PC Slow Starting

[Gwalch Y Mor]

I am hoping someone can help me .For the last three weeks my PC has been slow starting up . I have windows XP Home as an OS and up to now I have had very little problems with it . I downloaded Spybot SD and the program found these :-

WIN32.Downloader.gen
Montera.Toolbar
WIN32.Downloader.bltu
Ask.MyGlobalSearch
Delta.Toolbar
Babylon
Yontoo.Pagerage

The PC is now clean of these but is still slow starting . I have looked in System Configuration Facility and do not have any suspect programs in star up , however when I have tried Diagnostic Start up the Pc boots up straight away .

I looked at Spybot's "System Start Up" and found a entry at "Winlogon" called crypt32chain under "Value" , it,s "Command Line" is Crypt32.dll .
Is this a legitimate process ?


I would be very grateful if someone can help , as it sometimes takes up to 4-5 minuets for my pc to start.

I would like to mention that I was unable to download "aswMBR" through Google Chrome ( had to download via IE),however I did not have any problems downloading DDS through Chrome.

Edit
Removed second "attach.txt log"

DDS 2

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Garry at 10:06:26 on 2013-08-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1395 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} -
uRun: [HijackThis startup scan] c:\program files\trendmicro\hijackthis\HijackThis.exe /startupscan
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357393069968
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{D6340577-E52A-44FD-854C-8FF8A543E0C9} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F8E9D2E3-53A1-4DA8-BA02-5CEAD26B4DCA} : DHCPNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
.
============= SERVICES / DRIVERS ===============
.
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-2-11 16640]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-16 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-15 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-15 22856]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys --> c:\windows\system32\drivers\ctgame.sys [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 gearsec;gearsec; [x]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S4 Update WK;Update WK;c:\program files\webconnect\updateWebConnect.exe [2013-8-17 199976]
.
=============== Created Last 30 ================
.
2013-08-25 07:07:54 7166848 ----a-w- c:\docume~1\alluse~1\application data\microsoft\microsoft antimalware\definition updates\{219a5390-8fc4-4db3-8037-8e84ff1be0cd}\mpengine.dll
2013-08-23 11:27:08 -------- d-----w- C:\ComboFix
2013-08-22 16:13:05 -------- d-----w- c:\docume~1\garry\applic~1\Process Hacker 2
2013-08-22 15:57:59 -------- d-----w- c:\program files\Process Hacker 2
2013-08-22 15:48:32 7166848 ----a-w- c:\docume~1\alluse~1\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-08-22 15:19:16 -------- d-----w- c:\program files\Free Window Registry Repair
2013-08-21 17:36:05 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-08-21 17:36:01 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-08-21 17:36:01 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-08-21 17:34:59 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2013-08-21 17:33:56 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2013-08-21 17:32:58 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2013-08-21 17:31:59 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2013-08-21 17:30:59 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2013-08-21 17:29:53 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2013-08-21 17:28:57 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2013-08-21 17:27:57 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2013-08-21 17:26:58 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2013-08-21 17:25:59 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2013-08-21 17:24:58 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2013-08-21 17:23:57 27296 -c--a-w- c:\windows\system32\dllcache\perc2.sys
2013-08-21 17:22:57 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2013-08-21 17:21:59 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2013-08-21 17:20:52 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2013-08-21 17:20:47 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2013-08-21 17:20:40 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2013-08-21 17:20:38 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2013-08-21 17:20:37 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2013-08-21 17:20:28 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2013-08-21 17:20:25 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2013-08-21 17:20:23 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2013-08-21 17:20:16 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2013-08-21 17:20:14 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2013-08-21 17:20:09 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2013-08-21 17:20:03 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2013-08-21 17:20:01 34304 -c--a-w- c:\windows\system32\dllcache\migisol.exe
2013-08-21 17:18:59 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2013-08-21 17:17:57 471102 -c--a-w- c:\windows\system32\dllcache\imskdic.dll
2013-08-21 17:16:59 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2013-08-21 17:15:59 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
2013-08-21 17:14:58 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2013-08-21 17:13:59 595647 -c--a-w- c:\windows\system32\dllcache\es56cvmp.sys
2013-08-21 17:12:58 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2013-08-21 17:11:59 7424 -c--a-w- c:\windows\system32\dllcache\ddsmc.sys
2013-08-21 17:10:59 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2013-08-21 17:08:15 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2013-08-21 17:07:58 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll
2013-08-21 17:06:43 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2013-08-21 14:19:15 -------- d-----w- c:\program files\Emsisoft HiJackFree
2013-08-21 13:53:55 -------- d-----w- c:\program files\Microsoft Security Client
2013-08-20 17:36:26 -------- d-----w- c:\docume~1\garry\local settings\application data\avgchrome
2013-08-20 17:28:28 -------- d-----w- c:\docume~1\garry\local settings\application data\TopArcadeHits
2013-08-20 17:28:22 -------- d-----w- c:\program files\WebConnect
2013-08-20 11:32:59 -------- d-----w- C:\mbar
2013-08-20 11:08:35 -------- d-----w- c:\docume~1\alluse~1\application data\Malwarebytes' Anti-Malware (portable)
2013-08-19 21:17:53 -------- d-sha-r- C:\cmdcons
2013-08-16 12:09:02 1893504 ----a-w- C:\rkill.com
2013-08-16 10:04:14 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-08-16 10:04:14 -------- d-----w- c:\windows\system32\wbem\Repository
2013-08-16 10:03:56 -------- d-----w- c:\program files\Microsoft Download Manager
2013-08-15 15:26:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-08-15 06:53:09 -------- d-----w- C:\cmdcons(2)
2013-08-15 06:52:08 -------- d-----w- C:\ComboFix(4)
2013-08-09 19:02:03 -------- d-----w- c:\program files\Huawei Modems
2013-08-09 19:00:12 -------- d-----w- c:\windows\system32\MRT
2013-07-31 20:48:17 -------- d-----w- c:\docume~1\garry\local settings\application data\DoNotTrackPlus
2013-07-31 20:29:31 -------- d-----w- c:\program files\CheckPoint
2013-07-31 19:21:20 -------- d-----w- c:\docume~1\alluse~1\application data\CheckPoint
.
==================== Find3M ====================
.
2013-08-21 17:35:19 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 17:35:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet(5).dll
2013-06-07 21:56:06 1215488 ----a-w- c:\windows\system32\urlmon(5).dll
2013-06-07 21:56:06 105984 ----a-w- c:\windows\system32\url(5).dll
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-28 01:59:37 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 00:41:07 6144 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 10:07:30.04 ===============


aswMBR

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-25 10:07:46
-----------------------------
10:07:46.125 OS Version: Windows 5.1.2600 Service Pack 3
10:07:46.125 Number of processors: 2 586 0x4B02
10:07:46.125 ComputerName: GARRY-EC0E7D6DA UserName: Garry
10:07:47.031 Initialize success
10:14:27.125 AVAST engine defs: 13082500
10:20:58.156 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000073
10:20:58.156 Disk 0 Vendor: Maxtor_6L200M0 BANC1G10 Size: 190782MB BusType: 3
10:20:58.156 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000074
10:20:58.156 Disk 1 Vendor: Hitachi_HDP725050GLA360 GM4OA52A Size: 476940MB BusType: 3
10:20:58.265 Disk 1 MBR read successfully
10:20:58.265 Disk 1 MBR scan
10:20:58.312 Disk 1 Windows XP default MBR code
10:20:58.312 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 63
10:20:58.312 Disk 1 scanning sectors +976770144
10:20:58.343 Disk 1 scanning C:\WINDOWS\system32\drivers
10:21:06.890 Service scanning
10:21:20.093 Modules scanning
10:21:24.140 Disk 1 trace - called modules:
10:21:24.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
10:21:24.156 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8ab0aab8]
10:21:24.156 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000076[0x8ab2cf18]
10:21:24.156 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\00000074[0x8ab2b030]
10:21:24.984 AVAST engine scan C:\WINDOWS
10:21:32.593 AVAST engine scan C:\WINDOWS\system32
10:24:53.531 AVAST engine scan C:\WINDOWS\system32\drivers
10:25:18.187 AVAST engine scan C:\Documents and Settings\Garry
10:49:20.796 AVAST engine scan C:\Documents and Settings\All Users
10:55:53.921 Scan finished successfully
11:06:47.359 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Garry\Desktop\MBR.dat"
11:06:47.359 The log file has been saved successfully to "C:\Documents and Settings\Garry\Desktop\aswMBR.txt"

[Gwalch Y Mor]

I used "Process Hacker" the other day to monitor what was going on with my system , to cut a long story short it notified me of a new process called

MpKsl981a4e86 at system start .

When I looked into it's "Properties" in Security I found that it was entered in "Group or User name"s as "Account Unknown [S-1-5-32-547] ?

Is this normal ?

Thanks

Gwalch

[tashi]

Hello Gwalch Y Mor,

• Posting additional comments or logs before a volunteer responds can push you back instead of forward, because your thread ends up with a newer date. In addition helpers would think you are already being assisted because of the post count, they look for topics with a 0 response. For that reason we may merge such posts but please do not count on it.

The Waiting Room: Post here if waiting for help four days

FAQ: http://forums.spybot.info/showthread...-Assistance%29

Best regards.

[ken545]

Sorry for the delay, just give me a minute to look over your post and I will be back with you late afternoon.

Ken

[ken545]

You have a few bogus tool bars installed along with HJT wanting to run on each startup, lets do this.

Open HJT and go to the Main Menu and take the checkmark out of Run a scan at startup, then ok your way out.


Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Copy and paste the contents of that logfile in your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

[Gwalch Y Mor]

Ken,

Thanks for the reply , here is the log :-

# AdwCleaner v3.003 - Report created 12/09/2013 at 21:20:24
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Garry - GARRY-EC0E7D6DA
# Running from : C:\Documents and Settings\Garry\My Documents\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\WINDOWS\system32\conduitEngine.tmp
Folder Found C:\Documents and Settings\Administrator\IECompatCache
Folder Found C:\Documents and Settings\All Users\Application Data\AGI
Folder Found C:\Documents and Settings\All Users\Application Data\Ask
Folder Found C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Found C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar
Folder Found C:\Documents and Settings\Garry\Application Data\AGI
Folder Found C:\Documents and Settings\Garry\Application Data\Uniblue\DriverScanner
Folder Found C:\Documents and Settings\Garry\Application Data\Uniblue\SpeedUpMyPC
Folder Found C:\Documents and Settings\Garry\IECompatCache
Folder Found C:\Documents and Settings\Garry\Local Settings\Application Data\cre
Folder Found C:\Documents and Settings\Garry\Local Settings\Application Data\Kiwee Toolbar
Folder Found C:\Documents and Settings\LocalService\Application Data\AGI
Folder Found C:\Documents and Settings\Shannon\Application Data\AGI
Folder Found C:\Documents and Settings\Shannon\IECompatCache
Folder Found C:\Documents and Settings\Shannon\Local Settings\Application Data\ConduitEngine
Folder Found C:\Documents and Settings\Shannon\Local Settings\Application Data\Kiwee Toolbar
Folder Found C:\Program Files\AGI
Folder Found C:\Program Files\Kiwee Toolbar
Folder Found C:\Program Files\Uniblue\DriverScanner

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\BrowserMngr
Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKLM\Software\BrowserMngr
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\InstallerControl.InstallerObject
Key Found : HKLM\SOFTWARE\Classes\InstallerControl.InstallerObject.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2642706
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Product Found : BabylonObjectInstaller
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=DC45001150D01E29&affID=119357&tsp=4980

-\\ Google Chrome v

[ File : C:\Documents and Settings\Garry\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6812 octets] - [12/09/2013 21:20:24]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6872 octets] ##########