[malwarebytes causing computer to run slow]

no... you should go back and read the title of the thread.

[malwarebytes causing computer to run slow]

its saying windows defender and MB are both turned off.

[malwarebytes causing computer to run slow]

yes it said it was up to date.

[malwarebytes causing computer to run slow]

yes it was enabled.

Fixlog.txt

[malwarebytes causing computer to run slow]

mbst-clean-results.txt FRST.txt Addition.txt

[malwarebytes causing computer to run slow]

yes it is enabled.

[malwarebytes causing computer to run slow]

Fixlog.txt

[malwarebytes causing computer to run slow]

yes i am still using the Seitek Cyborg mouse.

 

[malwarebytes causing computer to run slow]

ok done.

MBscan.txt AdwCleaner[C00].txt FRST.txt Addition.txt

[malwarebytes causing computer to run slow]

ya im going to pass on that and wait for a admin to respond.

[malwarebytes causing computer to run slow]

i don't know why spybot is showing up under anti-spyware information i just removed it all.

[malwarebytes causing computer to run slow]

here is the new set of logs.

mbst-grab-results.zip

[malwarebytes causing computer to run slow]

starting doing it again this morning but all i had to close out of was the malware protection.

[malwarebytes causing computer to run slow]

i was using spybot as a backup sense i have been having issues with MB. i did the clean install so we will just have to see in a couple of days if it does it at all. i have already tried uninstalling and getting the latest version from the website and it did not fix it so hopefully your way will work better.

[malwarebytes causing computer to run slow]

i did right before you posted 🙂

[malwarebytes causing computer to run slow]

mbst-grab-results.zip

[malwarebytes causing computer to run slow]

its been causing my computer to run super slow until i turn off everything in real-time protection except for web protection. i have tried to turn each individual one off and see if its a single one that's doing it but it only starts running right when i turn off the 3 of them then i have to close Malwarebytes and do a restart then i can turn them on and it will be fine for a couple days then it starts doing it again. its been happening sense i updated to Malwarebytes 4.

[need help cant get rid of BCMiner]

running alot better

[need help cant get rid of BCMiner]

ok is there enything ells i need to do?

[need help cant get rid of BCMiner]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=e116941218c9264a8207e119e74c54a3

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-04 02:20:43

# local_time=2012-07-04 07:20:43 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 234107 92940953 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=555917

# found=13

# cleaned=13

# scan_time=14140

C:\Program Files (x86)\GamersFirst\War Rock\system\WarRock.exe a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.B.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07032012_070515\C_Users\Anthony\AppData\Local\{8c8f97d9-034b-202d-5de1-d40803ca0234}\n Win64/Sirefef.W trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07032012_070515\C_Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\n Win64/Sirefef.W trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07032012_070515\C_Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\00000008.@ Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\07032012_070515\C_Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\80000000.@ Win64/Sirefef.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Documents and Settings\Anthony\Application Data\Sun\Java\Deployment\cache\6.0\10\2f84494a-4c00e372 Java/Agent.BV trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Documents and Settings\Anthony\Application Data\Sun\Java\Deployment\cache\6.0\15\51660c8f-3d03607a Java/Agent.BV trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Documents and Settings\Anthony\Application Data\Sun\Java\Deployment\cache\6.0\2\8ec9882-2138ed2f probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Documents and Settings\Anthony\Application Data\Sun\Java\Deployment\cache\6.0\45\d81016d-7301815e Java/Agent.BV trojan (deleted - quarantined) 00000000000000000000000000000000 C

D:\Downloads\The Sims 3 - Razor1911 Final MAXSPEED\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso probably a variant of Win32/Hupigon.CJKIBCX trojan (deleted - quarantined) 00000000000000000000000000000000 C

[need help cant get rid of BCMiner]

ComboFix 12-07-02.01 - Anthony 07/04/2012 2:53.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.1.1252.1.1033.18.16383.14036 [GMT -7:00]

Running from: c:\users\Anthony\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Anthony\AppData\Roaming\Microsoft\Windows\Recent\Call of Duty Black Ops - Multiplayer.url

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))

.

.

2012-07-04 09:58 . 2012-07-04 09:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-04 09:58 . 2012-07-04 09:58 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2012-07-04 09:58 . 2012-07-04 09:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-02 22:25 . 2012-07-02 22:25 -------- d-----w- C:\_OTL

2012-07-01 02:50 . 2012-07-01 02:50 -------- d-----w- c:\users\Anthony\AppData\Roaming\SpeedyPC Software

2012-07-01 02:50 . 2012-07-01 02:50 -------- d-----w- c:\users\Anthony\AppData\Roaming\DriverCure

2012-07-01 02:50 . 2012-07-01 17:45 -------- d-----w- c:\programdata\SpeedyPC Software

2012-07-01 02:50 . 2012-07-01 17:45 -------- d-----w- c:\program files (x86)\SpeedyPC Software

2012-06-23 17:36 . 2012-06-23 17:36 -------- d-----w- c:\users\Anthony\AppData\Roaming\Malwarebytes

2012-06-23 17:36 . 2012-06-23 17:36 -------- d-----w- c:\programdata\Malwarebytes

2012-06-23 17:36 . 2012-06-23 17:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-23 17:36 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-22 06:14 . 2012-06-22 06:14 -------- d-----w- C:\Motorola

2012-06-22 05:15 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 05:15 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 05:15 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 05:15 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 05:14 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-22 05:14 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 05:14 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 05:14 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 05:14 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 01:34 . 2012-06-21 01:34 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-06-07 04:01 . 2012-06-07 04:02 -------- d-----w- c:\users\Anthony\AppData\Local\Deployment

2012-06-07 04:01 . 2012-06-07 04:01 -------- d-----w- c:\users\Anthony\AppData\Local\Apps

2012-06-06 04:18 . 2012-06-23 23:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-06 04:18 . 2012-06-06 04:18 -------- d-----w- c:\windows\system32\Macromed

2012-06-06 03:17 . 2012-05-15 08:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B039172-2E0D-4EC4-8CB0-F715E7CF9070}\mpengine.dll

2012-06-06 03:16 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-06-06 03:16 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-06-06 03:16 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-06-06 03:16 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-06-06 03:16 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-06-06 03:16 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-06-06 03:16 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-06-06 02:49 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-06-06 02:48 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-06-06 02:48 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-06-06 02:48 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-06-06 02:48 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-06-06 02:48 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-06-06 02:48 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-06-06 02:48 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-06-06 02:48 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-06-06 02:48 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-06-06 02:48 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-06-06 02:48 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 23:56 . 2011-06-24 05:42 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-28 03:47 . 2011-01-14 04:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-04-28 03:47 . 2011-01-14 04:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-04-28 03:47 . 2011-01-14 04:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-04-07 18:43 . 2011-01-14 04:08 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\Anthony\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WN111v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111v2\WN111v2.exe [2009-10-10 1728512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Scarlet Legacy\bin\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 136176]

R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-02-29 942080]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-02-04 17152]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]

R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7599vHH0\NTIOLib_X64.sys [2011-01-06 11888]

R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-29 43328]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys [2011-11-23 47224]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 69152]

S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-10-02 26624]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-02-16 87368]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]

S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-29 41280]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2w7x.sys [2009-10-21 767488]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 23:56]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 02:57]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-28 02:57]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;;192.168.*.*;<local>

TCP: DhcpNameServer = 192.168.1.1

DPF: {B01AAFA1-2478-44A3-8894-BE4D4C23C271} - hxxp://mythos.t3fun.com/ActiveX/HLauncher.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - ProfilePath - c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\enni4xjy.default\

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - prefs.js: network.proxy.type - 0

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

.

**************************************************************************

.

Completion time: 2012-07-04 03:06:57 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-04 10:06

.

Pre-Run: 448,121,733,120 bytes free

Post-Run: 448,889,643,008 bytes free

.

- - End Of File - - 7800E129CCB37F5DF7C03266F8DE7D67

[need help cant get rid of BCMiner]

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.03.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Anthony :: ANTHONY-PC [administrator]

Protection: Enabled

7/3/2012 4:02:15 PM

mbam-log-2012-07-03 (16-02-15).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 244686

Time elapsed: 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[need help cant get rid of BCMiner]

All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-158335560-1395579653-2132586522-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\80000032.@ moved successfully.

C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\80000064.@ moved successfully.

C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\80000000.@ moved successfully.

C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\L\00000004.@ moved successfully.

C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\00000004.@ moved successfully.

C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\000000cb.@ moved successfully.

C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\@ moved successfully.

C:\Users\Anthony\AppData\Local\{8c8f97d9-034b-202d-5de1-d40803ca0234}\@ moved successfully.

C:\Users\Anthony\AppData\Roaming\BitComet\torrents folder moved successfully.

C:\Users\Anthony\AppData\Roaming\BitComet\share folder moved successfully.

C:\Users\Anthony\AppData\Roaming\BitComet\rules folder moved successfully.

C:\Users\Anthony\AppData\Roaming\BitComet\fav folder moved successfully.

C:\Users\Anthony\AppData\Roaming\BitComet\cache folder moved successfully.

C:\Users\Anthony\AppData\Roaming\BitComet\archive folder moved successfully.

C:\Users\Anthony\AppData\Roaming\BitComet folder moved successfully.

C:\Users\Anthony\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.

C:\Users\Anthony\AppData\Roaming\uTorrent\apps folder moved successfully.

C:\Users\Anthony\AppData\Roaming\uTorrent folder moved successfully.

========== FILES ==========

C:\Users\Anthony\AppData\Local\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U folder moved successfully.

C:\Users\Anthony\AppData\Local\{8c8f97d9-034b-202d-5de1-d40803ca0234}\L folder moved successfully.

C:\Users\Anthony\AppData\Local\{8c8f97d9-034b-202d-5de1-d40803ca0234} folder moved successfully.

C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U folder moved successfully.

C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234} scheduled to be moved on reboot.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Anthony\Desktop\cmd.bat deleted successfully.

C:\Users\Anthony\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anthony

->Temp folder emptied: 58233753 bytes

->Temporary Internet Files folder emptied: 310800217 bytes

->Java cache emptied: 1230496 bytes

->FireFox cache emptied: 49156868 bytes

->Flash cache emptied: 9448 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: DefaultAppPool

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

User: Public

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 200704 bytes

%systemroot%\System32 .tmp files removed: 5 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 49974504 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 119119 bytes

RecycleBin emptied: 26808789831 bytes

Total Files Cleaned = 26,015.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07032012_070515

Files\Folders moved on Reboot...

C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U folder moved successfully.

C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234} folder moved successfully.

C:\Users\Anthony\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Windows\temp\flaD1CF.tmp not found!

File\Folder C:\Windows\temp\flaDA77.tmp not found!

PendingFileRenameOperations files...

File C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234} not found!

File C:\Users\Anthony\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

File C:\Windows\temp\flaD1CF.tmp not found!

File C:\Windows\temp\flaDA77.tmp not found!

Registry entries deleted on Reboot...

[need help cant get rid of BCMiner]

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.02.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Anthony :: ANTHONY-PC [administrator]

Protection: Enabled

7/2/2012 3:52:45 PM

mbam-log-2012-07-02 (15-52-45).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 252871

Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

[need help cant get rid of BCMiner]

All processes killed

Error: Unable to interpret <:OTLIE - HKU\S-1-5-21-158335560-1395579653-2132586522-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.mystart.com/search_w.php?type=webblog1_1msch&fr=chr-vmn&q={searchTerms}&ei=UTF-8O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.[2012/06/20 18:23:27 | 000,088,576 | ---- | C] () -- C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\80000032.@[2012/06/20 18:23:26 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\80000064.@[2012/06/20 18:23:26 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\80000000.@[2012/06/20 18:23:26 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\L\00000004.@[2012/06/20 18:23:25 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\00000004.@[2012/06/20 18:23:25 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\U\000000> in the current context!

Error: Unable to interpret <cb.@[2012/02/18 03:21:25 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}\@[2012/02/18 03:21:25 | 000,002,048 | -HS- | C] () -- C:\Users\Anthony\AppData\Local\{8c8f97d9-034b-202d-5de1-d40803ca0234}\@[2012/06/05 21:23:06 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\BitComet[2012/06/22 20:24:46 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\uTorrent:filesC:\Users\Anthony\AppData\Local\{8c8f97d9-034b-202d-5de1-d40803ca0234}C:\Windows\Installer\{8c8f97d9-034b-202d-5de1-d40803ca0234}ipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]> in the current context!

OTL by OldTimer - Version 3.2.53.1 log created on 07022012_154939

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...