lilmantony

no... you should go back and read the title of the thread.

its saying windows defender and MB are both turned off.

yes it said it was up to date.

yes it was enabled. Fixlog.txt

mbst-clean-results.txt FRST.txt Addition.txt

yes it is enabled.

Fixlog.txt

yes i am still using the Seitek Cyborg mouse.

ok done. MBscan.txt AdwCleaner[C00].txt FRST.txt Addition.txt

ya im going to pass on that and wait for a admin to respond.

i don't know why spybot is showing up under anti-spyware information i just removed it all.

here is the new set of logs. mbst-grab-results.zip

starting doing it again this morning but all i had to close out of was the malware protection.

i was using spybot as a backup sense i have been having issues with MB. i did the clean install so we will just have to see in a couple of days if it does it at all. i have already tried uninstalling and getting the latest version from the website and it did not fix it so hopefully your way will work better.

i did right before you posted 🙂

mbst-grab-results.zip

its been causing my computer to run super slow until i turn off everything in real-time protection except for web protection. i have tried to turn each individual one off and see if its a single one that's doing it but it only starts running right when i turn off the 3 of them then i have to close Malwarebytes and do a restart then i can turn them on and it will be fine for a couple days then it starts doing it again. its been happening sense i updated to Malwarebytes 4.

running alot better

ok is there enything ells i need to do?

ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=e116941218c9264a8207e119e74c54a3 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-04 02:20:43 # local_time=2012-07-04 07:20:43 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=6.1.7600 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 234107 92940953 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=555917 # found=13 # cleaned=13 # scan_time=14140 C:\Program Files (x86)\GamersFirst\War Rock\system\WarRock.exe a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.B.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\07032012_070515\C_Users\Anthony\AppData\Local\{8c8f97d9-034b-202d-5de1-d40803ca0234}\n Win64/Sirefef.W trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\07032012_070515\C_Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\n Win64/Sirefef.W trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\07032012_070515\C_Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\00000008.@ Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\07032012_070515\C_Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\80000000.@ Win64/Sirefef.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Documents and Settings\Anthony\Application Data\Sun\Java\Deployment\cache\6.0\10\2f84494a-4c00e372 Java/Agent.BV trojan (deleted - quarantined) 00000000000000000000000000000000 C D:\Documents and Settings\Anthony\Application Data\Sun\Java\Deployment\cache\6.0\15\51660c8f-3d03607a Java/Agent.BV trojan (deleted - quarantined) 00000000000000000000000000000000 C D:\Documents and Settings\Anthony\Application Data\Sun\Java\Deployment\cache\6.0\2\8ec9882-2138ed2f probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C D:\Documents and Settings\Anthony\Application Data\Sun\Java\Deployment\cache\6.0\45\d81016d-7301815e Java/Agent.BV trojan (deleted - quarantined) 00000000000000000000000000000000 C D:\Downloads\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso probably a variant of Win32/Hupigon.CJKIBCX trojan (deleted - quarantined) 00000000000000000000000000000000 C

ComboFix 12-07-02.01 - Anthony 07/04/2012 2:53.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.1.1252.1.1033.18.16383.14036 [GMT -7:00] Running from: c:\users\Anthony\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\Anthony\AppData\Roaming\Microsoft\Windows\Recent\Call of Duty Black Ops - Multiplayer.url c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 ))))))))))))))))))))))))))))))) . . 2012-07-04 09:58 . 2012-07-04 09:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-04 09:58 . 2012-07-04 09:58 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2012-07-04 09:58 . 2012-07-04 09:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-02 22:25 . 2012-07-02 22:25 -------- d-----w- C:\_OTL 2012-07-01 02:50 . 2012-07-01 02:50 -------- d-----w- c:\users\Anthony\AppData\Roaming\SpeedyPC Software 2012-07-01 02:50 . 2012-07-01 02:50 -------- d-----w- c:\users\Anthony\AppData\Roaming\DriverCure 2012-07-01 02:50 . 2012-07-01 17:45 -------- d-----w- c:\programdata\SpeedyPC Software 2012-07-01 02:50 . 2012-07-01 17:45 -------- d-----w- c:\program files (x86)\SpeedyPC Software 2012-06-23 17:36 . 2012-06-23 17:36 -------- d-----w- c:\users\Anthony\AppData\Roaming\Malwarebytes 2012-06-23 17:36 . 2012-06-23 17:36 -------- d-----w- c:\programdata\Malwarebytes 2012-06-23 17:36 . 2012-06-23 17:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-23 17:36 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-22 06:14 . 2012-06-22 06:14 -------- d-----w- C:\Motorola 2012-06-22 05:15 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 05:15 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 05:15 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 05:15 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-22 05:14 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-22 05:14 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-22 05:14 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-22 05:14 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-22 05:14 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-21 01:34 . 2012-06-21 01:34 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-06-07 04:01 . 2012-06-07 04:02 -------- d-----w- c:\users\Anthony\AppData\Local\Deployment 2012-06-07 04:01 . 2012-06-07 04:01 -------- d-----w- c:\users\Anthony\AppData\Local\Apps 2012-06-06 04:18 . 2012-06-23 23:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-06 04:18 . 2012-06-06 04:18 -------- d-----w- c:\windows\system32\Macromed 2012-06-06 03:17 . 2012-05-15 08:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B039172-2E0D-4EC4-8CB0-F715E7CF9070}\mpengine.dll 2012-06-06 03:16 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-06-06 03:16 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-06-06 03:16 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-06-06 03:16 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-06-06 03:16 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-06-06 03:16 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-06-06 03:16 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-06-06 02:49 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-06-06 02:48 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-06-06 02:48 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-06-06 02:48 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-06-06 02:48 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-06-06 02:48 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-06-06 02:48 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-06-06 02:48 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-06-06 02:48 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-06-06 02:48 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-06-06 02:48 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-06-06 02:48 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 23:56 . 2011-06-24 05:42 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-28 03:47 . 2011-01-14 04:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-04-28 03:47 . 2011-01-14 04:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-04-28 03:47 . 2011-01-14 04:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-04-07 18:43 . 2011-01-14 04:08 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Anthony\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ NETGEAR WN111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2009-10-10 1728512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056] R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Scarlet Legacy\bin\GameGuard\dump_wmimmc.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 136176] R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-02-29 942080] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-02-04 17152] R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136] R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7599vHH0\NTIOLib_X64.sys [2011-01-06 11888] R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-29 43328] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys [2011-11-23 47224] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 69152] S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-02 26624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-02-16 87368] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968] S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-29 41280] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys [2009-10-21 767488] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc Akamai REG_MULTI_SZ Akamai . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] 2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe . Contents of the 'Scheduled Tasks' folder . 2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 23:56] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 02:57] . 2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 02:57] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;;192.168.*.*;<local> TCP: DhcpNameServer = 192.168.1.1 DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://mythos.t3fun.com/ActiveX/HLauncher.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - ProfilePath - c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\enni4xjy.default\ FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: network.proxy.type - 0 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe . ************************************************************************** . Completion time: 2012-07-04 03:06:57 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-04 10:06 . Pre-Run: 448,121,733,120 bytes free Post-Run: 448,889,643,008 bytes free . - - End Of File - - 7800E129CCB37F5DF7C03266F8DE7D67

Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.03.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Anthony :: ANTHONY-PC [administrator] Protection: Enabled 7/3/2012 4:02:15 PM mbam-log-2012-07-03 (16-02-15).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 244686 Time elapsed: 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

All processes killed ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-158335560-1395579653-2132586522-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\80000032.@ moved successfully. C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\80000064.@ moved successfully. C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\80000000.@ moved successfully. C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\L\00000004.@ moved successfully. C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\00000004.@ moved successfully. C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\000000cb.@ moved successfully. C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\@ moved successfully. C:\Users\Anthony\AppData\Local\{8c8f97d9-034b-202d-5de1-d40803ca0234}\@ moved successfully. C:\Users\Anthony\AppData\Roaming\BitComet\torrents folder moved successfully. C:\Users\Anthony\AppData\Roaming\BitComet\share folder moved successfully. C:\Users\Anthony\AppData\Roaming\BitComet\rules folder moved successfully. C:\Users\Anthony\AppData\Roaming\BitComet\fav folder moved successfully. C:\Users\Anthony\AppData\Roaming\BitComet\cache folder moved successfully. C:\Users\Anthony\AppData\Roaming\BitComet\archive folder moved successfully. C:\Users\Anthony\AppData\Roaming\BitComet folder moved successfully. C:\Users\Anthony\AppData\Roaming\uTorrent\dlimagecache folder moved successfully. C:\Users\Anthony\AppData\Roaming\uTorrent\apps folder moved successfully. C:\Users\Anthony\AppData\Roaming\uTorrent folder moved successfully. ========== FILES ========== C:\Users\Anthony\AppData\Local\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U folder moved successfully. C:\Users\Anthony\AppData\Local\{8c8f97d9-034b-202d-5de1-d40803ca0234}\L folder moved successfully. C:\Users\Anthony\AppData\Local\{8c8f97d9-034b-202d-5de1-d40803ca0234} folder moved successfully. C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U folder moved successfully. C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\L folder moved successfully. Folder move failed. C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234} scheduled to be moved on reboot. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Anthony\Desktop\cmd.bat deleted successfully. C:\Users\Anthony\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Anthony ->Temp folder emptied: 58233753 bytes ->Temporary Internet Files folder emptied: 310800217 bytes ->Java cache emptied: 1230496 bytes ->FireFox cache emptied: 49156868 bytes ->Flash cache emptied: 9448 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: DefaultAppPool ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 5 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 49974504 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 119119 bytes RecycleBin emptied: 26808789831 bytes Total Files Cleaned = 26,015.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.53.1 log created on 07032012_070515 Files\Folders moved on Reboot... C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U folder moved successfully. C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234} folder moved successfully. C:\Users\Anthony\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Windows\temp\flaD1CF.tmp not found! File\Folder C:\Windows\temp\flaDA77.tmp not found! PendingFileRenameOperations files... File C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234} not found! File C:\Users\Anthony\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Windows\temp\flaD1CF.tmp not found! File C:\Windows\temp\flaDA77.tmp not found! Registry entries deleted on Reboot...

Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.02.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Anthony :: ANTHONY-PC [administrator] Protection: Enabled 7/2/2012 3:52:45 PM mbam-log-2012-07-02 (15-52-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 252871 Time elapsed: 7 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. (end)

All processes killed Error: Unable to interpret <:OTLIE - HKU\S-1-5-21-158335560-1395579653-2132586522-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.mystart.com/search_w.php?type=webblog1_1msch&fr=chr-vmn&q={searchTerms}&ei=UTF-8O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.[2012/06/20 18:23:27 | 000,088,576 | ---- | C] () -- C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\80000032.@[2012/06/20 18:23:26 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\80000064.@[2012/06/20 18:23:26 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\80000000.@[2012/06/20 18:23:26 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\L\00000004.@[2012/06/20 18:23:25 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\00000004.@[2012/06/20 18:23:25 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\000000> in the current context! Error: Unable to interpret <cb.@[2012/02/18 03:21:25 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\@[2012/02/18 03:21:25 | 000,002,048 | -HS- | C] () -- C:\Users\Anthony\AppData\Local\{8c8f97d9-034b-202d-5de1-d40803ca0234}\@[2012/06/05 21:23:06 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\BitComet[2012/06/22 20:24:46 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\uTorrent:filesC:\Users\Anthony\AppData\Local\{8c8f97d9-034b-202d-5de1-d40803ca0234}C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}ipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]> in the current context! OTL by OldTimer - Version 3.2.53.1 log created on 07022012_154939 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...