Results 1 to 3 of 3

Thread: pop ups, computer is slow shuts off randomly

  1. #1
    Member
    Join Date
    Jun 2007
    Posts
    31

    Default pop ups, computer is slow shuts off randomly

    i could not do s&d and kaspersky Thanks

    HJT

    Logfile of HijackThis v1.99.1
    Scan saved at 1:03:28 PM, on 2/16/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\Program Files\Comodo\CBOClean\BOCORE.exe
    D:\WINDOWS\system32\cisvc.exe
    D:\WINDOWS\system32\DVDRAMSV.exe
    D:\WINDOWS\system32\HPZipm12.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\Comodo\CBOClean\BOC424.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    E:\hjt\scanner.exe
    D:\Program Files\Mozilla Firefox\firefox.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - D:\WINDOWS\system32\ojuphdwd.dll
    O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - D:\WINDOWS\system32\mljgfde.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [BOC-424] D:\PROGRA~1\Comodo\CBOClean\BOC424.exe
    O4 - HKLM\..\Run: [Ultimate Defender] "D:\Program Files\Ultimate Defender\UltimateDefender.exe" hide
    O4 - HKLM\..\Run: [548824fb] rundll32.exe "D:\WINDOWS\system32\ljjyslyj.dll",b
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: .protected
    O4 - Global Startup: .protected
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: cru629.dat
    O20 - Winlogon Notify: mljgfde - D:\WINDOWS\SYSTEM32\mljgfde.dll
    O20 - Winlogon Notify: ojuphdwd - D:\WINDOWS\SYSTEM32\ojuphdwd.dll
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: BOCore - COMODO - D:\Program Files\Comodo\CBOClean\BOCORE.exe
    O23 - Service: DNADownloader - CNET Networks - D:\Program Files\GameSpot\DownloadManager_Win32.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - D:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe (file missing)

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi agohel1

    We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

    1. Run Spybot-S&D in Advanced Mode.
    2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    3. On the left hand side, Click on Tools
    4. Then click on the Resident Icon in the List
    5. Uncheck "Resident TeaTimer" and OK any prompts.
    6. Restart your computer.

    1. Download combofix from any of these links and save it to Desktop:
    Link 1
    Link 2
    Link 3

    **Note: It is important that it is saved directly to your desktop**

    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.

    If you have problems with Combofix usage, see here

    Post:

    - a fresh HijackThis log
    - combofix report
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Due to the lack of feedback this Topic is closed.

    If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

    Everyone else please begin a New Topic.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •