Babylon Malware/adware detected with Spybot [Solved]
Started by
calmat01
, Jan 25 2013 12:30 PM
This topic is locked
#16
Posted 29 January 2013 - 10:30 PM
gringo_pr
-
- Malware Removal
-
- 7,268 posts
Trusted Helper
#17
Posted 30 January 2013 - 01:05 PM
calmat01
- Topic Starter
-
- Member
-
- 50 posts
Member
My Firefox homepage opened up normally. Cllaro Search did not come up. The speed of my computer is faster. I just got on and have not had the popups that were occurring before. I will try Yahoo and Facebook to see if any of the popups return. Thank you for all your help and patience!
#18
Posted 30 January 2013 - 08:05 PM
gringo_pr
-
- Malware Removal
-
- 7,268 posts
Trusted Helper
Hello
These logs are looking allot better. But we still have some work to do.
Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..
uninstall some programs
NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.
You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
Programs to remove
Ask Toolbar
Bing Bar
Conduit Engine
Java 7 Update 9
Java™ 6 Update 24
Java™ 6 Update 27
Java™ 6 Update 6
JavaFX 2.1.1
McAfee Security Scan Plus
Search Assistant MocaFlix 1.66
Uniblue RegistryBooster
VaudiX
[/list]
Please download and install Revo Uninstaller Free
Clean Out Temp Files
: Malwarebytes' Anti-Malware :
I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Download HijackThis
"information and logs"
Gringo
These logs are looking allot better. But we still have some work to do.
Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..
uninstall some programs
NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.
You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
Programs to remove
Ask Toolbar
Bing Bar
Conduit Engine
Java 7 Update 9
Java™ 6 Update 24
Java™ 6 Update 27
Java™ 6 Update 6
JavaFX 2.1.1
McAfee Security Scan Plus
Search Assistant MocaFlix 1.66
Uniblue RegistryBooster
VaudiX
[/list]
Please download and install Revo Uninstaller Free
- Double click Revo Uninstaller to run it.
- From the list of programs double click on The Program to remove
- When prompted if you want to uninstall click Yes.
- Be sure the Moderate option is selected then click Next.
- The program will run, If prompted again click Yes
- when the built-in uninstaller is finished click on Next.
- Once the program has searched for leftovers click Next.
- Check/tick the bolded items only on the list then click Delete
- when prompted click on Yes and then on next.
- put a check on any folders that are found and select delete
- when prompted select yes then on next
- Once done click Finish.
Clean Out Temp Files
- This small application you may want to keep and use once a week to keep the computer clean.
Download CCleaner from here http://www.ccleaner.com/
- Run the installer to install the application.
- When it gives you the option to install Yahoo toolbar uncheck the box next to it.
- Run CCleaner. default settings are fine
- Click Run Cleaner.
- Close CCleaner.
: Malwarebytes' Anti-Malware :
I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan
- Double-click mbam icon
- go to the update tab at the top
- click on check for updates
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
- When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidentally close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Download HijackThis
- Go Here to download HijackThis program
- Save HijackThis to your desktop.
- Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
- Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
- copy and paste hijackthis report into the topic
"information and logs"
- In your next post I need the following
- Log From MBAM
- report from Hijackthis
- let me know of any problems you may have had
- How is the computer doing now?
Gringo
#19
Posted 31 January 2013 - 05:03 PM
calmat01
- Topic Starter
-
- Member
-
- 50 posts
Member
I downloaded Revo Uninstaller and deleted the items on the list that I could find. I did not find a Java 7 update 9; instead, I found a Java 7 update 11. Also, I didn't see in the window of the programs/files that Revo showed either Vaudix, Search Assistant MocaFlix 1.66, Conduit Engine, or the Ask Toolbar.
I then downloaded CCCleaner and ran it as instructed. Following that, I updated MBAM and ran a quick scan, but it kept hanging up on CNNIC Search Bar and wouldn't proceed. Incidentally, this is also the same item that Spy Bot hangs up on. Even if I leave my laptop on for hours, I will come back and find that either Spy Bot is 'not responding' or that MBAM is 'not responding'. So, I could not produce any MBAM log as you requested. I seem to recall having the same issue with both Spy Bot and MBAM once before on the CNNIC Search Bar hangup.
I downloaded and ran Hijack this. Here is the log.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:01:05 PM, on 1/31/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\Aware.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\Marker.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Users\Joe\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.2.1.22\coIEPlg.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.2.1.22\IPS\IPSBHO.DLL
O2 - BHO: (no name) - {74F45961-8267-3DE9-4553-BC58A8FA0C85} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: (no name) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - (no file)
O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (file missing)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.2.1.22\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
O4 - HKLM\..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe -e
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe /startup
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: Epson all-in-one Registration.lnk = D:\Common\EpsonReg\EpsonReg.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Joe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Save Page As PDF ... - file://C:\Program Files\Nitro PDF\PDF Download\nitroweb.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creat...13/CTPIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creat...015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creat...10926/CTPID.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
--
End of file - 17418 bytes
I then downloaded CCCleaner and ran it as instructed. Following that, I updated MBAM and ran a quick scan, but it kept hanging up on CNNIC Search Bar and wouldn't proceed. Incidentally, this is also the same item that Spy Bot hangs up on. Even if I leave my laptop on for hours, I will come back and find that either Spy Bot is 'not responding' or that MBAM is 'not responding'. So, I could not produce any MBAM log as you requested. I seem to recall having the same issue with both Spy Bot and MBAM once before on the CNNIC Search Bar hangup.
I downloaded and ran Hijack this. Here is the log.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:01:05 PM, on 1/31/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\Aware.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\Marker.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Users\Joe\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.2.1.22\coIEPlg.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.2.1.22\IPS\IPSBHO.DLL
O2 - BHO: (no name) - {74F45961-8267-3DE9-4553-BC58A8FA0C85} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: (no name) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - (no file)
O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (file missing)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.2.1.22\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
O4 - HKLM\..\Run: [SMART SNMP Agent] C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe -e
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe /startup
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: Epson all-in-one Registration.lnk = D:\Common\EpsonReg\EpsonReg.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Joe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Save Page As PDF ... - file://C:\Program Files\Nitro PDF\PDF Download\nitroweb.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creat...13/CTPIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creat...015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creat...10926/CTPID.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
--
End of file - 17418 bytes
#20
Posted 31 January 2013 - 05:13 PM
gringo_pr
-
- Malware Removal
-
- 7,268 posts
Trusted Helper
hello
I do not see that in any of the reports so if you can give me the exact address so I can remove it
I do not see that in any of the reports so if you can give me the exact address so I can remove it
#21
Posted 31 January 2013 - 05:48 PM
calmat01
- Topic Starter
-
- Member
-
- 50 posts
Member
CNNIC.Searchbar is all I found. I am not certain what the full address is as this is all I see when running either SpyBot or MBAM.
#22
Posted 31 January 2013 - 06:10 PM
gringo_pr
-
- Malware Removal
-
- 7,268 posts
Trusted Helper
SystemLook:
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
:folderfind *CNNIC*
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
#23
Posted 31 January 2013 - 06:52 PM
calmat01
- Topic Starter
-
- Member
-
- 50 posts
Member
This doesn't bode well. It didn't find any folders containing the CNNIC.Searchbar. Here is the log.
SystemLook 30.07.11 by jpshortstuff
Log created at 18:47 on 31/01/2013 by Joe
Administrator - Elevation successful
========== folderfind ==========
Searching for "*CNNIC*"
No folders found.
-= EOF =-
SystemLook 30.07.11 by jpshortstuff
Log created at 18:47 on 31/01/2013 by Joe
Administrator - Elevation successful
========== folderfind ==========
Searching for "*CNNIC*"
No folders found.
-= EOF =-
#24
Posted 31 January 2013 - 07:10 PM
gringo_pr
-
- Malware Removal
-
- 7,268 posts
Trusted Helper
Greetings
These logs are looking very good, we are almost done!!! Just one more scan to go.
:Remove unneeded start-up entries:
This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
Eset Online Scanner
**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin
Go Eset web page to run an online scanner from ESET.
When the scan is complete
Gringo
These logs are looking very good, we are almost done!!! Just one more scan to go.
:Remove unneeded start-up entries:
This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
- Run HijackThis (rightclick and run as admin)
- Click on the Scan button
- Put a check beside all of the items listed below (if present):
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: Epson all-in-one Registration.lnk = D:\Common\EpsonReg\EpsonReg.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
- Close all open windows and browsers/email, etc...
- Click on the "Fix Checked" button
- When completed, close the application.
NOTE**You can research each of those lines >here< and see if you want to keep them or not
just copy the name between the brackets and paste into the search space
O4 - HKLM\..\Run: [IntelliPoint]
Eset Online Scanner
**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin
Go Eset web page to run an online scanner from ESET.
- Turn off the real time scanner of any existing antivirus program while performing the online scan
- click on the Run ESET Online Scanner button
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the add/on to be installed
- Click Start
- Make sure that the option Remove found threats is unticked
- Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. - Click Scan
- wait for the virus definitions to be downloaded
- Wait for the scan to finish
When the scan is complete
- If no threats were found
- put a checkmark in "Uninstall application on close"
- close program
- report to me that nothing was found
- If threats were found
- click on "list of threats found"
- click on "export to text file" and save it as ESET SCAN and save to the desktop
- Click on back
- put a checkmark in "Uninstall application on close"
- click on finish
- close program
- copy and paste the report here
Gringo
#25
Posted 01 February 2013 - 05:14 PM
calmat01
- Topic Starter
-
- Member
-
- 50 posts
Member
I tried running the program on two different occasions. Last night, it got hung up after about the three hour mark on something called c:\\windows\System32\Shsetup.dll. I tried running the program today, and after about five hours it got hung up again at the same spot. Of the list of threats I could see(as I failed to notice them before because I thought I would get a log on completion, it found several occurrences of windows32/open candy application and windows32/InstalleRex.E Gen application. I can't seem to recall the others at the moment. I will remember to write things down next time in the event the scan doesn't get to complete. It was at 99% completion, having scanned 263661 items and listing 21 infected items. Not sure what I should do next.
Thanks again.
Thanks again.
#26
Posted 01 February 2013 - 07:22 PM
gringo_pr
-
- Malware Removal
-
- 7,268 posts
Trusted Helper
Make sure you are running IE as admin - http://www.ehow.com/...inistrator.html
Try resetting IE - go here and scroll down and click on show all and click on the fix-it button - http://windows.micro...orer-8-settings
If that does not work then try this one
F-Secure Online Scan
You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
[*]It will now download the scanner this may take a while please be patient
[*]It will then start scanning wait for the scan to finish
[*]Click Automatic cleaning (recommended)
[*]Wait for it finish the cleaning process
[*]Click show report
[*]This will open up a window with the results of the scan copy and paste those results as a reply to this topic[/list]
Gringo
Try resetting IE - go here and scroll down and click on show all and click on the fix-it button - http://windows.micro...orer-8-settings
If that does not work then try this one
F-Secure Online Scan
You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
- Please go HERE to run an online scan from F-Secure
- Click on Start scanning
- This will open a new window
In Interner Explorer - It will require an activex control, please install it
- Click Accept
- In Firefox
- It will require an Add-on to be installed, please install it
- Order to install the Add-on Firefox needs to be restarted, please do so
[*]It will now download the scanner this may take a while please be patient
[*]It will then start scanning wait for the scan to finish
[*]Click Automatic cleaning (recommended)
[*]Wait for it finish the cleaning process
[*]Click show report
[*]This will open up a window with the results of the scan copy and paste those results as a reply to this topic[/list]
Gringo
#27
Posted 02 February 2013 - 09:48 AM
calmat01
- Topic Starter
-
- Member
-
- 50 posts
Member
I ran F-Secure overnight. It got hung up on the following: c:\WINDOWS\WINSXS\X86...D2E1A9BF2\SHELL32.DLL This was through IE running as administrator. I have not tried it through Firefox.
#28
Posted 02 February 2013 - 10:44 AM
gringo_pr
-
- Malware Removal
-
- 7,268 posts
Trusted Helper
try running once more in firefox
gringo
gringo
#29
Posted 02 February 2013 - 03:09 PM
calmat01
- Topic Starter
-
- Member
-
- 50 posts
Member
It hung up on a similar file. This time it was c:\WINDOWS\WINSXS\X86..D15DDA2FE8\HANDWE.ANI
#30
Posted 03 February 2013 - 10:59 PM
calmat01
- Topic Starter
-
- Member
-
- 50 posts
Member
Overall, computer is running much faster. And not having any issues with popups. My only issue seems to be my adobe flash player. Whether in IE or Firefox, I am getting crashes every other page load. I've tried to uninstall and reinstall Adobe Flash player many times, but I get the same results. Not sure if this is related to my other problems or not.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
