Page 1 of 4 1234 LastLast
Results 1 to 10 of 32

Thread: PC Slow Starting

  1. #1
    Junior Member
    Join Date
    Aug 2013
    Posts
    25

    Default PC Slow Starting

    I am hoping someone can help me .For the last three weeks my PC has been slow starting up . I have windows XP Home as an OS and up to now I have had very little problems with it . I downloaded Spybot SD and the program found these :-

    WIN32.Downloader.gen
    Montera.Toolbar
    WIN32.Downloader.bltu
    Ask.MyGlobalSearch
    Delta.Toolbar
    Babylon
    Yontoo.Pagerage

    The PC is now clean of these but is still slow starting . I have looked in System Configuration Facility and do not have any suspect programs in star up , however when I have tried Diagnostic Start up the Pc boots up straight away .

    I looked at Spybot's "System Start Up" and found a entry at "Winlogon" called crypt32chain under "Value" , it,s "Command Line" is Crypt32.dll .
    Is this a legitimate process ?


    I would be very grateful if someone can help , as it sometimes takes up to 4-5 minuets for my pc to start.

    I would like to mention that I was unable to download "aswMBR" through Google Chrome ( had to download via IE),however I did not have any problems downloading DDS through Chrome.

    Edit
    Removed second "attach.txt log"


    DDS 2

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by Garry at 10:06:26 on 2013-08-25
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1395 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Connection Wizard,ShellNext = iexplore
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} -
    uRun: [HijackThis startup scan] c:\program files\trendmicro\hijackthis\HijackThis.exe /startupscan
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357393069968
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
    DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{D6340577-E52A-44FD-854C-8FF8A543E0C9} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{F8E9D2E3-53A1-4DA8-BA02-5CEAD26B4DCA} : DHCPNameServer = 192.168.0.1
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-2-11 16640]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-16 418376]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-15 701512]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-15 22856]
    S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
    S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
    S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
    S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
    S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
    S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
    S3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys --> c:\windows\system32\drivers\ctgame.sys [?]
    S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
    S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
    S3 gearsec;gearsec; [x]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
    S4 Update WK;Update WK;c:\program files\webconnect\updateWebConnect.exe [2013-8-17 199976]
    .
    =============== Created Last 30 ================
    .
    2013-08-25 07:07:54 7166848 ----a-w- c:\docume~1\alluse~1\application data\microsoft\microsoft antimalware\definition updates\{219a5390-8fc4-4db3-8037-8e84ff1be0cd}\mpengine.dll
    2013-08-23 11:27:08 -------- d-----w- C:\ComboFix
    2013-08-22 16:13:05 -------- d-----w- c:\docume~1\garry\applic~1\Process Hacker 2
    2013-08-22 15:57:59 -------- d-----w- c:\program files\Process Hacker 2
    2013-08-22 15:48:32 7166848 ----a-w- c:\docume~1\alluse~1\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-08-22 15:19:16 -------- d-----w- c:\program files\Free Window Registry Repair
    2013-08-21 17:36:05 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2013-08-21 17:36:01 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2013-08-21 17:36:01 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2013-08-21 17:34:59 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
    2013-08-21 17:33:56 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
    2013-08-21 17:32:58 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
    2013-08-21 17:31:59 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
    2013-08-21 17:30:59 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
    2013-08-21 17:29:53 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
    2013-08-21 17:28:57 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
    2013-08-21 17:27:57 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
    2013-08-21 17:26:58 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
    2013-08-21 17:25:59 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
    2013-08-21 17:24:58 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
    2013-08-21 17:23:57 27296 -c--a-w- c:\windows\system32\dllcache\perc2.sys
    2013-08-21 17:22:57 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
    2013-08-21 17:21:59 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
    2013-08-21 17:20:52 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
    2013-08-21 17:20:47 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
    2013-08-21 17:20:40 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
    2013-08-21 17:20:38 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
    2013-08-21 17:20:37 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
    2013-08-21 17:20:28 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
    2013-08-21 17:20:25 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
    2013-08-21 17:20:23 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
    2013-08-21 17:20:16 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
    2013-08-21 17:20:14 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
    2013-08-21 17:20:09 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
    2013-08-21 17:20:03 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
    2013-08-21 17:20:01 34304 -c--a-w- c:\windows\system32\dllcache\migisol.exe
    2013-08-21 17:18:59 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
    2013-08-21 17:17:57 471102 -c--a-w- c:\windows\system32\dllcache\imskdic.dll
    2013-08-21 17:16:59 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
    2013-08-21 17:15:59 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
    2013-08-21 17:14:58 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
    2013-08-21 17:13:59 595647 -c--a-w- c:\windows\system32\dllcache\es56cvmp.sys
    2013-08-21 17:12:58 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
    2013-08-21 17:11:59 7424 -c--a-w- c:\windows\system32\dllcache\ddsmc.sys
    2013-08-21 17:10:59 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
    2013-08-21 17:08:15 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
    2013-08-21 17:07:58 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll
    2013-08-21 17:06:43 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
    2013-08-21 14:19:15 -------- d-----w- c:\program files\Emsisoft HiJackFree
    2013-08-21 13:53:55 -------- d-----w- c:\program files\Microsoft Security Client
    2013-08-20 17:36:26 -------- d-----w- c:\docume~1\garry\local settings\application data\avgchrome
    2013-08-20 17:28:28 -------- d-----w- c:\docume~1\garry\local settings\application data\TopArcadeHits
    2013-08-20 17:28:22 -------- d-----w- c:\program files\WebConnect
    2013-08-20 11:32:59 -------- d-----w- C:\mbar
    2013-08-20 11:08:35 -------- d-----w- c:\docume~1\alluse~1\application data\Malwarebytes' Anti-Malware (portable)
    2013-08-19 21:17:53 -------- d-sha-r- C:\cmdcons
    2013-08-16 12:09:02 1893504 ----a-w- C:\rkill.com
    2013-08-16 10:04:14 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2013-08-16 10:04:14 -------- d-----w- c:\windows\system32\wbem\Repository
    2013-08-16 10:03:56 -------- d-----w- c:\program files\Microsoft Download Manager
    2013-08-15 15:26:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2013-08-15 06:53:09 -------- d-----w- C:\cmdcons(2)
    2013-08-15 06:52:08 -------- d-----w- C:\ComboFix(4)
    2013-08-09 19:02:03 -------- d-----w- c:\program files\Huawei Modems
    2013-08-09 19:00:12 -------- d-----w- c:\windows\system32\MRT
    2013-07-31 20:48:17 -------- d-----w- c:\docume~1\garry\local settings\application data\DoNotTrackPlus
    2013-07-31 20:29:31 -------- d-----w- c:\program files\CheckPoint
    2013-07-31 19:21:20 -------- d-----w- c:\docume~1\alluse~1\application data\CheckPoint
    .
    ==================== Find3M ====================
    .
    2013-08-21 17:35:19 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-08-21 17:35:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
    2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
    2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet(5).dll
    2013-06-07 21:56:06 1215488 ----a-w- c:\windows\system32\urlmon(5).dll
    2013-06-07 21:56:06 105984 ----a-w- c:\windows\system32\url(5).dll
    2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
    2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
    2013-05-28 01:59:37 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-05-28 00:41:07 6144 ----a-w- c:\windows\system32\xpsp4res.dll
    .
    ============= FINISH: 10:07:30.04 ===============


    aswMBR

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-08-25 10:07:46
    -----------------------------
    10:07:46.125 OS Version: Windows 5.1.2600 Service Pack 3
    10:07:46.125 Number of processors: 2 586 0x4B02
    10:07:46.125 ComputerName: GARRY-EC0E7D6DA UserName: Garry
    10:07:47.031 Initialize success
    10:14:27.125 AVAST engine defs: 13082500
    10:20:58.156 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000073
    10:20:58.156 Disk 0 Vendor: Maxtor_6L200M0 BANC1G10 Size: 190782MB BusType: 3
    10:20:58.156 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000074
    10:20:58.156 Disk 1 Vendor: Hitachi_HDP725050GLA360 GM4OA52A Size: 476940MB BusType: 3
    10:20:58.265 Disk 1 MBR read successfully
    10:20:58.265 Disk 1 MBR scan
    10:20:58.312 Disk 1 Windows XP default MBR code
    10:20:58.312 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 63
    10:20:58.312 Disk 1 scanning sectors +976770144
    10:20:58.343 Disk 1 scanning C:\WINDOWS\system32\drivers
    10:21:06.890 Service scanning
    10:21:20.093 Modules scanning
    10:21:24.140 Disk 1 trace - called modules:
    10:21:24.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
    10:21:24.156 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8ab0aab8]
    10:21:24.156 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000076[0x8ab2cf18]
    10:21:24.156 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\00000074[0x8ab2b030]
    10:21:24.984 AVAST engine scan C:\WINDOWS
    10:21:32.593 AVAST engine scan C:\WINDOWS\system32
    10:24:53.531 AVAST engine scan C:\WINDOWS\system32\drivers
    10:25:18.187 AVAST engine scan C:\Documents and Settings\Garry
    10:49:20.796 AVAST engine scan C:\Documents and Settings\All Users
    10:55:53.921 Scan finished successfully
    11:06:47.359 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Garry\Desktop\MBR.dat"
    11:06:47.359 The log file has been saved successfully to "C:\Documents and Settings\Garry\Desktop\aswMBR.txt"
    Attached Files Attached Files
    Last edited by tashi; 2013-08-26 at 06:46. Reason: As discussed previously, split off misc posts, merged three others. :)

  2. #2
    Junior Member
    Join Date
    Aug 2013
    Posts
    25

    Default

    I used "Process Hacker" the other day to monitor what was going on with my system , to cut a long story short it notified me of a new process called

    MpKsl981a4e86 at system start .

    When I looked into it's "Properties" in Security I found that it was entered in "Group or User name"s as "Account Unknown [S-1-5-32-547] ?

    Is this normal ?

    Thanks

    Gwalch

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,492

    Default

    Hello Gwalch Y Mor,

    • Posting additional comments or logs before a volunteer responds can push you back instead of forward, because your thread ends up with a newer date. In addition helpers would think you are already being assisted because of the post count, they look for topics with a 0 response. For that reason we may merge such posts but please do not count on it.
    The Waiting Room: Post here if waiting for help four days

    FAQ: http://forums.spybot.info/showthread...-Assistance%29

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #4
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Sorry for the delay, just give me a minute to look over your post and I will be back with you late afternoon.

    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    You have a few bogus tool bars installed along with HJT wanting to run on each startup, lets do this.

    Open HJT and go to the Main Menu and take the checkmark out of Run a scan at startup, then ok your way out.


    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #6
    Junior Member
    Join Date
    Aug 2013
    Posts
    25

    Default

    Ken,

    Thanks for the reply , here is the log :-

    # AdwCleaner v3.003 - Report created 12/09/2013 at 21:20:24
    # Updated 07/09/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Garry - GARRY-EC0E7D6DA
    # Running from : C:\Documents and Settings\Garry\My Documents\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\WINDOWS\system32\conduitEngine.tmp
    Folder Found C:\Documents and Settings\Administrator\IECompatCache
    Folder Found C:\Documents and Settings\All Users\Application Data\AGI
    Folder Found C:\Documents and Settings\All Users\Application Data\Ask
    Folder Found C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    Folder Found C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar
    Folder Found C:\Documents and Settings\Garry\Application Data\AGI
    Folder Found C:\Documents and Settings\Garry\Application Data\Uniblue\DriverScanner
    Folder Found C:\Documents and Settings\Garry\Application Data\Uniblue\SpeedUpMyPC
    Folder Found C:\Documents and Settings\Garry\IECompatCache
    Folder Found C:\Documents and Settings\Garry\Local Settings\Application Data\cre
    Folder Found C:\Documents and Settings\Garry\Local Settings\Application Data\Kiwee Toolbar
    Folder Found C:\Documents and Settings\LocalService\Application Data\AGI
    Folder Found C:\Documents and Settings\Shannon\Application Data\AGI
    Folder Found C:\Documents and Settings\Shannon\IECompatCache
    Folder Found C:\Documents and Settings\Shannon\Local Settings\Application Data\ConduitEngine
    Folder Found C:\Documents and Settings\Shannon\Local Settings\Application Data\Kiwee Toolbar
    Folder Found C:\Program Files\AGI
    Folder Found C:\Program Files\Kiwee Toolbar
    Folder Found C:\Program Files\Uniblue\DriverScanner

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\BrowserMngr
    Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
    Key Found : HKLM\Software\BrowserMngr
    Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Classes\driverscanner
    Key Found : HKLM\SOFTWARE\Classes\InstallerControl.InstallerObject
    Key Found : HKLM\SOFTWARE\Classes\InstallerControl.InstallerObject.1
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2642706
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Product Found : BabylonObjectInstaller
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702

    Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=DC45001150D01E29&affID=119357&tsp=4980

    -\\ Google Chrome v

    [ File : C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [6812 octets] - [12/09/2013 21:20:24]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6872 octets] ##########

  7. #7
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    How are ya doing ??

    Double click on AdwCleaner.exe to run the tool again.
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
    • This time, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.







    Download Junkware Removal Tool to your desktop

    • shut down your protection software now to avoid potential conflicts.
    • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    • the tool will open and start scanning your system
    • please be patient as this can take a while to complete depending on your system's specifications
    • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
    • post the contents of JRT.txt into your next message.







    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #8
    Junior Member
    Join Date
    Aug 2013
    Posts
    25

    Default

    Ken,

    I did not recognize any of that crap ADW found so I ran the cleaner and the PC booted up straight away ! like it use to do before , marvelous !.

    When I ran it again it found the following entries :-


    ***** [ Registry ] *****

    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Product Found : BabylonObjectInstaller

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Google Chrome v

    [ File : C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    Here is the LOG for JRT :-

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.0 (09.12.2013:1)
    OS: Microsoft Windows XP x86
    Ran by Garry on 12/09/2013 at 22:33:43.50
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-515967899-1214440339-725345543-1004\Software\SweetIM
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Program Files\styler\tb"
    Successfully deleted: [Folder] "C:\Documents and Settings\Garry\start menu\programs\free window registry repair"





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 12/09/2013 at 22:37:39.31
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  9. #9
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Let me see the OTL log and we can remove even more
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Junior Member
    Join Date
    Aug 2013
    Posts
    25

    Default

    Here is the OTL LOG :-

    OTL logfile created on: 13/09/2013 17:32:26 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Garry\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.58% Memory free
    4.85 Gb Paging File | 4.34 Gb Available in Paging File | 89.48% Paging File free
    Paging file location(s): C:\pagefile.sys 3069 3069 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.76 Gb Total Space | 328.40 Gb Free Space | 70.51% Space Free | Partition Type: NTFS
    Drive D: | 186.30 Gb Total Space | 154.80 Gb Free Space | 83.09% Space Free | Partition Type: NTFS

    Computer Name: GARRY-EC0E7D6DA | User Name: Garry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Garry\My Documents\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV - (gearsec) -- File not found
    SRV - (CTAudSvcService) -- File not found
    SRV - (ATI Smart) -- File not found
    SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
    SRV - (ACDaemon) -- File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (VX6000) -- Reg Error: Invalid data type. File not found
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys File not found
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS File not found
    DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (mdvrmng) -- C:\WINDOWS\system32\drivers\mdvrmng.sys File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (emupia) -- system32\drivers\emupia2k.sys File not found
    DRV - (CTSBLFX.SYS) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS File not found
    DRV - (CTSBLFX.DLL) -- system32\CTSBLFX.DLL File not found
    DRV - (CTSBLFX) -- system32\drivers\CTSBLFX.SYS File not found
    DRV - (CTHWIUT.DLL) -- system32\CTHWIUT.DLL File not found
    DRV - (ctgame) -- system32\DRIVERS\ctgame.sys File not found
    DRV - (CTEXFIFX.DLL) -- system32\CTEXFIFX.DLL File not found
    DRV - (CTERFXFX.SYS) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS File not found
    DRV - (CTERFXFX.DLL) -- system32\CTERFXFX.DLL File not found
    DRV - (CTERFXFX) -- system32\drivers\CTERFXFX.SYS File not found
    DRV - (CTEDSPSY.DLL) -- system32\CTEDSPSY.DLL File not found
    DRV - (CTEDSPIO.DLL) -- system32\CTEDSPIO.DLL File not found
    DRV - (CTEDSPFX.DLL) -- system32\CTEDSPFX.DLL File not found
    DRV - (CTEAPSFX.DLL) -- system32\CTEAPSFX.DLL File not found
    DRV - (CTAUDFX.SYS) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS File not found
    DRV - (CTAUDFX.DLL) -- File not found
    DRV - (CTAUDFX) -- system32\drivers\CTAUDFX.SYS File not found
    DRV - (CT20XUT.DLL) -- system32\CT20XUT.DLL File not found
    DRV - (COMMONFX.SYS) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS File not found
    DRV - (COMMONFX.DLL) -- system32\COMMONFX.DLL File not found
    DRV - (COMMONFX) -- system32\drivers\COMMONFX.SYS File not found
    DRV - (Changer) -- File not found
    DRV - (Afc) -- system32\drivers\Afc.sys File not found
    DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
    DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
    DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
    DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
    DRV - (nvata) -- C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation)
    DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
    DRV - (nvcchflt) -- C:\WINDOWS\system32\drivers\nvcchflt.sys (NVIDIA Corporation)
    DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
    DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\bcmwl5.sys (Broadcom Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-515967899-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKU\S-1-5-21-515967899-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKU\S-1-5-21-515967899-1214440339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 44 9C F5 BB 7C CD 01 [binary data]
    IE - HKU\S-1-5-21-515967899-1214440339-725345543-1004\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-515967899-1214440339-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-515967899-1214440339-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013/09/13 17:20:59 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)


    [2012/11/24 16:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Garry\Application Data\Mozilla\Extensions
    [2013/08/16 22:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\pdf.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Drive = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: WOT = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.13_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
    CHR - Extension: Bitdefender QuickScan = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.131_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/08/28 20:25:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
    O3 - HKU\S-1-5-21-515967899-1214440339-725345543-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-515967899-1214440339-725345543-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\Shannon\Start Menu\Programs\Startup\IMVU.lnk.disabled ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-515967899-1214440339-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-515967899-1214440339-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-515967899-1214440339-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-515967899-1214440339-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
    O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1357393069968 (MUWebControl Class)
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/Driver...aSmartScan.cab (Reg Error: Key error.)
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (Reg Error: Key error.)
    O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/downlo...oadManager.cab (Microsoft Download Manager ActiveX control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6340577-E52A-44FD-854C-8FF8A543E0C9}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8E9D2E3-53A1-4DA8-BA02-5CEAD26B4DCA}: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Garry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Garry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/11/06 01:41:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •