TheDotEater

Done. Thank you so much for your time. You've been very helpful. I think it's really cool what you're doing and I'll be sure to donate what I can in support of your cause.

Hi Gringo, sorry it took me so long to respond. Here's the ESET report. It only found 1 threat. C:\Program Files (x86)\SimpleSpeedy\sprotector.dll a variant of Win32/SProtector.A application

Wow, that's alot... Here's the HijackThis log. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:22:27 AM, on 4/30/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\ProgramData\TVersity\Media Server\berkelium.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Users\David Bessent\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\David Bessent\Desktop\HijackThis (1).exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" O4 - HKUS\S-1-5-21-4210620806-2686088599-4207646544-1007\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-4210620806-2686088599-4207646544-1007\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: Dropbox.lnk = David Bessent\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: kill.bat O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit (mi-raysat_3dsmax2012_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10780 bytes

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262220 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262129 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262128 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262127 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262126 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262125 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262124 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262123 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262122 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262121 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262120 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262029 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262028 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262027 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262026 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262025 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262024 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262023 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262022 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262021 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262020 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat260829 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat260723 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat233829 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat233828 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat230326 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat230325 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat230324 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat225921 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat225724 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat225721 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat225029 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat224722 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat224123 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223923 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223823 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223723 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223624 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223529 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223526 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223525 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223524 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223521 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223427 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223421 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220329 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220328 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220324 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220322 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220320 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220222 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220127 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220123 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220024 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220021 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat213523 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat213520 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat213429 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat213426 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat213327 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat213324 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat213321 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat213221 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194419 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194418 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194417 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194416 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194415 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194414 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194413 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194412 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194411 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194410 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat174712 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat172619 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162219 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162217 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162216 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162213 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162212 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162211 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162210 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162119 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162118 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162117 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162116 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162115 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162114 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162113 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162112 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162111 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162110 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162019 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162018 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162017 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162016 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162015 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162014 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162013 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162012 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162011 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat132213 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat132212 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat132211 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat132210 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat130017 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat125912 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat125819 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat125811 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat125718 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat125614 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat124713 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat124711 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat124113 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat124018 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat123518 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat123517 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat123515 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat123510 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat123410 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121656 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121655 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121654 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121653 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121652 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121651 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121650 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121648 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121647 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121646 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121645 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121644 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121643 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121642 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121641 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121640 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121632 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121631 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121630 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121629 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121628 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121627 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121626 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121625 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121624 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121623 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121622 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121621 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121620 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121619 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121618 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121617 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121616 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121615 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121614 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121613 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121612 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121611 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121610 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121609 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121608 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121607 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121606 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121605 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121604 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121603 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121602 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121601 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121600 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121559 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121558 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121557 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121556 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121555 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121554 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121553 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121552 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121551 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121550 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121549 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121548 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121547 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121546 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121545 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121544 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121543 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121542 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121541 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121540 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121539 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121538 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121537 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121536 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121535 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121534 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121533 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121532 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121531 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121530 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121529 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121528 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121527 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120426 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120425 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120336 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120332 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120316 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120313 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120310 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120309 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120236 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120223 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120218 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120218 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120119 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120118 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120016 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120010 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115815 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115105 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat113719 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat113718 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat113418 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat113413 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat113211 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat105522 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat105521 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat105520 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat105518 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat105517 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat105516 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat105511 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat104200 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094409 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094408 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094407 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094406 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094405 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094404 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094403 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094402 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094401 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094400 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat093105 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat093102 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062209 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062208 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062207 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062206 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062205 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062204 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062203 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062202 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062201 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062200 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062109 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062108 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062107 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062106 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062105 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062104 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062103 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062102 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062101 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062100 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat060900 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat060802 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat060801 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat060708 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat060706 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat060702 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033908 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033907 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033906 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033905 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033904 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033903 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033902 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033901 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033900 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032508 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032209 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032208 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032207 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032206 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032205 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032204 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032203 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032202 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032201 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032200 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat030009 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat025902 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat025901 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat025805 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat025803 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat025603 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat025602 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat025600 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat024708 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat024705 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat024703 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat024702 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat024004 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023802 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023801 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023709 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023708 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023609 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023507 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023502 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023409 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023408 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023406 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023400 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat020305 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat020303 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat020300 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat020104 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat020005 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat015903 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat015900 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat013509 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat013507 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat013503 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat013500 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat013403 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat013300 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat013204 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat013203 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat013202 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. (end)

I didn't have any issues. Computer seems to be running fine. The post is too long so I'll try separating it into multiple posts. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.29.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 David Bessent :: DAVIDBESSENT-PC [administrator] 4/30/2013 12:16:35 AM mbam-log-2013-04-30 (00-16-35).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 240957 Time elapsed: 2 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 602 C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat594359 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat573352 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat571259 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562159 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562158 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562157 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562156 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562155 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562154 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562153 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562152 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562151 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562150 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562059 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562058 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562057 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562056 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562055 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562054 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562053 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562052 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562051 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562050 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat560857 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat560852 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat560850 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat560752 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat560650 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533858 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533857 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533856 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533855 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533854 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533853 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533852 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533851 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533850 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat532159 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat532158 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat532157 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat532156 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat532155 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat532154 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat532153 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat530850 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525857 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525856 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525855 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525853 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525657 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525653 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525652 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525650 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525556 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525552 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat524658 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat524655 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat524654 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat524057 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat524056 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat524055 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523952 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523755 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523656 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523652 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523553 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523551 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523450 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523358 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523356 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523355 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523353 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat520256 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat520255 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat520253 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat520156 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat520152 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat520052 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat515854 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat513254 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat513252 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat494443 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat494442 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat494441 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat494440 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat493046 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462149 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462148 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462147 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462146 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462145 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462144 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462143 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462142 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462141 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462140 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462049 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462048 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462047 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462046 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462045 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462044 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462043 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462042 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462041 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462040 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat460849 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat460844 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat460841 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat460840 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433849 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433848 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433847 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433846 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433845 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433844 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433843 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433842 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433841 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433840 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat432547 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat430040 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425943 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425846 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425843 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425645 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425149 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425148 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425147 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425146 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425145 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425144 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425143 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423942 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423743 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423648 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423647 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423646 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423641 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423549 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423548 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423547 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423542 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423449 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423442 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423440 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423343 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat420342 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat420341 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat420043 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat420041 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat415942 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat415940 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat415849 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat415848 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat415843 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat414045 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413647 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413644 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413642 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413449 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413442 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413440 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413347 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413245 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413244 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413148 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413146 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394439 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394438 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394437 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394436 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394435 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394434 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394433 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394432 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394431 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394430 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat393039 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362230 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362139 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362138 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362137 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362136 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362135 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362134 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362133 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362132 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362131 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362130 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362039 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362038 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362037 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362036 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362035 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362034 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362033 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362032 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362031 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362030 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat360838 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat360836 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat360834 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat360832 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat333838 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat333837 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat333836 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat333835 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat333834 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat333833 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat333832 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat333831 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat333830 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat330833 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat330031 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat330030 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat325939 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat325937 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat325934 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat325932 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat325833 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat325738 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat325633 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat325532 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat324032 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat324030 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323933 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323737 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323731 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323636 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323634 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323531 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323530 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323432 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323430 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323334 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat320335 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat320332 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat320331 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat320136 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat320135 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat320035 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat320032 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat315836 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat315831 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat315830 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat314132 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat314130 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat313734 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat313633 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat313630 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat313432 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat313430 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat294429 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat294426 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat294425 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat294424 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat294423 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat294422 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat294421 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat294420 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat272622 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262229 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262228 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262227 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262226 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262225 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262224 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262223 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262222 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262221 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

ComboFix 13-04-29.01 - David Bessent 04/29/2013 23:38:11.2.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8169.5796 [GMT -4:00] Running from: c:\users\David Bessent\Desktop\ComboFix.exe Command switches used :: c:\users\David Bessent\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\David Bessent\AppData\Local\Temp\_MEI35682\_ctypes.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\_elementtree.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\_hashlib.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\_socket.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\_ssl.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\pyexpat.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\pysqlite2._sqlite.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\python27.dll c:\users\David Bessent\AppData\Local\Temp\_MEI35682\pythoncom27.dll c:\users\David Bessent\AppData\Local\Temp\_MEI35682\PyWinTypes27.dll c:\users\David Bessent\AppData\Local\Temp\_MEI35682\select.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\unicodedata.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32api.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32com.shell.shell.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32crypt.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32event.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32file.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32inet.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32pdh.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32process.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32profile.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32security.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32ts.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\windows._cacheinvalidation.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wx._controls_.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wx._core_.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wx._gdi_.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wx._html2.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wx._misc_.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wx._windows_.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wx._wizard.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wxbase294u_net_vc90.dll c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wxbase294u_vc90.dll c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wxmsw294u_adv_vc90.dll c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wxmsw294u_core_vc90.dll c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wxmsw294u_html_vc90.dll c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wxmsw294u_webview_vc90.dll c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\_ctypes.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\_elementtree.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\_hashlib.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\_socket.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\_ssl.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\pyexpat.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\pysqlite2._sqlite.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\python27.dll c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\pythoncom27.dll c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\PyWinTypes27.dll c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\select.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\unicodedata.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32api.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32com.shell.shell.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32crypt.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32event.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32file.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32inet.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32pdh.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32process.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32profile.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32security.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32ts.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\windows._cacheinvalidation.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wx._controls_.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wx._core_.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wx._gdi_.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wx._html2.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wx._misc_.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wx._windows_.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wx._wizard.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wxbase294u_net_vc90.dll c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wxbase294u_vc90.dll c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wxmsw294u_adv_vc90.dll c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wxmsw294u_core_vc90.dll c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wxmsw294u_html_vc90.dll c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wxmsw294u_webview_vc90.dll . . ((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-30 ))))))))))))))))))))))))))))))) . . 2013-04-30 03:45 . 2013-04-30 03:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-04-30 03:45 . 2013-04-30 03:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-30 00:25 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB79E734-A04E-405C-A6B2-DFF90D7FF858}\mpengine.dll 2013-04-29 22:32 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-24 00:14 . 2013-04-24 00:13 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D729F57-DB71-423E-A990-EBB2F43E7050}\gapaengine.dll 2013-04-24 00:08 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-14 23:54 . 2013-04-14 23:54 -------- d-----w- c:\users\David Bessent\AppData\Local\Macromedia 2013-04-11 02:32 . 2013-04-11 02:32 310688 ----a-w- c:\windows\system32\javaws.exe 2013-04-11 02:32 . 2013-04-11 02:32 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-04-11 02:32 . 2013-04-11 02:32 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-04-11 02:32 . 2013-04-11 02:32 188832 ----a-w- c:\windows\system32\javaw.exe 2013-04-11 02:32 . 2013-04-11 02:32 188320 ----a-w- c:\windows\system32\java.exe 2013-04-02 00:24 . 2013-04-30 02:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-04-02 00:24 . 2013-04-30 02:44 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2013-04-02 00:23 . 2013-04-02 00:23 -------- d-----w- c:\users\David Bessent\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-11 07:01 . 2011-06-15 21:52 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-11 03:27 . 2012-04-05 08:24 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-04-11 03:27 . 2011-06-17 06:07 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-11 02:32 . 2011-09-08 02:09 963488 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-02 10:34 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-03-15 05:53 . 2013-03-25 22:31 968408 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2013-03-15 05:53 . 2013-03-25 22:31 9414456 ----a-w- c:\windows\system32\nvcuda.dll 2013-03-15 05:53 . 2013-03-25 22:31 7959000 ----a-w- c:\windows\SysWow64\nvcuda.dll 2013-03-15 05:53 . 2013-03-25 22:31 7573816 ----a-w- c:\windows\system32\nvopencl.dll 2013-03-15 05:53 . 2013-03-25 22:31 6271872 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-03-15 05:53 . 2013-03-25 22:31 2913056 ----a-w- c:\windows\system32\nvcuvid.dll 2013-03-15 05:53 . 2013-03-25 22:31 2728736 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2013-03-15 05:53 . 2013-03-25 22:31 25256736 ----a-w- c:\windows\system32\nvcompiler.dll 2013-03-15 05:53 . 2013-03-25 22:31 250504 ----a-w- c:\windows\system32\nvinitx.dll 2013-03-15 05:53 . 2013-03-25 22:31 2355488 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-03-15 05:53 . 2013-03-25 22:31 20542752 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-03-15 05:53 . 2013-03-25 22:31 205184 ----a-w- c:\windows\SysWow64\nvinit.dll 2013-03-15 05:53 . 2013-03-25 22:31 1995552 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2013-03-15 05:53 . 2013-03-25 22:31 1807136 ----a-w- c:\windows\system32\nvdispco6431422.dll 2013-03-15 05:53 . 2013-03-25 22:31 17990800 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-03-15 05:53 . 2013-03-25 22:31 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2013-03-15 05:53 . 2013-03-25 22:31 1510176 ----a-w- c:\windows\system32\nvdispgenco6431422.dll 2013-03-15 05:53 . 2013-03-25 22:31 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-03-15 05:53 . 2013-03-25 22:31 11048736 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-03-15 05:53 . 2012-10-11 02:22 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-03-15 05:53 . 2012-02-22 03:37 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-03-15 05:53 . 2011-06-16 01:01 26956576 ----a-w- c:\windows\system32\nvoglv64.dll 2013-03-15 05:53 . 2011-06-16 01:01 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-03-15 05:53 . 2011-06-16 01:01 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-03-15 05:53 . 2011-02-23 09:58 2864144 ----a-w- c:\windows\system32\nvapi64.dll 2013-03-15 04:16 . 2011-02-23 08:39 3477280 ----a-w- c:\windows\system32\nvsvc64.dll 2013-03-15 04:16 . 2011-02-23 08:39 6398240 ----a-w- c:\windows\system32\nvcpl.dll 2013-03-15 04:16 . 2011-02-23 08:38 877856 ----a-w- c:\windows\system32\nvvsvc.exe 2013-03-15 04:16 . 2011-02-23 08:38 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-03-15 04:16 . 2011-02-23 08:38 237856 ----a-w- c:\windows\system32\nvmctray.dll 2013-03-15 02:07 . 2013-03-15 02:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-03-13 16:24 . 2012-02-22 03:38 3065455 ----a-w- c:\windows\system32\nvcoproc.bin 2013-03-03 08:03 . 2011-10-17 03:05 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll 2013-03-03 08:02 . 2012-02-02 07:20 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll 2013-03-01 21:21 . 2013-03-01 21:21 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-01 21:21 . 2013-03-01 21:21 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-01 21:21 . 2011-09-08 02:06 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-12 05:45 . 2013-03-13 11:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 11:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 11:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 11:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 11:35 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 11:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-16 01:01 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-10 03:25 . 2013-03-01 20:54 1807136 ----a-w- c:\windows\system32\nvdispco6420294.dll 2013-02-10 03:25 . 2013-03-01 20:54 1510176 ----a-w- c:\windows\system32\nvdispgenco6420162.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 19357112] "DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2009-12-09 645296] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . c:\users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\David Bessent\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] kill.bat [2011-10-12 42] mel.bat013202 PM.bat [2011-10-19 151] mel.bat013203 PM.bat [2011-10-19 151] mel.bat013204 PM.bat [2011-10-19 151] mel.bat013300 PM.bat [2011-10-19 151] mel.bat013403 PM.bat [2011-10-19 151] mel.bat013500 PM.bat [2011-10-19 151] mel.bat013503 PM.bat [2011-10-19 151] mel.bat013507 PM.bat [2011-10-19 151] mel.bat013509 PM.bat [2011-10-19 151] mel.bat015900 PM.bat [2011-10-19 151] mel.bat015903 PM.bat [2011-10-19 151] mel.bat020005 PM.bat [2011-10-19 151] mel.bat020104 PM.bat [2011-10-19 151] mel.bat020300 PM.bat [2011-10-19 151] mel.bat020303 PM.bat [2011-10-19 151] mel.bat020305 PM.bat [2011-10-19 151] mel.bat023400 PM.bat [2011-10-19 151] mel.bat023406 PM.bat [2011-10-19 151] mel.bat023408 PM.bat [2011-10-19 151] mel.bat023409 PM.bat [2011-10-19 151] mel.bat023502 PM.bat [2011-10-19 151] mel.bat023507 PM.bat [2011-10-19 151] mel.bat023609 PM.bat [2011-10-19 151] mel.bat023708 PM.bat [2011-10-19 151] mel.bat023709 PM.bat [2011-10-19 151] mel.bat023801 PM.bat [2011-10-19 151] mel.bat023802 PM.bat [2011-10-19 151] mel.bat024004 PM.bat [2011-10-19 151] mel.bat024702 PM.bat [2011-10-19 151] mel.bat024703 PM.bat [2011-10-19 151] mel.bat024705 PM.bat [2011-10-19 151] mel.bat024708 PM.bat [2011-10-19 151] mel.bat025600 PM.bat [2011-10-19 151] mel.bat025602 PM.bat [2011-10-19 151] mel.bat025603 PM.bat [2011-10-19 151] mel.bat025803 PM.bat [2011-10-19 151] mel.bat025805 PM.bat [2011-10-19 151] mel.bat025901 PM.bat [2011-10-19 151] mel.bat025902 PM.bat [2011-10-19 151] mel.bat030009 PM.bat [2011-10-19 151] mel.bat032200 PM.bat [2011-10-15 151] mel.bat032201 PM.bat [2011-10-15 151] mel.bat032202 PM.bat [2011-10-15 151] mel.bat032203 PM.bat [2011-10-15 151] mel.bat032204 PM.bat [2011-10-15 151] mel.bat032205 PM.bat [2011-10-15 151] mel.bat032206 PM.bat [2011-10-15 151] mel.bat032207 PM.bat [2011-10-15 151] mel.bat032208 PM.bat [2011-10-15 151] mel.bat032209 PM.bat [2011-10-15 151] mel.bat032508 PM.bat [2011-10-16 151] mel.bat033900 PM.bat [2011-10-16 151] mel.bat033901 PM.bat [2011-10-16 151] mel.bat033902 PM.bat [2011-10-16 151] mel.bat033903 PM.bat [2011-10-16 151] mel.bat033904 PM.bat [2011-10-16 151] mel.bat033905 PM.bat [2011-10-16 151] mel.bat033906 PM.bat [2011-10-16 151] mel.bat033907 PM.bat [2011-10-16 151] mel.bat033908 PM.bat [2011-10-16 151] mel.bat060702 PM.bat [2011-10-18 151] mel.bat060706 PM.bat [2011-10-18 151] mel.bat060708 PM.bat [2011-10-18 151] mel.bat060801 PM.bat [2011-10-18 151] mel.bat060802 PM.bat [2011-10-18 151] mel.bat060900 PM.bat [2011-10-18 151] mel.bat062100 PM.bat [2011-10-18 151] mel.bat062101 PM.bat [2011-10-18 151] mel.bat062102 PM.bat [2011-10-18 151] mel.bat062103 PM.bat [2011-10-18 151] mel.bat062104 PM.bat [2011-10-18 151] mel.bat062105 PM.bat [2011-10-18 151] mel.bat062106 PM.bat [2011-10-18 151] mel.bat062107 PM.bat [2011-10-18 151] mel.bat062108 PM.bat [2011-10-18 151] mel.bat062109 PM.bat [2011-10-18 151] mel.bat062200 PM.bat [2011-10-18 151] mel.bat062201 PM.bat [2011-10-18 151] mel.bat062202 PM.bat [2011-10-18 151] mel.bat062203 PM.bat [2011-10-18 151] mel.bat062204 PM.bat [2011-10-18 151] mel.bat062205 PM.bat [2011-10-18 151] mel.bat062206 PM.bat [2011-10-18 151] mel.bat062207 PM.bat [2011-10-18 151] mel.bat062208 PM.bat [2011-10-18 151] mel.bat062209 PM.bat [2011-10-18 151] mel.bat093102 PM.bat [2011-10-16 151] mel.bat093105 PM.bat [2011-10-16 151] mel.bat094400 PM.bat [2011-10-16 151] mel.bat094401 PM.bat [2011-10-16 151] mel.bat094402 PM.bat [2011-10-16 151] mel.bat094403 PM.bat [2011-10-16 151] mel.bat094404 PM.bat [2011-10-16 151] mel.bat094405 PM.bat [2011-10-16 151] mel.bat094406 PM.bat [2011-10-16 151] mel.bat094407 PM.bat [2011-10-16 151] mel.bat094408 PM.bat [2011-10-16 151] mel.bat094409 PM.bat [2011-10-16 151] mel.bat104200 PM.bat [2011-10-14 151] mel.bat105511 PM.bat [2011-10-14 151] mel.bat105516 PM.bat [2011-10-14 151] mel.bat105517 PM.bat [2011-10-14 151] mel.bat105518 PM.bat [2011-10-14 151] mel.bat105520 PM.bat [2011-10-14 151] mel.bat105521 PM.bat [2011-10-14 151] mel.bat105522 PM.bat [2011-10-14 151] mel.bat113211 PM.bat [2011-10-19 151] mel.bat113413 PM.bat [2011-10-19 151] mel.bat113418 PM.bat [2011-10-19 151] mel.bat113718 PM.bat [2011-10-19 151] mel.bat113719 PM.bat [2011-10-19 151] mel.bat115105 PM.bat [2011-10-12 151] mel.bat115815 PM.bat [2011-10-19 151] mel.bat120010 PM.bat [2011-10-19 151] mel.bat120016 PM.bat [2011-10-19 151] mel.bat120118 PM.bat [2011-10-19 151] mel.bat120119 PM.bat [2011-10-19 151] mel.bat120218 AM.bat [2011-10-18 151] mel.bat120218 PM.bat [2011-10-19 151] mel.bat120223 AM.bat [2011-10-18 151] mel.bat120236 AM.bat [2011-10-18 151] mel.bat120309 AM.bat [2011-10-18 151] mel.bat120310 PM.bat [2011-10-19 151] mel.bat120313 PM.bat [2011-10-19 151] mel.bat120316 PM.bat [2011-10-19 151] mel.bat120332 AM.bat [2011-10-18 151] mel.bat120336 AM.bat [2011-10-18 151] mel.bat120425 AM.bat [2011-10-13 151] mel.bat120426 AM.bat [2011-10-13 151] mel.bat121527 AM.bat [2011-10-18 151] mel.bat121528 AM.bat [2011-10-18 151] mel.bat121529 AM.bat [2011-10-18 151] mel.bat121530 AM.bat [2011-10-18 151] mel.bat121531 AM.bat [2011-10-18 151] mel.bat121532 AM.bat [2011-10-18 151] mel.bat121533 AM.bat [2011-10-18 151] mel.bat121534 AM.bat [2011-10-18 151] mel.bat121535 AM.bat [2011-10-18 151] mel.bat121536 AM.bat [2011-10-18 151] mel.bat121537 AM.bat [2011-10-18 151] mel.bat121538 AM.bat [2011-10-18 151] mel.bat121539 AM.bat [2011-10-18 151] mel.bat121540 AM.bat [2011-10-18 151] mel.bat121541 AM.bat [2011-10-18 151] mel.bat121542 AM.bat [2011-10-18 151] mel.bat121543 AM.bat [2011-10-18 151] mel.bat121544 AM.bat [2011-10-18 151] mel.bat121545 AM.bat [2011-10-18 151] mel.bat121546 AM.bat [2011-10-18 151] mel.bat121547 AM.bat [2011-10-18 151] mel.bat121548 AM.bat [2011-10-18 151] mel.bat121549 AM.bat [2011-10-18 151] mel.bat121550 AM.bat [2011-10-18 151] mel.bat121551 AM.bat [2011-10-18 151] mel.bat121552 AM.bat [2011-10-18 151] mel.bat121553 AM.bat [2011-10-18 151] mel.bat121554 AM.bat [2011-10-18 151] mel.bat121555 AM.bat [2011-10-18 151] mel.bat121556 AM.bat [2011-10-18 151] mel.bat121557 AM.bat [2011-10-18 151] mel.bat121558 AM.bat [2011-10-18 151] mel.bat121559 AM.bat [2011-10-18 151] mel.bat121600 AM.bat [2011-10-18 151] mel.bat121601 AM.bat [2011-10-18 151] mel.bat121602 AM.bat [2011-10-18 151] mel.bat121603 AM.bat [2011-10-18 151] mel.bat121604 AM.bat [2011-10-18 151] mel.bat121605 AM.bat [2011-10-18 151] mel.bat121606 AM.bat [2011-10-18 151] mel.bat121607 AM.bat [2011-10-18 151] mel.bat121608 AM.bat [2011-10-18 151] mel.bat121609 AM.bat [2011-10-18 151] mel.bat121610 AM.bat [2011-10-18 151] mel.bat121611 AM.bat [2011-10-18 151] mel.bat121612 AM.bat [2011-10-18 151] mel.bat121613 AM.bat [2011-10-18 151] mel.bat121614 AM.bat [2011-10-18 151] mel.bat121615 AM.bat [2011-10-18 151] mel.bat121616 AM.bat [2011-10-18 151] mel.bat121617 AM.bat [2011-10-18 151] mel.bat121618 AM.bat [2011-10-18 151] mel.bat121619 AM.bat [2011-10-18 151] mel.bat121620 AM.bat [2011-10-18 151] mel.bat121621 AM.bat [2011-10-18 151] mel.bat121622 AM.bat [2011-10-18 151] mel.bat121623 AM.bat [2011-10-18 151] mel.bat121624 AM.bat [2011-10-18 151] mel.bat121625 AM.bat [2011-10-18 151] mel.bat121626 AM.bat [2011-10-18 151] mel.bat121627 AM.bat [2011-10-18 151] mel.bat121628 AM.bat [2011-10-18 151] mel.bat121629 AM.bat [2011-10-18 151] mel.bat121630 AM.bat [2011-10-18 151] mel.bat121631 AM.bat [2011-10-18 151] mel.bat121632 AM.bat [2011-10-18 151] mel.bat121640 AM.bat [2011-10-18 151] mel.bat121641 AM.bat [2011-10-18 151] mel.bat121642 AM.bat [2011-10-18 151] mel.bat121643 AM.bat [2011-10-18 151] mel.bat121644 AM.bat [2011-10-18 151] mel.bat121645 AM.bat [2011-10-18 151] mel.bat121646 AM.bat [2011-10-18 151] mel.bat121647 AM.bat [2011-10-18 151] mel.bat121648 AM.bat [2011-10-18 151] mel.bat121650 AM.bat [2011-10-18 151] mel.bat121651 AM.bat [2011-10-18 151] mel.bat121652 AM.bat [2011-10-18 151] mel.bat121653 AM.bat [2011-10-18 151] mel.bat121654 AM.bat [2011-10-18 151] mel.bat121655 AM.bat [2011-10-18 151] mel.bat121656 AM.bat [2011-10-18 151] mel.bat123410 PM.bat [2011-10-19 151] mel.bat123510 PM.bat [2011-10-19 151] mel.bat123515 PM.bat [2011-10-19 151] mel.bat123517 PM.bat [2011-10-19 151] mel.bat123518 PM.bat [2011-10-19 151] mel.bat124018 PM.bat [2011-10-19 151] mel.bat124113 PM.bat [2011-10-19 151] mel.bat124711 PM.bat [2011-10-19 151] mel.bat124713 PM.bat [2011-10-19 151] mel.bat125614 PM.bat [2011-10-19 151] mel.bat125718 PM.bat [2011-10-19 151] mel.bat125811 PM.bat [2011-10-19 151] mel.bat125819 PM.bat [2011-10-19 151] mel.bat125912 PM.bat [2011-10-19 151] mel.bat130017 PM.bat [2011-10-19 151] mel.bat132210 PM.bat [2011-10-15 151] mel.bat132211 PM.bat [2011-10-15 151] mel.bat132212 PM.bat [2011-10-15 151] mel.bat132213 PM.bat [2011-10-15 151] mel.bat162011 PM.bat [2011-10-18 151] mel.bat162012 PM.bat [2011-10-18 151] mel.bat162013 PM.bat [2011-10-18 151] mel.bat162014 PM.bat [2011-10-18 151] mel.bat162015 PM.bat [2011-10-18 151] mel.bat162016 PM.bat [2011-10-18 151] mel.bat162017 PM.bat [2011-10-18 151] mel.bat162018 PM.bat [2011-10-18 151] mel.bat162019 PM.bat [2011-10-18 151] mel.bat162110 PM.bat [2011-10-18 151] mel.bat162111 PM.bat [2011-10-18 151] mel.bat162112 PM.bat [2011-10-18 151] mel.bat162113 PM.bat [2011-10-18 151] mel.bat162114 PM.bat [2011-10-18 151] mel.bat162115 PM.bat [2011-10-18 151] mel.bat162116 PM.bat [2011-10-18 151] mel.bat162117 PM.bat [2011-10-18 151] mel.bat162118 PM.bat [2011-10-18 151] mel.bat162119 PM.bat [2011-10-18 151] mel.bat162210 PM.bat [2011-10-18 151] mel.bat162211 PM.bat [2011-10-18 151] mel.bat162212 PM.bat [2011-10-18 151] mel.bat162213 PM.bat [2011-10-18 151] mel.bat162216 PM.bat [2011-10-18 151] mel.bat162217 PM.bat [2011-10-18 151] mel.bat162219 PM.bat [2011-10-18 151] mel.bat172619 PM.bat [2011-10-14 151] mel.bat174712 PM.bat [2011-10-12 151] mel.bat194410 PM.bat [2011-10-16 151] mel.bat194411 PM.bat [2011-10-16 151] mel.bat194412 PM.bat [2011-10-16 151] mel.bat194413 PM.bat [2011-10-16 151] mel.bat194414 PM.bat [2011-10-16 151] mel.bat194415 PM.bat [2011-10-16 151] mel.bat194416 PM.bat [2011-10-16 151] mel.bat194417 PM.bat [2011-10-16 151] mel.bat194418 PM.bat [2011-10-16 151] mel.bat194419 PM.bat [2011-10-16 151] mel.bat213221 PM.bat [2011-10-19 151] mel.bat213321 PM.bat [2011-10-19 151] mel.bat213324 PM.bat [2011-10-19 151] mel.bat213327 PM.bat [2011-10-19 151] mel.bat213426 PM.bat [2011-10-19 151] mel.bat213429 PM.bat [2011-10-19 151] mel.bat213520 PM.bat [2011-10-19 151] mel.bat213523 PM.bat [2011-10-19 151] mel.bat220021 PM.bat [2011-10-19 151] mel.bat220024 PM.bat [2011-10-19 151] mel.bat220123 PM.bat [2011-10-19 151] mel.bat220127 PM.bat [2011-10-19 151] mel.bat220222 PM.bat [2011-10-19 151] mel.bat220320 PM.bat [2011-10-19 151] mel.bat220322 PM.bat [2011-10-19 151] mel.bat220324 PM.bat [2011-10-19 151] mel.bat220328 PM.bat [2011-10-19 151] mel.bat220329 PM.bat [2011-10-19 151] mel.bat223421 PM.bat [2011-10-19 151] mel.bat223427 PM.bat [2011-10-19 151] mel.bat223521 PM.bat [2011-10-19 151] mel.bat223524 PM.bat [2011-10-19 151] mel.bat223525 PM.bat [2011-10-19 151] mel.bat223526 PM.bat [2011-10-19 151] mel.bat223529 PM.bat [2011-10-19 151] mel.bat223624 PM.bat [2011-10-19 151] mel.bat223723 PM.bat [2011-10-19 151] mel.bat223823 AM.bat [2011-10-14 151] mel.bat223923 PM.bat [2011-10-19 151] mel.bat224123 PM.bat [2011-10-19 151] mel.bat224722 PM.bat [2011-10-19 151] mel.bat225029 PM.bat [2011-10-19 151] mel.bat225721 PM.bat [2011-10-19 151] mel.bat225724 PM.bat [2011-10-19 151] mel.bat225921 PM.bat [2011-10-19 151] mel.bat230324 PM.bat [2011-10-13 151] mel.bat230325 PM.bat [2011-10-13 151] mel.bat230326 PM.bat [2011-10-13 151] mel.bat233828 PM.bat [2011-10-16 151] mel.bat233829 PM.bat [2011-10-16 151] mel.bat260723 PM.bat [2011-10-18 151] mel.bat260829 PM.bat [2011-10-18 151] mel.bat262020 PM.bat [2011-10-18 151] mel.bat262021 PM.bat [2011-10-18 151] mel.bat262022 PM.bat [2011-10-18 151] mel.bat262023 PM.bat [2011-10-18 151] mel.bat262024 PM.bat [2011-10-18 151] mel.bat262025 PM.bat [2011-10-18 151] mel.bat262026 PM.bat [2011-10-18 151] mel.bat262027 PM.bat [2011-10-18 151] mel.bat262028 PM.bat [2011-10-18 151] mel.bat262029 PM.bat [2011-10-18 151] mel.bat262120 PM.bat [2011-10-18 151] mel.bat262121 PM.bat [2011-10-18 151] mel.bat262122 PM.bat [2011-10-18 151] mel.bat262123 PM.bat [2011-10-18 151] mel.bat262124 PM.bat [2011-10-18 151] mel.bat262125 PM.bat [2011-10-18 151] mel.bat262126 PM.bat [2011-10-18 151] mel.bat262127 PM.bat [2011-10-18 151] mel.bat262128 PM.bat [2011-10-18 151] mel.bat262129 PM.bat [2011-10-18 151] mel.bat262220 PM.bat [2011-10-18 151] mel.bat262221 PM.bat [2011-10-18 151] mel.bat262222 PM.bat [2011-10-18 151] mel.bat262223 PM.bat [2011-10-18 151] mel.bat262224 PM.bat [2011-10-18 151] mel.bat262225 PM.bat [2011-10-18 151] mel.bat262226 PM.bat [2011-10-18 151] mel.bat262227 PM.bat [2011-10-18 151] mel.bat262228 PM.bat [2011-10-18 151] mel.bat262229 PM.bat [2011-10-18 151] mel.bat272622 PM.bat [2011-10-14 151] mel.bat294420 PM.bat [2011-10-16 151] mel.bat294421 PM.bat [2011-10-16 151] mel.bat294422 PM.bat [2011-10-16 151] mel.bat294423 PM.bat [2011-10-16 151] mel.bat294424 PM.bat [2011-10-16 151] mel.bat294425 PM.bat [2011-10-16 151] mel.bat294426 PM.bat [2011-10-16 151] mel.bat294429 PM.bat [2011-10-16 151] mel.bat313430 PM.bat [2011-10-19 151] mel.bat313432 PM.bat [2011-10-19 151] mel.bat313630 PM.bat [2011-10-19 151] mel.bat313633 PM.bat [2011-10-19 151] mel.bat313734 PM.bat [2011-10-19 151] mel.bat314130 PM.bat [2011-10-19 151] mel.bat314132 PM.bat [2011-10-19 151] mel.bat315830 PM.bat [2011-10-19 151] mel.bat315831 PM.bat [2011-10-19 151] mel.bat315836 PM.bat [2011-10-19 151] mel.bat320032 PM.bat [2011-10-19 151] mel.bat320035 PM.bat [2011-10-19 151] mel.bat320135 PM.bat [2011-10-19 151] mel.bat320136 PM.bat [2011-10-19 151] mel.bat320331 PM.bat [2011-10-19 151] mel.bat320332 PM.bat [2011-10-19 151] mel.bat320335 PM.bat [2011-10-19 151] mel.bat323334 PM.bat [2011-10-19 151] mel.bat323430 PM.bat [2011-10-19 151] mel.bat323432 PM.bat [2011-10-19 151] mel.bat323530 PM.bat [2011-10-19 151] mel.bat323531 PM.bat [2011-10-19 151] mel.bat323634 PM.bat [2011-10-19 151] mel.bat323636 PM.bat [2011-10-19 151] mel.bat323731 PM.bat [2011-10-19 151] mel.bat323737 PM.bat [2011-10-19 151] mel.bat323933 PM.bat [2011-10-19 151] mel.bat324030 PM.bat [2011-10-19 151] mel.bat324032 PM.bat [2011-10-19 151] mel.bat325532 PM.bat [2011-10-19 151] mel.bat325633 PM.bat [2011-10-19 151] mel.bat325738 PM.bat [2011-10-19 151] mel.bat325833 PM.bat [2011-10-19 151] mel.bat325932 PM.bat [2011-10-19 151] mel.bat325934 PM.bat [2011-10-19 151] mel.bat325937 PM.bat [2011-10-19 151] mel.bat325939 PM.bat [2011-10-19 151] mel.bat330030 PM.bat [2011-10-19 151] mel.bat330031 PM.bat [2011-10-19 151] mel.bat330833 PM.bat [2011-10-15 151] mel.bat333830 PM.bat [2011-10-16 151] mel.bat333831 PM.bat [2011-10-16 151] mel.bat333832 PM.bat [2011-10-16 151] mel.bat333833 PM.bat [2011-10-16 151] mel.bat333834 PM.bat [2011-10-16 151] mel.bat333835 PM.bat [2011-10-16 151] mel.bat333836 PM.bat [2011-10-16 151] mel.bat333837 PM.bat [2011-10-16 151] mel.bat333838 PM.bat [2011-10-16 151] mel.bat360832 PM.bat [2011-10-18 151] mel.bat360834 PM.bat [2011-10-18 151] mel.bat360836 PM.bat [2011-10-18 151] mel.bat360838 PM.bat [2011-10-18 151] mel.bat362030 PM.bat [2011-10-18 151] mel.bat362031 PM.bat [2011-10-18 151] mel.bat362032 PM.bat [2011-10-18 151] mel.bat362033 PM.bat [2011-10-18 151] mel.bat362034 PM.bat [2011-10-18 151] mel.bat362035 PM.bat [2011-10-18 151] mel.bat362036 PM.bat [2011-10-18 151] mel.bat362037 PM.bat [2011-10-18 151] mel.bat362038 PM.bat [2011-10-18 151] mel.bat362039 PM.bat [2011-10-18 151] mel.bat362130 PM.bat [2011-10-18 151] mel.bat362131 PM.bat [2011-10-18 151] mel.bat362132 PM.bat [2011-10-18 151] mel.bat362133 PM.bat [2011-10-18 151] mel.bat362134 PM.bat [2011-10-18 151] mel.bat362135 PM.bat [2011-10-18 151] mel.bat362136 PM.bat [2011-10-18 151] mel.bat362137 PM.bat [2011-10-18 151] mel.bat362138 PM.bat [2011-10-18 151] mel.bat362139 PM.bat [2011-10-18 151] mel.bat362230 PM.bat [2011-10-18 151] mel.bat393039 PM.bat [2011-10-16 151] mel.bat394430 PM.bat [2011-10-16 151] mel.bat394431 PM.bat [2011-10-16 151] mel.bat394432 PM.bat [2011-10-16 151] mel.bat394433 PM.bat [2011-10-16 151] mel.bat394434 PM.bat [2011-10-16 151] mel.bat394435 PM.bat [2011-10-16 151] mel.bat394436 PM.bat [2011-10-16 151] mel.bat394437 PM.bat [2011-10-16 151] mel.bat394438 PM.bat [2011-10-16 151] mel.bat394439 PM.bat [2011-10-16 151] mel.bat413146 PM.bat [2011-10-19 151] mel.bat413148 PM.bat [2011-10-19 151] mel.bat413244 PM.bat [2011-10-19 151] mel.bat413245 PM.bat [2011-10-19 151] mel.bat413347 PM.bat [2011-10-19 151] mel.bat413440 PM.bat [2011-10-19 151] mel.bat413442 PM.bat [2011-10-19 151] mel.bat413449 PM.bat [2011-10-19 151] mel.bat413642 PM.bat [2011-10-19 151] mel.bat413644 PM.bat [2011-10-19 151] mel.bat413647 PM.bat [2011-10-19 151] mel.bat414045 PM.bat [2011-10-19 151] mel.bat415843 PM.bat [2011-10-19 151] mel.bat415848 PM.bat [2011-10-19 151] mel.bat415849 PM.bat [2011-10-19 151] mel.bat415940 PM.bat [2011-10-19 151] mel.bat415942 PM.bat [2011-10-19 151] mel.bat420041 PM.bat [2011-10-19 151] mel.bat420043 PM.bat [2011-10-19 151] mel.bat420341 PM.bat [2011-10-19 151] mel.bat420342 PM.bat [2011-10-19 151] mel.bat423343 PM.bat [2011-10-19 151] mel.bat423440 PM.bat [2011-10-19 151] mel.bat423442 PM.bat [2011-10-19 151] mel.bat423449 PM.bat [2011-10-19 151] mel.bat423542 PM.bat [2011-10-19 151] mel.bat423547 PM.bat [2011-10-19 151] mel.bat423548 PM.bat [2011-10-19 151] mel.bat423549 PM.bat [2011-10-19 151] mel.bat423641 PM.bat [2011-10-19 151] mel.bat423646 PM.bat [2011-10-19 151] mel.bat423647 PM.bat [2011-10-19 151] mel.bat423648 PM.bat [2011-10-19 151] mel.bat423743 PM.bat [2011-10-19 151] mel.bat423942 PM.bat [2011-10-19 151] mel.bat425143 AM.bat [2011-10-14 151] mel.bat425144 AM.bat [2011-10-14 151] mel.bat425145 AM.bat [2011-10-14 151] mel.bat425146 AM.bat [2011-10-14 151] mel.bat425147 AM.bat [2011-10-14 151] mel.bat425148 AM.bat [2011-10-14 151] mel.bat425149 AM.bat [2011-10-14 151] mel.bat425645 PM.bat [2011-10-19 151] mel.bat425843 PM.bat [2011-10-19 151] mel.bat425846 PM.bat [2011-10-19 151] mel.bat425943 PM.bat [2011-10-19 151] mel.bat430040 PM.bat [2011-10-19 151] mel.bat432547 PM.bat [2011-10-16 151] mel.bat433840 PM.bat [2011-10-16 151] mel.bat433841 PM.bat [2011-10-16 151] mel.bat433842 PM.bat [2011-10-16 151] mel.bat433843 PM.bat [2011-10-16 151] mel.bat433844 PM.bat [2011-10-16 151] mel.bat433845 PM.bat [2011-10-16 151] mel.bat433846 PM.bat [2011-10-16 151] mel.bat433847 PM.bat [2011-10-16 151] mel.bat433848 PM.bat [2011-10-16 151] mel.bat433849 PM.bat [2011-10-16 151] mel.bat460840 PM.bat [2011-10-18 151] mel.bat460841 PM.bat [2011-10-18 151] mel.bat460844 PM.bat [2011-10-18 151] mel.bat460849 PM.bat [2011-10-18 151] mel.bat462040 PM.bat [2011-10-18 151] mel.bat462041 PM.bat [2011-10-18 151] mel.bat462042 PM.bat [2011-10-18 151] mel.bat462043 PM.bat [2011-10-18 151] mel.bat462044 PM.bat [2011-10-18 151] mel.bat462045 PM.bat [2011-10-18 151] mel.bat462046 PM.bat [2011-10-18 151] mel.bat462047 PM.bat [2011-10-18 151] mel.bat462048 PM.bat [2011-10-18 151] mel.bat462049 PM.bat [2011-10-18 151] mel.bat462140 PM.bat [2011-10-18 151] mel.bat462141 PM.bat [2011-10-18 151] mel.bat462142 PM.bat [2011-10-18 151] mel.bat462143 PM.bat [2011-10-18 151] mel.bat462144 PM.bat [2011-10-18 151] mel.bat462145 PM.bat [2011-10-18 151] mel.bat462146 PM.bat [2011-10-18 151] mel.bat462147 PM.bat [2011-10-18 151] mel.bat462148 PM.bat [2011-10-18 151] mel.bat462149 PM.bat [2011-10-18 151] mel.bat493046 PM.bat [2011-10-16 151] mel.bat494440 PM.bat [2011-10-16 151] mel.bat494441 PM.bat [2011-10-16 151] mel.bat494442 PM.bat [2011-10-16 151] mel.bat494443 PM.bat [2011-10-16 151] mel.bat513252 PM.bat [2011-10-19 151] mel.bat513254 PM.bat [2011-10-19 151] mel.bat515854 PM.bat [2011-10-19 151] mel.bat520052 PM.bat [2011-10-19 151] mel.bat520152 PM.bat [2011-10-19 151] mel.bat520156 PM.bat [2011-10-19 151] mel.bat520253 PM.bat [2011-10-19 151] mel.bat520255 PM.bat [2011-10-19 151] mel.bat520256 PM.bat [2011-10-19 151] mel.bat523353 PM.bat [2011-10-19 151] mel.bat523355 PM.bat [2011-10-19 151] mel.bat523356 PM.bat [2011-10-19 151] mel.bat523358 PM.bat [2011-10-19 151] mel.bat523450 PM.bat [2011-10-19 151] mel.bat523551 PM.bat [2011-10-19 151] mel.bat523553 PM.bat [2011-10-19 151] mel.bat523652 PM.bat [2011-10-19 151] mel.bat523656 PM.bat [2011-10-19 151] mel.bat523755 PM.bat [2011-10-19 151] mel.bat523952 PM.bat [2011-10-19 151] mel.bat524055 PM.bat [2011-10-19 151] mel.bat524056 PM.bat [2011-10-19 151] mel.bat524057 PM.bat [2011-10-19 151] mel.bat524654 PM.bat [2011-10-19 151] mel.bat524655 PM.bat [2011-10-19 151] mel.bat524658 PM.bat [2011-10-19 151] mel.bat525552 PM.bat [2011-10-19 151] mel.bat525556 PM.bat [2011-10-19 151] mel.bat525650 PM.bat [2011-10-19 151] mel.bat525652 PM.bat [2011-10-19 151] mel.bat525653 PM.bat [2011-10-19 151] mel.bat525657 PM.bat [2011-10-19 151] mel.bat525853 PM.bat [2011-10-19 151] mel.bat525855 PM.bat [2011-10-19 151] mel.bat525856 PM.bat [2011-10-19 151] mel.bat525857 PM.bat [2011-10-19 151] mel.bat530850 PM.bat [2011-10-15 151] mel.bat532153 PM.bat [2011-10-15 151] mel.bat532154 PM.bat [2011-10-15 151] mel.bat532155 PM.bat [2011-10-15 151] mel.bat532156 PM.bat [2011-10-15 151] mel.bat532157 PM.bat [2011-10-15 151] mel.bat532158 PM.bat [2011-10-15 151] mel.bat532159 PM.bat [2011-10-15 151] mel.bat533850 PM.bat [2011-10-16 151] mel.bat533851 PM.bat [2011-10-16 151] mel.bat533852 PM.bat [2011-10-16 151] mel.bat533853 PM.bat [2011-10-16 151] mel.bat533854 PM.bat [2011-10-16 151] mel.bat533855 PM.bat [2011-10-16 151] mel.bat533856 PM.bat [2011-10-16 151] mel.bat533857 PM.bat [2011-10-16 151] mel.bat533858 PM.bat [2011-10-16 151] mel.bat560650 PM.bat [2011-10-18 151] mel.bat560752 PM.bat [2011-10-18 151] mel.bat560850 PM.bat [2011-10-18 151] mel.bat560852 PM.bat [2011-10-18 151] mel.bat560857 PM.bat [2011-10-18 151] mel.bat562050 PM.bat [2011-10-18 151] mel.bat562051 PM.bat [2011-10-18 151] mel.bat562052 PM.bat [2011-10-18 151] mel.bat562053 PM.bat [2011-10-18 151] mel.bat562054 PM.bat [2011-10-18 151] mel.bat562055 PM.bat [2011-10-18 151] mel.bat562056 PM.bat [2011-10-18 151] mel.bat562057 PM.bat [2011-10-18 151] mel.bat562058 PM.bat [2011-10-18 151] mel.bat562059 PM.bat [2011-10-18 151] mel.bat562150 PM.bat [2011-10-18 151] mel.bat562151 PM.bat [2011-10-18 151] mel.bat562152 PM.bat [2011-10-18 151] mel.bat562153 PM.bat [2011-10-18 151] mel.bat562154 PM.bat [2011-10-18 151] mel.bat562155 PM.bat [2011-10-18 151] mel.bat562156 PM.bat [2011-10-18 151] mel.bat562157 PM.bat [2011-10-18 151] mel.bat562158 PM.bat [2011-10-18 151] mel.bat562159 PM.bat [2011-10-18 151] mel.bat571259 PM.bat [2011-10-14 151] mel.bat573352 PM.bat [2011-10-12 151] mel.bat594359 PM.bat [2011-10-16 151] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files (x86)\VMLaunch\BuddyVM.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-26 1431888] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-19 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-17 254528] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800] S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-07-27 14952] S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-15 383264] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-09 122856] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-09 369640] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152] S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184] S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-30 03:14 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 03:27] . 2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-29 00:54] . 2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-29 00:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\users\David Bessent\AppData\Roaming\Mozilla\Firefox\Profiles\8tt2bpms.default\ . - - - - ORPHANS REMOVED - - - - . AddRemove-SP_d33a5824 - c:\program files (x86)\EasyLife\uninstall.exe AddRemove-SP_e14dcdfa - c:\program files (x86)\ContinueToSave\uninstall.exe AddRemove-The Witcher Grafikmods_is1 - c:\program files (x86)\The Witcher\unins000.exe AddRemove-{06472C0F-DF4C-AFCC-5C62-99B2FEEBCC78} - c:\progra~3\INSTAL~1\{3087D~1\Setup.exe AddRemove-{6248E943-91A1-DCEB-46BE-A60AD45E938B} - c:\progra~3\INSTAL~1\{A7796~1\Setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\windows\SysWOW64\PnkBstrB.exe c:\programdata\TVersity\Media Server\MediaServer.exe c:\programdata\TVersity\Media Server\berkelium.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe . ************************************************************************** . Completion time: 2013-04-29 23:50:43 - machine was rebooted ComboFix-quarantined-files.txt 2013-04-30 03:50 ComboFix2.txt 2013-04-30 02:48 . Pre-Run: 391,241,367,552 bytes free Post-Run: 391,195,516,928 bytes free . - - End Of File - - 7EC416D226AA83978F34A914DCFEC884

After reinstalling Chrome the ads were gone and everything appears to be back to normal.

Here is the log from Combofix. After running the program I kept receiving the illegal operation notification but a quick restart fixed the problem. The malware from my secondary web browser (Mozilla Firefox) seems to be gone but I am still receiving the coupon ads on Google Chrome. ComboFix 13-04-29.01 - David Bessent 04/29/2013 22:33:53.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8169.6122 [GMT -4:00] Running from: c:\users\David Bessent\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\ntuser.dat c:\users\David Bessent\AppData\Local\Temp\_MEI47042\_ctypes.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\_elementtree.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\_hashlib.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\_socket.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\_ssl.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\pyexpat.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\pysqlite2._sqlite.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\python27.dll c:\users\David Bessent\AppData\Local\Temp\_MEI47042\pythoncom27.dll c:\users\David Bessent\AppData\Local\Temp\_MEI47042\PyWinTypes27.dll c:\users\David Bessent\AppData\Local\Temp\_MEI47042\select.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\unicodedata.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32api.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32com.shell.shell.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32crypt.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32event.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32file.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32inet.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32pdh.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32process.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32profile.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32security.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32ts.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\windows._cacheinvalidation.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wx._controls_.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wx._core_.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wx._gdi_.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wx._html2.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wx._misc_.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wx._windows_.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wx._wizard.pyd c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wxbase294u_net_vc90.dll c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wxbase294u_vc90.dll c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wxmsw294u_adv_vc90.dll c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wxmsw294u_core_vc90.dll c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wxmsw294u_html_vc90.dll c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wxmsw294u_webview_vc90.dll c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\_ctypes.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\_elementtree.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\_hashlib.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\_socket.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\_ssl.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\pyexpat.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\pysqlite2._sqlite.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\python27.dll c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\pythoncom27.dll c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\PyWinTypes27.dll c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\select.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\unicodedata.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32api.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32com.shell.shell.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32crypt.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32event.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32file.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32inet.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32pdh.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32process.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32profile.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32security.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32ts.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\windows._cacheinvalidation.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wx._controls_.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wx._core_.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wx._gdi_.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wx._html2.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wx._misc_.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wx._windows_.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wx._wizard.pyd c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wxbase294u_net_vc90.dll c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wxbase294u_vc90.dll c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wxmsw294u_adv_vc90.dll c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wxmsw294u_core_vc90.dll c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wxmsw294u_html_vc90.dll c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wxmsw294u_webview_vc90.dll c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-30 ))))))))))))))))))))))))))))))) . . 2013-04-30 02:42 . 2013-04-30 02:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-04-30 02:42 . 2013-04-30 02:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-30 00:25 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB79E734-A04E-405C-A6B2-DFF90D7FF858}\mpengine.dll 2013-04-29 22:32 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-24 00:14 . 2013-04-24 00:13 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D729F57-DB71-423E-A990-EBB2F43E7050}\gapaengine.dll 2013-04-24 00:08 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-14 23:54 . 2013-04-14 23:54 -------- d-----w- c:\users\David Bessent\AppData\Local\Macromedia 2013-04-11 02:32 . 2013-04-11 02:32 310688 ----a-w- c:\windows\system32\javaws.exe 2013-04-11 02:32 . 2013-04-11 02:32 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-04-11 02:32 . 2013-04-11 02:32 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-04-11 02:32 . 2013-04-11 02:32 188832 ----a-w- c:\windows\system32\javaw.exe 2013-04-11 02:32 . 2013-04-11 02:32 188320 ----a-w- c:\windows\system32\java.exe 2013-04-02 00:24 . 2013-04-30 02:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-04-02 00:24 . 2013-04-30 02:44 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2013-04-02 00:23 . 2013-04-02 00:23 -------- d-----w- c:\users\David Bessent\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-11 07:01 . 2011-06-15 21:52 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-11 03:27 . 2012-04-05 08:24 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-04-11 03:27 . 2011-06-17 06:07 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-11 02:32 . 2011-09-08 02:09 963488 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-02 10:34 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-03-15 05:53 . 2013-03-25 22:31 968408 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2013-03-15 05:53 . 2013-03-25 22:31 9414456 ----a-w- c:\windows\system32\nvcuda.dll 2013-03-15 05:53 . 2013-03-25 22:31 7959000 ----a-w- c:\windows\SysWow64\nvcuda.dll 2013-03-15 05:53 . 2013-03-25 22:31 7573816 ----a-w- c:\windows\system32\nvopencl.dll 2013-03-15 05:53 . 2013-03-25 22:31 6271872 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-03-15 05:53 . 2013-03-25 22:31 2913056 ----a-w- c:\windows\system32\nvcuvid.dll 2013-03-15 05:53 . 2013-03-25 22:31 2728736 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2013-03-15 05:53 . 2013-03-25 22:31 25256736 ----a-w- c:\windows\system32\nvcompiler.dll 2013-03-15 05:53 . 2013-03-25 22:31 250504 ----a-w- c:\windows\system32\nvinitx.dll 2013-03-15 05:53 . 2013-03-25 22:31 2355488 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-03-15 05:53 . 2013-03-25 22:31 20542752 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-03-15 05:53 . 2013-03-25 22:31 205184 ----a-w- c:\windows\SysWow64\nvinit.dll 2013-03-15 05:53 . 2013-03-25 22:31 1995552 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2013-03-15 05:53 . 2013-03-25 22:31 1807136 ----a-w- c:\windows\system32\nvdispco6431422.dll 2013-03-15 05:53 . 2013-03-25 22:31 17990800 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-03-15 05:53 . 2013-03-25 22:31 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2013-03-15 05:53 . 2013-03-25 22:31 1510176 ----a-w- c:\windows\system32\nvdispgenco6431422.dll 2013-03-15 05:53 . 2013-03-25 22:31 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-03-15 05:53 . 2013-03-25 22:31 11048736 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-03-15 05:53 . 2012-10-11 02:22 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-03-15 05:53 . 2012-02-22 03:37 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-03-15 05:53 . 2011-06-16 01:01 26956576 ----a-w- c:\windows\system32\nvoglv64.dll 2013-03-15 05:53 . 2011-06-16 01:01 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-03-15 05:53 . 2011-06-16 01:01 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-03-15 05:53 . 2011-02-23 09:58 2864144 ----a-w- c:\windows\system32\nvapi64.dll 2013-03-15 04:16 . 2011-02-23 08:39 3477280 ----a-w- c:\windows\system32\nvsvc64.dll 2013-03-15 04:16 . 2011-02-23 08:39 6398240 ----a-w- c:\windows\system32\nvcpl.dll 2013-03-15 04:16 . 2011-02-23 08:38 877856 ----a-w- c:\windows\system32\nvvsvc.exe 2013-03-15 04:16 . 2011-02-23 08:38 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-03-15 04:16 . 2011-02-23 08:38 237856 ----a-w- c:\windows\system32\nvmctray.dll 2013-03-15 02:07 . 2013-03-15 02:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-03-13 16:24 . 2012-02-22 03:38 3065455 ----a-w- c:\windows\system32\nvcoproc.bin 2013-03-03 08:03 . 2011-10-17 03:05 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll 2013-03-03 08:02 . 2012-02-02 07:20 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll 2013-03-01 21:21 . 2013-03-01 21:21 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-01 21:21 . 2013-03-01 21:21 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-01 21:21 . 2011-09-08 02:06 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-12 05:45 . 2013-03-13 11:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 11:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 11:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 11:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 11:35 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 11:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 04:12 . 2013-03-16 01:01 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-10 03:25 . 2013-03-01 20:54 1807136 ----a-w- c:\windows\system32\nvdispco6420294.dll 2013-02-10 03:25 . 2013-03-01 20:54 1510176 ----a-w- c:\windows\system32\nvdispgenco6420162.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 19357112] "DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2009-12-09 645296] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . c:\users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\David Bessent\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] kill.bat [2011-10-12 42] mel.bat013202 PM.bat [2011-10-19 151] mel.bat013203 PM.bat [2011-10-19 151] mel.bat013204 PM.bat [2011-10-19 151] mel.bat013300 PM.bat [2011-10-19 151] mel.bat013403 PM.bat [2011-10-19 151] mel.bat013500 PM.bat [2011-10-19 151] mel.bat013503 PM.bat [2011-10-19 151] mel.bat013507 PM.bat [2011-10-19 151] mel.bat013509 PM.bat [2011-10-19 151] mel.bat015900 PM.bat [2011-10-19 151] mel.bat015903 PM.bat [2011-10-19 151] mel.bat020005 PM.bat [2011-10-19 151] mel.bat020104 PM.bat [2011-10-19 151] mel.bat020300 PM.bat [2011-10-19 151] mel.bat020303 PM.bat [2011-10-19 151] mel.bat020305 PM.bat [2011-10-19 151] mel.bat023400 PM.bat [2011-10-19 151] mel.bat023406 PM.bat [2011-10-19 151] mel.bat023408 PM.bat [2011-10-19 151] mel.bat023409 PM.bat [2011-10-19 151] mel.bat023502 PM.bat [2011-10-19 151] mel.bat023507 PM.bat [2011-10-19 151] mel.bat023609 PM.bat [2011-10-19 151] mel.bat023708 PM.bat [2011-10-19 151] mel.bat023709 PM.bat [2011-10-19 151] mel.bat023801 PM.bat [2011-10-19 151] mel.bat023802 PM.bat [2011-10-19 151] mel.bat024004 PM.bat [2011-10-19 151] mel.bat024702 PM.bat [2011-10-19 151] mel.bat024703 PM.bat [2011-10-19 151] mel.bat024705 PM.bat [2011-10-19 151] mel.bat024708 PM.bat [2011-10-19 151] mel.bat025600 PM.bat [2011-10-19 151] mel.bat025602 PM.bat [2011-10-19 151] mel.bat025603 PM.bat [2011-10-19 151] mel.bat025803 PM.bat [2011-10-19 151] mel.bat025805 PM.bat [2011-10-19 151] mel.bat025901 PM.bat [2011-10-19 151] mel.bat025902 PM.bat [2011-10-19 151] mel.bat030009 PM.bat [2011-10-19 151] mel.bat032200 PM.bat [2011-10-15 151] mel.bat032201 PM.bat [2011-10-15 151] mel.bat032202 PM.bat [2011-10-15 151] mel.bat032203 PM.bat [2011-10-15 151] mel.bat032204 PM.bat [2011-10-15 151] mel.bat032205 PM.bat [2011-10-15 151] mel.bat032206 PM.bat [2011-10-15 151] mel.bat032207 PM.bat [2011-10-15 151] mel.bat032208 PM.bat [2011-10-15 151] mel.bat032209 PM.bat [2011-10-15 151] mel.bat032508 PM.bat [2011-10-16 151] mel.bat033900 PM.bat [2011-10-16 151] mel.bat033901 PM.bat [2011-10-16 151] mel.bat033902 PM.bat [2011-10-16 151] mel.bat033903 PM.bat [2011-10-16 151] mel.bat033904 PM.bat [2011-10-16 151] mel.bat033905 PM.bat [2011-10-16 151] mel.bat033906 PM.bat [2011-10-16 151] mel.bat033907 PM.bat [2011-10-16 151] mel.bat033908 PM.bat [2011-10-16 151] mel.bat060702 PM.bat [2011-10-18 151] mel.bat060706 PM.bat [2011-10-18 151] mel.bat060708 PM.bat [2011-10-18 151] mel.bat060801 PM.bat [2011-10-18 151] mel.bat060802 PM.bat [2011-10-18 151] mel.bat060900 PM.bat [2011-10-18 151] mel.bat062100 PM.bat [2011-10-18 151] mel.bat062101 PM.bat [2011-10-18 151] mel.bat062102 PM.bat [2011-10-18 151] mel.bat062103 PM.bat [2011-10-18 151] mel.bat062104 PM.bat [2011-10-18 151] mel.bat062105 PM.bat [2011-10-18 151] mel.bat062106 PM.bat [2011-10-18 151] mel.bat062107 PM.bat [2011-10-18 151] mel.bat062108 PM.bat [2011-10-18 151] mel.bat062109 PM.bat [2011-10-18 151] mel.bat062200 PM.bat [2011-10-18 151] mel.bat062201 PM.bat [2011-10-18 151] mel.bat062202 PM.bat [2011-10-18 151] mel.bat062203 PM.bat [2011-10-18 151] mel.bat062204 PM.bat [2011-10-18 151] mel.bat062205 PM.bat [2011-10-18 151] mel.bat062206 PM.bat [2011-10-18 151] mel.bat062207 PM.bat [2011-10-18 151] mel.bat062208 PM.bat [2011-10-18 151] mel.bat062209 PM.bat [2011-10-18 151] mel.bat093102 PM.bat [2011-10-16 151] mel.bat093105 PM.bat [2011-10-16 151] mel.bat094400 PM.bat [2011-10-16 151] mel.bat094401 PM.bat [2011-10-16 151] mel.bat094402 PM.bat [2011-10-16 151] mel.bat094403 PM.bat [2011-10-16 151] mel.bat094404 PM.bat [2011-10-16 151] mel.bat094405 PM.bat [2011-10-16 151] mel.bat094406 PM.bat [2011-10-16 151] mel.bat094407 PM.bat [2011-10-16 151] mel.bat094408 PM.bat [2011-10-16 151] mel.bat094409 PM.bat [2011-10-16 151] mel.bat104200 PM.bat [2011-10-14 151] mel.bat105511 PM.bat [2011-10-14 151] mel.bat105516 PM.bat [2011-10-14 151] mel.bat105517 PM.bat [2011-10-14 151] mel.bat105518 PM.bat [2011-10-14 151] mel.bat105520 PM.bat [2011-10-14 151] mel.bat105521 PM.bat [2011-10-14 151] mel.bat105522 PM.bat [2011-10-14 151] mel.bat113211 PM.bat [2011-10-19 151] mel.bat113413 PM.bat [2011-10-19 151] mel.bat113418 PM.bat [2011-10-19 151] mel.bat113718 PM.bat [2011-10-19 151] mel.bat113719 PM.bat [2011-10-19 151] mel.bat115105 PM.bat [2011-10-12 151] mel.bat115815 PM.bat [2011-10-19 151] mel.bat120010 PM.bat [2011-10-19 151] mel.bat120016 PM.bat [2011-10-19 151] mel.bat120118 PM.bat [2011-10-19 151] mel.bat120119 PM.bat [2011-10-19 151] mel.bat120218 AM.bat [2011-10-18 151] mel.bat120218 PM.bat [2011-10-19 151] mel.bat120223 AM.bat [2011-10-18 151] mel.bat120236 AM.bat [2011-10-18 151] mel.bat120309 AM.bat [2011-10-18 151] mel.bat120310 PM.bat [2011-10-19 151] mel.bat120313 PM.bat [2011-10-19 151] mel.bat120316 PM.bat [2011-10-19 151] mel.bat120332 AM.bat [2011-10-18 151] mel.bat120336 AM.bat [2011-10-18 151] mel.bat120425 AM.bat [2011-10-13 151] mel.bat120426 AM.bat [2011-10-13 151] mel.bat121527 AM.bat [2011-10-18 151] mel.bat121528 AM.bat [2011-10-18 151] mel.bat121529 AM.bat [2011-10-18 151] mel.bat121530 AM.bat [2011-10-18 151] mel.bat121531 AM.bat [2011-10-18 151] mel.bat121532 AM.bat [2011-10-18 151] mel.bat121533 AM.bat [2011-10-18 151] mel.bat121534 AM.bat [2011-10-18 151] mel.bat121535 AM.bat [2011-10-18 151] mel.bat121536 AM.bat [2011-10-18 151] mel.bat121537 AM.bat [2011-10-18 151] mel.bat121538 AM.bat [2011-10-18 151] mel.bat121539 AM.bat [2011-10-18 151] mel.bat121540 AM.bat [2011-10-18 151] mel.bat121541 AM.bat [2011-10-18 151] mel.bat121542 AM.bat [2011-10-18 151] mel.bat121543 AM.bat [2011-10-18 151] mel.bat121544 AM.bat [2011-10-18 151] mel.bat121545 AM.bat [2011-10-18 151] mel.bat121546 AM.bat [2011-10-18 151] mel.bat121547 AM.bat [2011-10-18 151] mel.bat121548 AM.bat [2011-10-18 151] mel.bat121549 AM.bat [2011-10-18 151] mel.bat121550 AM.bat [2011-10-18 151] mel.bat121551 AM.bat [2011-10-18 151] mel.bat121552 AM.bat [2011-10-18 151] mel.bat121553 AM.bat [2011-10-18 151] mel.bat121554 AM.bat [2011-10-18 151] mel.bat121555 AM.bat [2011-10-18 151] mel.bat121556 AM.bat [2011-10-18 151] mel.bat121557 AM.bat [2011-10-18 151] mel.bat121558 AM.bat [2011-10-18 151] mel.bat121559 AM.bat [2011-10-18 151] mel.bat121600 AM.bat [2011-10-18 151] mel.bat121601 AM.bat [2011-10-18 151] mel.bat121602 AM.bat [2011-10-18 151] mel.bat121603 AM.bat [2011-10-18 151] mel.bat121604 AM.bat [2011-10-18 151] mel.bat121605 AM.bat [2011-10-18 151] mel.bat121606 AM.bat [2011-10-18 151] mel.bat121607 AM.bat [2011-10-18 151] mel.bat121608 AM.bat [2011-10-18 151] mel.bat121609 AM.bat [2011-10-18 151] mel.bat121610 AM.bat [2011-10-18 151] mel.bat121611 AM.bat [2011-10-18 151] mel.bat121612 AM.bat [2011-10-18 151] mel.bat121613 AM.bat [2011-10-18 151] mel.bat121614 AM.bat [2011-10-18 151] mel.bat121615 AM.bat [2011-10-18 151] mel.bat121616 AM.bat [2011-10-18 151] mel.bat121617 AM.bat [2011-10-18 151] mel.bat121618 AM.bat [2011-10-18 151] mel.bat121619 AM.bat [2011-10-18 151] mel.bat121620 AM.bat [2011-10-18 151] mel.bat121621 AM.bat [2011-10-18 151] mel.bat121622 AM.bat [2011-10-18 151] mel.bat121623 AM.bat [2011-10-18 151] mel.bat121624 AM.bat [2011-10-18 151] mel.bat121625 AM.bat [2011-10-18 151] mel.bat121626 AM.bat [2011-10-18 151] mel.bat121627 AM.bat [2011-10-18 151] mel.bat121628 AM.bat [2011-10-18 151] mel.bat121629 AM.bat [2011-10-18 151] mel.bat121630 AM.bat [2011-10-18 151] mel.bat121631 AM.bat [2011-10-18 151] mel.bat121632 AM.bat [2011-10-18 151] mel.bat121640 AM.bat [2011-10-18 151] mel.bat121641 AM.bat [2011-10-18 151] mel.bat121642 AM.bat [2011-10-18 151] mel.bat121643 AM.bat [2011-10-18 151] mel.bat121644 AM.bat [2011-10-18 151] mel.bat121645 AM.bat [2011-10-18 151] mel.bat121646 AM.bat [2011-10-18 151] mel.bat121647 AM.bat [2011-10-18 151] mel.bat121648 AM.bat [2011-10-18 151] mel.bat121650 AM.bat [2011-10-18 151] mel.bat121651 AM.bat [2011-10-18 151] mel.bat121652 AM.bat [2011-10-18 151] mel.bat121653 AM.bat [2011-10-18 151] mel.bat121654 AM.bat [2011-10-18 151] mel.bat121655 AM.bat [2011-10-18 151] mel.bat121656 AM.bat [2011-10-18 151] mel.bat123410 PM.bat [2011-10-19 151] mel.bat123510 PM.bat [2011-10-19 151] mel.bat123515 PM.bat [2011-10-19 151] mel.bat123517 PM.bat [2011-10-19 151] mel.bat123518 PM.bat [2011-10-19 151] mel.bat124018 PM.bat [2011-10-19 151] mel.bat124113 PM.bat [2011-10-19 151] mel.bat124711 PM.bat [2011-10-19 151] mel.bat124713 PM.bat [2011-10-19 151] mel.bat125614 PM.bat [2011-10-19 151] mel.bat125718 PM.bat [2011-10-19 151] mel.bat125811 PM.bat [2011-10-19 151] mel.bat125819 PM.bat [2011-10-19 151] mel.bat125912 PM.bat [2011-10-19 151] mel.bat130017 PM.bat [2011-10-19 151] mel.bat132210 PM.bat [2011-10-15 151] mel.bat132211 PM.bat [2011-10-15 151] mel.bat132212 PM.bat [2011-10-15 151] mel.bat132213 PM.bat [2011-10-15 151] mel.bat162011 PM.bat [2011-10-18 151] mel.bat162012 PM.bat [2011-10-18 151] mel.bat162013 PM.bat [2011-10-18 151] mel.bat162014 PM.bat [2011-10-18 151] mel.bat162015 PM.bat [2011-10-18 151] mel.bat162016 PM.bat [2011-10-18 151] mel.bat162017 PM.bat [2011-10-18 151] mel.bat162018 PM.bat [2011-10-18 151] mel.bat162019 PM.bat [2011-10-18 151] mel.bat162110 PM.bat [2011-10-18 151] mel.bat162111 PM.bat [2011-10-18 151] mel.bat162112 PM.bat [2011-10-18 151] mel.bat162113 PM.bat [2011-10-18 151] mel.bat162114 PM.bat [2011-10-18 151] mel.bat162115 PM.bat [2011-10-18 151] mel.bat162116 PM.bat [2011-10-18 151] mel.bat162117 PM.bat [2011-10-18 151] mel.bat162118 PM.bat [2011-10-18 151] mel.bat162119 PM.bat [2011-10-18 151] mel.bat162210 PM.bat [2011-10-18 151] mel.bat162211 PM.bat [2011-10-18 151] mel.bat162212 PM.bat [2011-10-18 151] mel.bat162213 PM.bat [2011-10-18 151] mel.bat162216 PM.bat [2011-10-18 151] mel.bat162217 PM.bat [2011-10-18 151] mel.bat162219 PM.bat [2011-10-18 151] mel.bat172619 PM.bat [2011-10-14 151] mel.bat174712 PM.bat [2011-10-12 151] mel.bat194410 PM.bat [2011-10-16 151] mel.bat194411 PM.bat [2011-10-16 151] mel.bat194412 PM.bat [2011-10-16 151] mel.bat194413 PM.bat [2011-10-16 151] mel.bat194414 PM.bat [2011-10-16 151] mel.bat194415 PM.bat [2011-10-16 151] mel.bat194416 PM.bat [2011-10-16 151] mel.bat194417 PM.bat [2011-10-16 151] mel.bat194418 PM.bat [2011-10-16 151] mel.bat194419 PM.bat [2011-10-16 151] mel.bat213221 PM.bat [2011-10-19 151] mel.bat213321 PM.bat [2011-10-19 151] mel.bat213324 PM.bat [2011-10-19 151] mel.bat213327 PM.bat [2011-10-19 151] mel.bat213426 PM.bat [2011-10-19 151] mel.bat213429 PM.bat [2011-10-19 151] mel.bat213520 PM.bat [2011-10-19 151] mel.bat213523 PM.bat [2011-10-19 151] mel.bat220021 PM.bat [2011-10-19 151] mel.bat220024 PM.bat [2011-10-19 151] mel.bat220123 PM.bat [2011-10-19 151] mel.bat220127 PM.bat [2011-10-19 151] mel.bat220222 PM.bat [2011-10-19 151] mel.bat220320 PM.bat [2011-10-19 151] mel.bat220322 PM.bat [2011-10-19 151] mel.bat220324 PM.bat [2011-10-19 151] mel.bat220328 PM.bat [2011-10-19 151] mel.bat220329 PM.bat [2011-10-19 151] mel.bat223421 PM.bat [2011-10-19 151] mel.bat223427 PM.bat [2011-10-19 151] mel.bat223521 PM.bat [2011-10-19 151] mel.bat223524 PM.bat [2011-10-19 151] mel.bat223525 PM.bat [2011-10-19 151] mel.bat223526 PM.bat [2011-10-19 151] mel.bat223529 PM.bat [2011-10-19 151] mel.bat223624 PM.bat [2011-10-19 151] mel.bat223723 PM.bat [2011-10-19 151] mel.bat223823 AM.bat [2011-10-14 151] mel.bat223923 PM.bat [2011-10-19 151] mel.bat224123 PM.bat [2011-10-19 151] mel.bat224722 PM.bat [2011-10-19 151] mel.bat225029 PM.bat [2011-10-19 151] mel.bat225721 PM.bat [2011-10-19 151] mel.bat225724 PM.bat [2011-10-19 151] mel.bat225921 PM.bat [2011-10-19 151] mel.bat230324 PM.bat [2011-10-13 151] mel.bat230325 PM.bat [2011-10-13 151] mel.bat230326 PM.bat [2011-10-13 151] mel.bat233828 PM.bat [2011-10-16 151] mel.bat233829 PM.bat [2011-10-16 151] mel.bat260723 PM.bat [2011-10-18 151] mel.bat260829 PM.bat [2011-10-18 151] mel.bat262020 PM.bat [2011-10-18 151] mel.bat262021 PM.bat [2011-10-18 151] mel.bat262022 PM.bat [2011-10-18 151] mel.bat262023 PM.bat [2011-10-18 151] mel.bat262024 PM.bat [2011-10-18 151] mel.bat262025 PM.bat [2011-10-18 151] mel.bat262026 PM.bat [2011-10-18 151] mel.bat262027 PM.bat [2011-10-18 151] mel.bat262028 PM.bat [2011-10-18 151] mel.bat262029 PM.bat [2011-10-18 151] mel.bat262120 PM.bat [2011-10-18 151] mel.bat262121 PM.bat [2011-10-18 151] mel.bat262122 PM.bat [2011-10-18 151] mel.bat262123 PM.bat [2011-10-18 151] mel.bat262124 PM.bat [2011-10-18 151] mel.bat262125 PM.bat [2011-10-18 151] mel.bat262126 PM.bat [2011-10-18 151] mel.bat262127 PM.bat [2011-10-18 151] mel.bat262128 PM.bat [2011-10-18 151] mel.bat262129 PM.bat [2011-10-18 151] mel.bat262220 PM.bat [2011-10-18 151] mel.bat262221 PM.bat [2011-10-18 151] mel.bat262222 PM.bat [2011-10-18 151] mel.bat262223 PM.bat [2011-10-18 151] mel.bat262224 PM.bat [2011-10-18 151] mel.bat262225 PM.bat [2011-10-18 151] mel.bat262226 PM.bat [2011-10-18 151] mel.bat262227 PM.bat [2011-10-18 151] mel.bat262228 PM.bat [2011-10-18 151] mel.bat262229 PM.bat [2011-10-18 151] mel.bat272622 PM.bat [2011-10-14 151] mel.bat294420 PM.bat [2011-10-16 151] mel.bat294421 PM.bat [2011-10-16 151] mel.bat294422 PM.bat [2011-10-16 151] mel.bat294423 PM.bat [2011-10-16 151] mel.bat294424 PM.bat [2011-10-16 151] mel.bat294425 PM.bat [2011-10-16 151] mel.bat294426 PM.bat [2011-10-16 151] mel.bat294429 PM.bat [2011-10-16 151] mel.bat313430 PM.bat [2011-10-19 151] mel.bat313432 PM.bat [2011-10-19 151] mel.bat313630 PM.bat [2011-10-19 151] mel.bat313633 PM.bat [2011-10-19 151] mel.bat313734 PM.bat [2011-10-19 151] mel.bat314130 PM.bat [2011-10-19 151] mel.bat314132 PM.bat [2011-10-19 151] mel.bat315830 PM.bat [2011-10-19 151] mel.bat315831 PM.bat [2011-10-19 151] mel.bat315836 PM.bat [2011-10-19 151] mel.bat320032 PM.bat [2011-10-19 151] mel.bat320035 PM.bat [2011-10-19 151] mel.bat320135 PM.bat [2011-10-19 151] mel.bat320136 PM.bat [2011-10-19 151] mel.bat320331 PM.bat [2011-10-19 151] mel.bat320332 PM.bat [2011-10-19 151] mel.bat320335 PM.bat [2011-10-19 151] mel.bat323334 PM.bat [2011-10-19 151] mel.bat323430 PM.bat [2011-10-19 151] mel.bat323432 PM.bat [2011-10-19 151] mel.bat323530 PM.bat [2011-10-19 151] mel.bat323531 PM.bat [2011-10-19 151] mel.bat323634 PM.bat [2011-10-19 151] mel.bat323636 PM.bat [2011-10-19 151] mel.bat323731 PM.bat [2011-10-19 151] mel.bat323737 PM.bat [2011-10-19 151] mel.bat323933 PM.bat [2011-10-19 151] mel.bat324030 PM.bat [2011-10-19 151] mel.bat324032 PM.bat [2011-10-19 151] mel.bat325532 PM.bat [2011-10-19 151] mel.bat325633 PM.bat [2011-10-19 151] mel.bat325738 PM.bat [2011-10-19 151] mel.bat325833 PM.bat [2011-10-19 151] mel.bat325932 PM.bat [2011-10-19 151] mel.bat325934 PM.bat [2011-10-19 151] mel.bat325937 PM.bat [2011-10-19 151] mel.bat325939 PM.bat [2011-10-19 151] mel.bat330030 PM.bat [2011-10-19 151] mel.bat330031 PM.bat [2011-10-19 151] mel.bat330833 PM.bat [2011-10-15 151] mel.bat333830 PM.bat [2011-10-16 151] mel.bat333831 PM.bat [2011-10-16 151] mel.bat333832 PM.bat [2011-10-16 151] mel.bat333833 PM.bat [2011-10-16 151] mel.bat333834 PM.bat [2011-10-16 151] mel.bat333835 PM.bat [2011-10-16 151] mel.bat333836 PM.bat [2011-10-16 151] mel.bat333837 PM.bat [2011-10-16 151] mel.bat333838 PM.bat [2011-10-16 151] mel.bat360832 PM.bat [2011-10-18 151] mel.bat360834 PM.bat [2011-10-18 151] mel.bat360836 PM.bat [2011-10-18 151] mel.bat360838 PM.bat [2011-10-18 151] mel.bat362030 PM.bat [2011-10-18 151] mel.bat362031 PM.bat [2011-10-18 151] mel.bat362032 PM.bat [2011-10-18 151] mel.bat362033 PM.bat [2011-10-18 151] mel.bat362034 PM.bat [2011-10-18 151] mel.bat362035 PM.bat [2011-10-18 151] mel.bat362036 PM.bat [2011-10-18 151] mel.bat362037 PM.bat [2011-10-18 151] mel.bat362038 PM.bat [2011-10-18 151] mel.bat362039 PM.bat [2011-10-18 151] mel.bat362130 PM.bat [2011-10-18 151] mel.bat362131 PM.bat [2011-10-18 151] mel.bat362132 PM.bat [2011-10-18 151] mel.bat362133 PM.bat [2011-10-18 151] mel.bat362134 PM.bat [2011-10-18 151] mel.bat362135 PM.bat [2011-10-18 151] mel.bat362136 PM.bat [2011-10-18 151] mel.bat362137 PM.bat [2011-10-18 151] mel.bat362138 PM.bat [2011-10-18 151] mel.bat362139 PM.bat [2011-10-18 151] mel.bat362230 PM.bat [2011-10-18 151] mel.bat393039 PM.bat [2011-10-16 151] mel.bat394430 PM.bat [2011-10-16 151] mel.bat394431 PM.bat [2011-10-16 151] mel.bat394432 PM.bat [2011-10-16 151] mel.bat394433 PM.bat [2011-10-16 151] mel.bat394434 PM.bat [2011-10-16 151] mel.bat394435 PM.bat [2011-10-16 151] mel.bat394436 PM.bat [2011-10-16 151] mel.bat394437 PM.bat [2011-10-16 151] mel.bat394438 PM.bat [2011-10-16 151] mel.bat394439 PM.bat [2011-10-16 151] mel.bat413146 PM.bat [2011-10-19 151] mel.bat413148 PM.bat [2011-10-19 151] mel.bat413244 PM.bat [2011-10-19 151] mel.bat413245 PM.bat [2011-10-19 151] mel.bat413347 PM.bat [2011-10-19 151] mel.bat413440 PM.bat [2011-10-19 151] mel.bat413442 PM.bat [2011-10-19 151] mel.bat413449 PM.bat [2011-10-19 151] mel.bat413642 PM.bat [2011-10-19 151] mel.bat413644 PM.bat [2011-10-19 151] mel.bat413647 PM.bat [2011-10-19 151] mel.bat414045 PM.bat [2011-10-19 151] mel.bat415843 PM.bat [2011-10-19 151] mel.bat415848 PM.bat [2011-10-19 151] mel.bat415849 PM.bat [2011-10-19 151] mel.bat415940 PM.bat [2011-10-19 151] mel.bat415942 PM.bat [2011-10-19 151] mel.bat420041 PM.bat [2011-10-19 151] mel.bat420043 PM.bat [2011-10-19 151] mel.bat420341 PM.bat [2011-10-19 151] mel.bat420342 PM.bat [2011-10-19 151] mel.bat423343 PM.bat [2011-10-19 151] mel.bat423440 PM.bat [2011-10-19 151] mel.bat423442 PM.bat [2011-10-19 151] mel.bat423449 PM.bat [2011-10-19 151] mel.bat423542 PM.bat [2011-10-19 151] mel.bat423547 PM.bat [2011-10-19 151] mel.bat423548 PM.bat [2011-10-19 151] mel.bat423549 PM.bat [2011-10-19 151] mel.bat423641 PM.bat [2011-10-19 151] mel.bat423646 PM.bat [2011-10-19 151] mel.bat423647 PM.bat [2011-10-19 151] mel.bat423648 PM.bat [2011-10-19 151] mel.bat423743 PM.bat [2011-10-19 151] mel.bat423942 PM.bat [2011-10-19 151] mel.bat425143 AM.bat [2011-10-14 151] mel.bat425144 AM.bat [2011-10-14 151] mel.bat425145 AM.bat [2011-10-14 151] mel.bat425146 AM.bat [2011-10-14 151] mel.bat425147 AM.bat [2011-10-14 151] mel.bat425148 AM.bat [2011-10-14 151] mel.bat425149 AM.bat [2011-10-14 151] mel.bat425645 PM.bat [2011-10-19 151] mel.bat425843 PM.bat [2011-10-19 151] mel.bat425846 PM.bat [2011-10-19 151] mel.bat425943 PM.bat [2011-10-19 151] mel.bat430040 PM.bat [2011-10-19 151] mel.bat432547 PM.bat [2011-10-16 151] mel.bat433840 PM.bat [2011-10-16 151] mel.bat433841 PM.bat [2011-10-16 151] mel.bat433842 PM.bat [2011-10-16 151] mel.bat433843 PM.bat [2011-10-16 151] mel.bat433844 PM.bat [2011-10-16 151] mel.bat433845 PM.bat [2011-10-16 151] mel.bat433846 PM.bat [2011-10-16 151] mel.bat433847 PM.bat [2011-10-16 151] mel.bat433848 PM.bat [2011-10-16 151] mel.bat433849 PM.bat [2011-10-16 151] mel.bat460840 PM.bat [2011-10-18 151] mel.bat460841 PM.bat [2011-10-18 151] mel.bat460844 PM.bat [2011-10-18 151] mel.bat460849 PM.bat [2011-10-18 151] mel.bat462040 PM.bat [2011-10-18 151] mel.bat462041 PM.bat [2011-10-18 151] mel.bat462042 PM.bat [2011-10-18 151] mel.bat462043 PM.bat [2011-10-18 151] mel.bat462044 PM.bat [2011-10-18 151] mel.bat462045 PM.bat [2011-10-18 151] mel.bat462046 PM.bat [2011-10-18 151] mel.bat462047 PM.bat [2011-10-18 151] mel.bat462048 PM.bat [2011-10-18 151] mel.bat462049 PM.bat [2011-10-18 151] mel.bat462140 PM.bat [2011-10-18 151] mel.bat462141 PM.bat [2011-10-18 151] mel.bat462142 PM.bat [2011-10-18 151] mel.bat462143 PM.bat [2011-10-18 151] mel.bat462144 PM.bat [2011-10-18 151] mel.bat462145 PM.bat [2011-10-18 151] mel.bat462146 PM.bat [2011-10-18 151] mel.bat462147 PM.bat [2011-10-18 151] mel.bat462148 PM.bat [2011-10-18 151] mel.bat462149 PM.bat [2011-10-18 151] mel.bat493046 PM.bat [2011-10-16 151] mel.bat494440 PM.bat [2011-10-16 151] mel.bat494441 PM.bat [2011-10-16 151] mel.bat494442 PM.bat [2011-10-16 151] mel.bat494443 PM.bat [2011-10-16 151] mel.bat513252 PM.bat [2011-10-19 151] mel.bat513254 PM.bat [2011-10-19 151] mel.bat515854 PM.bat [2011-10-19 151] mel.bat520052 PM.bat [2011-10-19 151] mel.bat520152 PM.bat [2011-10-19 151] mel.bat520156 PM.bat [2011-10-19 151] mel.bat520253 PM.bat [2011-10-19 151] mel.bat520255 PM.bat [2011-10-19 151] mel.bat520256 PM.bat [2011-10-19 151] mel.bat523353 PM.bat [2011-10-19 151] mel.bat523355 PM.bat [2011-10-19 151] mel.bat523356 PM.bat [2011-10-19 151] mel.bat523358 PM.bat [2011-10-19 151] mel.bat523450 PM.bat [2011-10-19 151] mel.bat523551 PM.bat [2011-10-19 151] mel.bat523553 PM.bat [2011-10-19 151] mel.bat523652 PM.bat [2011-10-19 151] mel.bat523656 PM.bat [2011-10-19 151] mel.bat523755 PM.bat [2011-10-19 151] mel.bat523952 PM.bat [2011-10-19 151] mel.bat524055 PM.bat [2011-10-19 151] mel.bat524056 PM.bat [2011-10-19 151] mel.bat524057 PM.bat [2011-10-19 151] mel.bat524654 PM.bat [2011-10-19 151] mel.bat524655 PM.bat [2011-10-19 151] mel.bat524658 PM.bat [2011-10-19 151] mel.bat525552 PM.bat [2011-10-19 151] mel.bat525556 PM.bat [2011-10-19 151] mel.bat525650 PM.bat [2011-10-19 151] mel.bat525652 PM.bat [2011-10-19 151] mel.bat525653 PM.bat [2011-10-19 151] mel.bat525657 PM.bat [2011-10-19 151] mel.bat525853 PM.bat [2011-10-19 151] mel.bat525855 PM.bat [2011-10-19 151] mel.bat525856 PM.bat [2011-10-19 151] mel.bat525857 PM.bat [2011-10-19 151] mel.bat530850 PM.bat [2011-10-15 151] mel.bat532153 PM.bat [2011-10-15 151] mel.bat532154 PM.bat [2011-10-15 151] mel.bat532155 PM.bat [2011-10-15 151] mel.bat532156 PM.bat [2011-10-15 151] mel.bat532157 PM.bat [2011-10-15 151] mel.bat532158 PM.bat [2011-10-15 151] mel.bat532159 PM.bat [2011-10-15 151] mel.bat533850 PM.bat [2011-10-16 151] mel.bat533851 PM.bat [2011-10-16 151] mel.bat533852 PM.bat [2011-10-16 151] mel.bat533853 PM.bat [2011-10-16 151] mel.bat533854 PM.bat [2011-10-16 151] mel.bat533855 PM.bat [2011-10-16 151] mel.bat533856 PM.bat [2011-10-16 151] mel.bat533857 PM.bat [2011-10-16 151] mel.bat533858 PM.bat [2011-10-16 151] mel.bat560650 PM.bat [2011-10-18 151] mel.bat560752 PM.bat [2011-10-18 151] mel.bat560850 PM.bat [2011-10-18 151] mel.bat560852 PM.bat [2011-10-18 151] mel.bat560857 PM.bat [2011-10-18 151] mel.bat562050 PM.bat [2011-10-18 151] mel.bat562051 PM.bat [2011-10-18 151] mel.bat562052 PM.bat [2011-10-18 151] mel.bat562053 PM.bat [2011-10-18 151] mel.bat562054 PM.bat [2011-10-18 151] mel.bat562055 PM.bat [2011-10-18 151] mel.bat562056 PM.bat [2011-10-18 151] mel.bat562057 PM.bat [2011-10-18 151] mel.bat562058 PM.bat [2011-10-18 151] mel.bat562059 PM.bat [2011-10-18 151] mel.bat562150 PM.bat [2011-10-18 151] mel.bat562151 PM.bat [2011-10-18 151] mel.bat562152 PM.bat [2011-10-18 151] mel.bat562153 PM.bat [2011-10-18 151] mel.bat562154 PM.bat [2011-10-18 151] mel.bat562155 PM.bat [2011-10-18 151] mel.bat562156 PM.bat [2011-10-18 151] mel.bat562157 PM.bat [2011-10-18 151] mel.bat562158 PM.bat [2011-10-18 151] mel.bat562159 PM.bat [2011-10-18 151] mel.bat571259 PM.bat [2011-10-14 151] mel.bat573352 PM.bat [2011-10-12 151] mel.bat594359 PM.bat [2011-10-16 151] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files (x86)\VMLaunch\BuddyVM.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-26 1431888] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-19 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-17 254528] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800] S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-07-27 14952] S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-15 383264] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-09 122856] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-09 369640] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152] S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184] S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 03:27] . 2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-29 00:54] . 2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-29 00:54] . 2013-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4210620806-2686088599-4207646544-1000Core.job - c:\users\David Bessent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 21:58] . 2013-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4210620806-2686088599-4207646544-1000UA.job - c:\users\David Bessent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 21:58] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\users\David Bessent\AppData\Roaming\Mozilla\Firefox\Profiles\8tt2bpms.default\ FF - ExtSQL: 2013-03-11 00:05; zvs5tw@zzeuiukdtr-.net; c:\users\David Bessent\AppData\Roaming\Mozilla\Firefox\Profiles\8tt2bpms.default\extensions\zvs5tw@zzeuiukdtr-.net . - - - - ORPHANS REMOVED - - - - . AddRemove-SP_d33a5824 - c:\program files (x86)\EasyLife\uninstall.exe AddRemove-SP_e14dcdfa - c:\program files (x86)\ContinueToSave\uninstall.exe AddRemove-The Witcher Grafikmods_is1 - c:\program files (x86)\The Witcher\unins000.exe AddRemove-{06472C0F-DF4C-AFCC-5C62-99B2FEEBCC78} - c:\progra~3\INSTAL~1\{3087D~1\Setup.exe AddRemove-{6248E943-91A1-DCEB-46BE-A60AD45E938B} - c:\progra~3\INSTAL~1\{A7796~1\Setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\windows\SysWOW64\PnkBstrB.exe c:\programdata\TVersity\Media Server\MediaServer.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe . ************************************************************************** . Completion time: 2013-04-29 22:48:14 - machine was rebooted ComboFix-quarantined-files.txt 2013-04-30 02:48 . Pre-Run: 386,243,108,864 bytes free Post-Run: 390,936,039,424 bytes free . - - End Of File - - 5D1A0406BF11E15AF0A00D37349061D5

Hi Gringo, thanks for the reply. Sorry about attaching the files, I'll keep that in mind in the future. I ran the three programs you listed. Here are the results: Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Java 6 Update 30 Java 7 Update 15 Java version out of Date! Adobe Flash Player 11.7.700.169 Adobe Reader XI Mozilla Firefox 19.0.2 Firefox out of Date! Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Spybot Teatimer.exe is disabled! `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` # AdwCleaner v2.300 - Logfile created 04/29/2013 at 21:37:15 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : David Bessent - DAVIDBESSENT-PC # Boot Mode : Normal # Running from : C:\Users\David Bessent\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\David Bessent\AppData\Roaming\Mozilla\Firefox\Profiles\8tt2bpms.default\searchplugins\EasyLife.xml File Deleted : C:\Users\David Bessent\AppData\Roaming\Mozilla\Firefox\Profiles\8tt2bpms.default\searchplugins\WebSearch.xml Folder Deleted : C:\Program Files (x86)\continuetosave Folder Deleted : C:\Program Files (x86)\EasyLife Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\ceontinuetosave Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ceontinuetosave Folder Deleted : C:\Users\David Bessent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmlmfjhgchnmdgjcbjcbaclbbkkddjac Folder Deleted : C:\Users\David Bessent\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\David Bessent\AppData\Roaming\Mozilla\Firefox\Profiles\8tt2bpms.default\extensions\zvs5tw@zzeuiukdtr-.net Folder Deleted : C:\Users\David Bessent\AppData\Roaming\Mozilla\Firefox\Profiles\8tt2bpms.default\StumbleUpon ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\contin~1\sprote~1.dll Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\easylife\sprote~1.dll Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\simple~1\sprote~1.dll Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ContinueToSave_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ContinueToSave_RASMANCS Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E2DC8A11-7EF4-3026-AA5A-3D4C38C60E95} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2DC8A11-7EF4-3026-AA5A-3D4C38C60E95} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C1C6816E-CBB3-A748-85F9-A8B47B68985B} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=388&src=ie1&r=2013/03/31&hid=2191723718&lg=EN&cc=US --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=388&src=ie1&r=2013/03/31&hid=2191723718&lg=EN&cc=US --> hxxp://www.google.com -\\ Mozilla Firefox v19.0.2 (en-US) File : C:\Users\David Bessent\AppData\Roaming\Mozilla\Firefox\Profiles\8tt2bpms.default\prefs.js Deleted : user_pref("aol_toolbar.default.homepage.check", false); Deleted : user_pref("aol_toolbar.default.search.check", false); Deleted : user_pref("browser.search.defaultenginename", "EasyLife"); Deleted : user_pref("browser.search.defaultenginename,S", "EasyLife"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/03/31&[...] Deleted : user_pref("browser.search.order.1", "EasyLife"); Deleted : user_pref("browser.search.order.1,S", "EasyLife"); Deleted : user_pref("browser.search.selectedEngine", "EasyLife"); Deleted : user_pref("browser.search.selectedEngine,S", "EasyLife"); Deleted : user_pref("browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=388&src=ff1&r=2013/03/31&h[...] Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0); Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Deleted : user_pref("keyword.URL", "hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/03/31&hid=2191723718[...] Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Deleted : user_pref("sweetim.toolbar.searchguard.enable", ""); -\\ Google Chrome v26.0.1410.64 File : C:\Users\David Bessent\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [6145 octets] - [29/04/2013 21:37:15] ########## EOF - C:\AdwCleaner[s1].txt - [6205 octets] ########## RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : David Bessent [Admin rights] Mode : Remove -- Date : 04/29/2013 21:44:26 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] berkelium.exe -- C:\ProgramData\TVersity\Media Server\berkelium.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 5 ¤¤¤ [TASK][sUSP PATH] schedule!2844174011.job : C:\ProgramData\BetterSoft\EasylifeGadget Updater\EasylifeGadget Updater.exe /schedule /profile "c:\programdata\bettersoft\easylifegadget updater\2844174011.ini" [x] -> DELETED [TASK][sUSP PATH] schedule!1143840799.job : C:\ProgramData\BetterSoft\ContinueToSave\ContinueToSave.exe /schedule /profile "c:\programdata\bettersoft\continuetosave\1143840799.ini" [x] -> DELETED [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD1002FAEX-00Z3A0 ATA Device +++++ --- User --- [MBR] f186f55a0e927fd0bb80f8192ef1143e [bSP] be43076924e5864eac72b133896a2723 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_04292013_02d2144.txt >> RKreport[1]_S_04292013_02d2143.txt ; RKreport[2]_D_04292013_02d2144.txt

My computer has recently been infected with some pretty nasty malware that is spamming my web browsers with ads (mostly for coupons). Any help is, of course, greatly appreciated. If I'm not mistaken I am to copy and paste the contents of the dds file but it says my post is too long so I will be attaching both files to this post. Thank you in advance for your help. dds.txt attach.txt