Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop ups and computer running really slow. System Guard pop ups


  • Please log in to reply
1 reply to this topic

#1 Hwcm

Hwcm

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 05 February 2009 - 12:34 AM

I keep geeting warning pop ups for system guard and when I google anything I get results for a site called ToSeekA.com. Also my computer is slow to open web pages and any files really.



DDS (Ver_09-02-01.01) - NTFSx86
Run by Howard at 0:24:32.68 on Thu 02/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1360 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Howard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Howard\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229589279226
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229589265695
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: b4b41819530 - c:\windows\system32\iesetup32.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\windows\system32\iesetup32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\howard\applic~1\mozilla\firefox\profiles\jcpqmenr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?source=mpues&hl=en
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - plugin: c:\documents and settings\howard\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-4 64160]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-2-3 10384]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]

=============== Created Last 30 ================

2009-02-05 00:07 1,160,192 a------- c:\windows\system32\SETB7.tmp
2009-02-05 00:07 6,066,176 a------- c:\windows\system32\SETC5.tmp
2009-02-04 21:21 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-04 20:10 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-04 19:41 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-04 19:41 <DIR> --d----- c:\program files\Lavasoft
2009-02-03 23:04 9,446 a------- c:\windows\GnuHashes.ini
2009-02-03 22:57 1,437 a--sh--- c:\windows\system32\GroupPolicy000.dat
2009-02-03 22:56 135,168 a------- c:\windows\system32\iesetup32.dll
2009-02-03 22:46 <DIR> --d----- c:\docume~1\howard\applic~1\Morpheus Software
2009-02-03 22:46 <DIR> --d----- c:\program files\Morpheus Photo Morpher
2009-02-03 03:18 <DIR> --d----- c:\docume~1\howard\applic~1\Desktop3D
2009-02-03 03:18 <DIR> --d----- c:\program files\Desktop3D
2009-02-03 00:09 10,384 a------- c:\windows\system32\drivers\LBeepKE.sys
2009-02-03 00:09 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-02-03 00:09 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-02-03 00:06 301,656 a------- c:\windows\system32\BtCoreIf.dll
2009-02-03 00:06 170,512 a------- c:\windows\system32\kemutb.dll
2009-02-03 00:06 145,936 a------- c:\windows\system32\KemUtil.dll
2009-02-03 00:06 117,264 a------- c:\windows\system32\KemWnd.dll
2009-02-03 00:06 84,496 a------- c:\windows\system32\KemXML.dll
2009-02-02 23:38 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-02-02 23:38 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-02-02 23:38 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-02-02 23:38 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-02-02 23:38 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-02-02 23:38 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-01-29 06:37 <DIR> --d----- c:\windows\ie8updates
2009-01-29 04:39 <DIR> --d----- c:\docume~1\howard\applic~1\Otto
2009-01-29 04:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Otto
2009-01-27 23:29 <DIR> --d----- c:\program files\Trend Micro
2009-01-27 23:22 98,816 a------- c:\windows\sed.exe
2009-01-27 23:22 <DIR> --d----- C:\ComboFix
2009-01-27 05:57 <DIR> --d----- c:\docume~1\howard\applic~1\Malwarebytes
2009-01-27 05:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-27 05:57 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-27 05:57 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-27 05:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-26 04:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-01-26 04:30 <DIR> --d----- c:\program files\Nero
2009-01-26 02:11 <DIR> --d----- c:\program files\DVDFab 5
2009-01-26 00:25 <DIR> --d----- c:\windows\system32\appmgmt
2009-01-25 01:27 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-01-25 01:27 47,360 a------- c:\docume~1\howard\applic~1\pcouffin.sys
2009-01-24 04:23 <DIR> --d----- C:\LO4_0N_NT1_DES
2009-01-24 04:21 <DIR> --d----- c:\program files\DVD Decrypter
2009-01-24 04:19 <DIR> --d----- c:\docume~1\howard\applic~1\RipIt4Me
2009-01-24 04:04 <DIR> --d----- c:\program files\DVD Shrink
2009-01-10 02:43 208,896 a------- c:\windows\system\lame_enc.dll
2009-01-08 01:40 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-07 02:32 14,048 -------- c:\windows\system32\spmsg2.dll
2009-01-07 00:51 <DIR> --d----- c:\program files\common files\SupportSoft

==================== Find3M ====================

2008-12-13 01:40 3,593,216 -------- c:\windows\system32\SET111.tmp
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-11-24 22:18 218,624 a------- c:\windows\system32\uxtheme.dll
2008-11-18 02:05 24,064 a------- c:\windows\system32\ctfmon.exe
2008-11-17 04:48 532,480 a------- c:\windows\system32\FLIQLO.scr
2008-11-17 02:23 87,747 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-16 02:48 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-11-10 12:23 243,840 a------- c:\windows\system32\ZuneWlanCfgSvc.exe
2008-11-10 12:23 60,032 a------- c:\windows\system32\ZuneBusEnum.exe
2008-11-10 12:09 73,728 a------- c:\windows\system32\ZuneUsbTransport.dll
2008-11-10 12:09 18,944 a------- c:\windows\system32\ZuneTcp2Udp.dll
2008-11-10 12:09 57,344 a------- c:\windows\system32\ZuneRegUtil.dll
2008-11-10 12:09 12,800 a------- c:\windows\system32\ZunePTDNS.dll
2008-11-10 12:09 310,272 a------- c:\windows\system32\ZuneNetProxy.dll
2008-11-10 12:09 145,920 a------- c:\windows\system32\ZuneMTPZ.dll

============= FINISH: 0:25:53.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Taz71498

Taz71498

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:05 AM

Posted 17 February 2009 - 06:00 PM

Hello Hwcm,

Welcome to Bleeping Computers!

While I look over your logs, could you please do this for me:

Please download Malwarebytes' Anti-Malware from http://www.besttechie.net/tools/mbam-setup.exe or http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,
click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,
please do so immediately.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users