We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Unnecessary screen savers, pop up,slow PC!

13»

Comments

  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Please post the log here
    :idea:
  • Kaybenson
    Kaybenson Posts: 927 Forumite
    Part of the Furniture 500 Posts Combo Breaker
    aliEnRIK wrote: »
    Please post the log here

    Malwarebytes' Anti-Malware 1.50.1.1100
    https://www.malwarebytes.org

    Database version: 5649

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    01/02/2011 08:32:07
    mbam-log-2011-02-01 (08-32-07).txt

    Scan type: Full scan (A:\|C:\|D:\|E:\|)
    Objects scanned: 234710
    Time elapsed: 8 hour(s), 9 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 15
    Registry Values Infected: 2
    Registry Data Items Infected: 3
    Folders Infected: 10
    Files Infected: 60

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    c:\program files\save tube video company\savetubevideo\MinBHO.dll (Adware.SkyMediaPack) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{27BA317E-7BBD-4EBE-A06A-47F076D9D6F7} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2574231F-9D6F-4B0E-9041-5DD7484564AD} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MinBHO.ShowBarObj.1 (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MinBHO.ShowBarObj (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{70EF8B2A-3A34-4913-AAFC-5A2827E0B1B1} (Adware.SkyLab) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{AD49CE2B-B922-4E2A-AAD9-C1565855C7BC} (Adware.SkyLab) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\KBBar.KBBarBand.1 (Adware.SkyLab) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\KBBar.KBBarBand (Adware.SkyLab) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveTubeVideo_is1 (Adware.SkyLab) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Value: {F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Value: {F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    c:\program files\save tube video company (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\content (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\locale (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\locale\en-US (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\skin (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\components (Adware.SkyLab) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files\save tube video company\savetubevideo\MinBHO.dll (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\savetubevideo.dll (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\my documents\downloads\super.dvd.creator.v9.8.multilingual.incl.keymaker-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
    c:\documents and settings\Kola\my documents\downloads\super.dvd.creator.v9.8.multilingual.incl.keymaker-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
    c:\documents and settings\Kola\my documents1\downloads\setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\browserstartpage.dll (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\Config.dat (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\downloader.exe (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\installhelper.exe (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\new_update.zip (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\toolbarupdate.exe (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\transport_dll.dll (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\unins000.dat (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\unins000.exe (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\update.dll (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome.manifest (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\install.rdf (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\tmp (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\content\about.xul (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\content\settings.js (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\content\skysearchtoolbar.js (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\content\skysearchtoolbar.xul (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\locale\en-US\skysearchtoolbar.dtd (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\locale\en-US\toolbar.properties (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\skin\about.png (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\skin\aboutDlg.png (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\skin\bigbutton.png (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\skin\gripper.png (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\skin\savevideo.png (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\skin\savevideo2.png (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\skin\search.png (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\skin\settings.png (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\skin\showstatus.png (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\skin\skysearchtoolbar.css (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\anti-viruses.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\archivators.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\auto credit.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\auto insurance.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\baccarat.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\bingo.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\body-building.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\casino.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\credit.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\free downloaders.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\general health.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\health and life.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\home.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\keno.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\men`s health.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\mp3 dvd players.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\pain relief.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\pets.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\poker.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\weight loss.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\chrome\words\women`s health.txt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\components\ISwslib.xpt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\components\nsirdshistoryservice.js (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\components\nsirdshistoryservice.xpt (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\components\rdstb-autocomplete.js (Adware.SkyLab) -> Quarantined and deleted successfully.
    c:\program files\save tube video company\savetubevideo\FF\components\swslib.dll (Adware.SkyLab) -> Quarantined and deleted successfully.
  • Kaybenson
    Kaybenson Posts: 927 Forumite
    Part of the Furniture 500 Posts Combo Breaker
    Commit charge is 735M/1057M
  • closed
    closed Posts: 10,886 Forumite
    That's quite high, have you followed the rest of the suggestions in post 4? Please post a hijackthis (there is a link in the thread) log if it's still slow after following them.
    !!
    > . !!!! ----> .
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Was that ALL of the log?
    :idea:
  • Kaybenson
    Kaybenson Posts: 927 Forumite
    Part of the Furniture 500 Posts Combo Breaker
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:24:58, on 04/02/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17093)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NCH Software\BroadCam\broadcam.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\NCH Software\BroadCam\broadcam.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
    C:\Program Files\Orbitdownloader\orbitdm.exe
    C:\Program Files\Orbitdownloader\orbitnet.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60468
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/?tbid=60468
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60468
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60468
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60468
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60468
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S86.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [BroadCam] "C:\Program Files\NCH Software\BroadCam\broadcam.exe" -logon
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: BroadCam Video Streaming Server (BroadCamService) - Unknown owner - C:\Program Files\NCH Software\BroadCam\broadcam.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe (file missing)
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 9432 bytes
  • peter_the_piper
    peter_the_piper Posts: 30,269 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    Worth doing a malwarebytes short scan as well.
    I'd rather be an Optimist and be proved wrong than a Pessimist and be proved right.
  • closed
    closed Posts: 10,886 Forumite
    uninstall spyware terminator, follow link in post 4
    !!
    > . !!!! ----> .
  • peter_the_piper
    peter_the_piper Posts: 30,269 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    Personally I'd remove the Ask, crawler and yahoo toolbar and associated links.
    I'd rather be an Optimist and be proved wrong than a Pessimist and be proved right.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    peter_the_piper wrote: »
    Personally I'd remove the Ask, crawler and yahoo toolbar and associated links.

    Agreed

    Uninstall the ASK, , YAHOO, SKYPE, EPSON, CRAWLER + ORBITDOWNLOADER toolbars (especially the crawler and orbitdownloader ones)

    TICK and FIX these (if still there after uninstalling) -
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispat...=%s&tbid=60468
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60468
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60468
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=60468
    R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe (file missing)
    :idea:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.7K Banking & Borrowing
  • 253.4K Reduce Debt & Boost Income
  • 454K Spending & Discounts
  • 244.7K Work, Benefits & Business
  • 600.1K Mortgages, Homes & Bills
  • 177.3K Life & Family
  • 258.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.2K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture