So, in the process of cleaning up your system, you will probably need to update to XP SP3 and IE 8, as I expect the experts will advise at the Virus forum.Hope you get it fixed up,daledoc1 Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now