Jump to content

Malware - Please Review my Log

TheDotEater
 Share

Recommended Posts

TheDotEater

TheDotEater

Posted
Posted

My computer has recently been infected with some pretty nasty malware that is spamming my web browsers with ads (mostly for coupons). Any help is, of course, greatly appreciated. If I'm not mistaken I am to copy and paste the contents of the dds file but it says my post is too long so I will be attaching both files to this post. Thank you in advance for your help.

dds.txt

attach.txt

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello TheDotEater

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites
TheDotEater

TheDotEater

Posted
  • Author
Posted

Hi Gringo, thanks for the reply. Sorry about attaching the files, I'll keep that in mind in the future. I ran the three programs you listed. Here are the results:

Results of screen317's Security Check version 0.99.63

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Java 6 Update 30

Java 7 Update 15

Java version out of Date!

Adobe Flash Player 11.7.700.169

Adobe Reader XI

Mozilla Firefox 19.0.2 Firefox out of Date!

Google Chrome 26.0.1410.43

Google Chrome 26.0.1410.64

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Spybot Teatimer.exe is disabled!

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

# AdwCleaner v2.300 - Logfile created 04/29/2013 at 21:37:15

# Updated 28/04/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : David Bessent - DAVIDBESSENT-PC

# Boot Mode : Normal

# Running from : C:\Users\David Bessent\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\David Bessent\AppData\Roaming\Mozilla\Firefox\Profiles\8tt2bpms.default\searchplugins\EasyLife.xml

File Deleted : C:\Users\David Bessent\AppData\Roaming\Mozilla\Firefox\Profiles\8tt2bpms.default\searchplugins\WebSearch.xml

Folder Deleted : C:\Program Files (x86)\continuetosave

Folder Deleted : C:\Program Files (x86)\EasyLife

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\ceontinuetosave

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ceontinuetosave

Folder Deleted : C:\Users\David Bessent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmlmfjhgchnmdgjcbjcbaclbbkkddjac

Folder Deleted : C:\Users\David Bessent\AppData\LocalLow\boost_interprocess

Folder Deleted : C:\Users\David Bessent\AppData\Roaming\Mozilla\Firefox\Profiles\8tt2bpms.default\extensions\zvs5tw@zzeuiukdtr-.net

Folder Deleted : C:\Users\David Bessent\AppData\Roaming\Mozilla\Firefox\Profiles\8tt2bpms.default\StumbleUpon

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\contin~1\sprote~1.dll

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\easylife\sprote~1.dll

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\simple~1\sprote~1.dll

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ContinueToSave_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ContinueToSave_RASMANCS

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E2DC8A11-7EF4-3026-AA5A-3D4C38C60E95}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2DC8A11-7EF4-3026-AA5A-3D4C38C60E95}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C1C6816E-CBB3-A748-85F9-A8B47B68985B}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=388&src=ie1&r=2013/03/31&hid=2191723718&lg=EN&cc=US --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=388&src=ie1&r=2013/03/31&hid=2191723718&lg=EN&cc=US --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\David Bessent\AppData\Roaming\Mozilla\Firefox\Profiles\8tt2bpms.default\prefs.js

Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Deleted : user_pref("aol_toolbar.default.search.check", false);

Deleted : user_pref("browser.search.defaultenginename", "EasyLife");

Deleted : user_pref("browser.search.defaultenginename,S", "EasyLife");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/03/31&[...]

Deleted : user_pref("browser.search.order.1", "EasyLife");

Deleted : user_pref("browser.search.order.1,S", "EasyLife");

Deleted : user_pref("browser.search.selectedEngine", "EasyLife");

Deleted : user_pref("browser.search.selectedEngine,S", "EasyLife");

Deleted : user_pref("browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=388&src=ff1&r=2013/03/31&h[...]

Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Deleted : user_pref("keyword.URL", "hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/03/31&hid=2191723718[...]

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\David Bessent\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [6145 octets] - [29/04/2013 21:37:15]

########## EOF - C:\AdwCleaner[s1].txt - [6205 octets] ##########

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : David Bessent [Admin rights]

Mode : Remove -- Date : 04/29/2013 21:44:26

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] berkelium.exe -- C:\ProgramData\TVersity\Media Server\berkelium.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤

[TASK][sUSP PATH] schedule!2844174011.job : C:\ProgramData\BetterSoft\EasylifeGadget Updater\EasylifeGadget Updater.exe /schedule /profile "c:\programdata\bettersoft\easylifegadget updater\2844174011.ini" [x] -> DELETED

[TASK][sUSP PATH] schedule!1143840799.job : C:\ProgramData\BetterSoft\ContinueToSave\ContinueToSave.exe /schedule /profile "c:\programdata\bettersoft\continuetosave\1143840799.ini" [x] -> DELETED

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1002FAEX-00Z3A0 ATA Device +++++

--- User ---

[MBR] f186f55a0e927fd0bb80f8192ef1143e

[bSP] be43076924e5864eac72b133896a2723 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_04292013_02d2144.txt >>

RKreport[1]_S_04292013_02d2143.txt ; RKreport[2]_D_04292013_02d2144.txt

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello TheDotEater

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites
TheDotEater

TheDotEater

Posted
  • Author
Posted

Here is the log from Combofix. After running the program I kept receiving the illegal operation notification but a quick restart fixed the problem. The malware from my secondary web browser (Mozilla Firefox) seems to be gone but I am still receiving the coupon ads on Google Chrome.

ComboFix 13-04-29.01 - David Bessent 04/29/2013 22:33:53.1.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8169.6122 [GMT -4:00]

Running from: c:\users\David Bessent\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\ntuser.dat

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\_ctypes.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\_elementtree.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\_hashlib.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\_socket.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\_ssl.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\pyexpat.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\pysqlite2._sqlite.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\python27.dll

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\pythoncom27.dll

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\PyWinTypes27.dll

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\select.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\unicodedata.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32api.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32com.shell.shell.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32crypt.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32event.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32file.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32inet.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32pdh.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32process.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32profile.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32security.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\win32ts.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\windows._cacheinvalidation.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wx._controls_.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wx._core_.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wx._gdi_.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wx._html2.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wx._misc_.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wx._windows_.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wx._wizard.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wxbase294u_net_vc90.dll

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wxbase294u_vc90.dll

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wxmsw294u_adv_vc90.dll

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wxmsw294u_core_vc90.dll

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wxmsw294u_html_vc90.dll

c:\users\David Bessent\AppData\Local\Temp\_MEI47042\wxmsw294u_webview_vc90.dll

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\_ctypes.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\_elementtree.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\_hashlib.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\_socket.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\_ssl.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\pyexpat.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\pysqlite2._sqlite.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\python27.dll

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\pythoncom27.dll

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\PyWinTypes27.dll

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\select.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\unicodedata.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32api.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32com.shell.shell.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32crypt.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32event.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32file.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32inet.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32pdh.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32process.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32profile.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32security.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\win32ts.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\windows._cacheinvalidation.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wx._controls_.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wx._core_.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wx._gdi_.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wx._html2.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wx._misc_.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wx._windows_.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wx._wizard.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wxbase294u_net_vc90.dll

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wxbase294u_vc90.dll

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wxmsw294u_adv_vc90.dll

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wxmsw294u_core_vc90.dll

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wxmsw294u_html_vc90.dll

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI47042\wxmsw294u_webview_vc90.dll

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-30 )))))))))))))))))))))))))))))))

.

.

2013-04-30 02:42 . 2013-04-30 02:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-04-30 02:42 . 2013-04-30 02:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-30 00:25 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB79E734-A04E-405C-A6B2-DFF90D7FF858}\mpengine.dll

2013-04-29 22:32 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-24 00:14 . 2013-04-24 00:13 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D729F57-DB71-423E-A990-EBB2F43E7050}\gapaengine.dll

2013-04-24 00:08 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-14 23:54 . 2013-04-14 23:54 -------- d-----w- c:\users\David Bessent\AppData\Local\Macromedia

2013-04-11 02:32 . 2013-04-11 02:32 310688 ----a-w- c:\windows\system32\javaws.exe

2013-04-11 02:32 . 2013-04-11 02:32 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-04-11 02:32 . 2013-04-11 02:32 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-04-11 02:32 . 2013-04-11 02:32 188832 ----a-w- c:\windows\system32\javaw.exe

2013-04-11 02:32 . 2013-04-11 02:32 188320 ----a-w- c:\windows\system32\java.exe

2013-04-02 00:24 . 2013-04-30 02:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-04-02 00:24 . 2013-04-30 02:44 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2013-04-02 00:23 . 2013-04-02 00:23 -------- d-----w- c:\users\David Bessent\AppData\Local\Programs

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-11 07:01 . 2011-06-15 21:52 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-04-11 03:27 . 2012-04-05 08:24 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-11 03:27 . 2011-06-17 06:07 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-11 02:32 . 2011-09-08 02:09 963488 ----a-w- c:\windows\system32\deployJava1.dll

2013-04-02 10:34 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-03-15 05:53 . 2013-03-25 22:31 968408 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2013-03-15 05:53 . 2013-03-25 22:31 9414456 ----a-w- c:\windows\system32\nvcuda.dll

2013-03-15 05:53 . 2013-03-25 22:31 7959000 ----a-w- c:\windows\SysWow64\nvcuda.dll

2013-03-15 05:53 . 2013-03-25 22:31 7573816 ----a-w- c:\windows\system32\nvopencl.dll

2013-03-15 05:53 . 2013-03-25 22:31 6271872 ----a-w- c:\windows\SysWow64\nvopencl.dll

2013-03-15 05:53 . 2013-03-25 22:31 2913056 ----a-w- c:\windows\system32\nvcuvid.dll

2013-03-15 05:53 . 2013-03-25 22:31 2728736 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2013-03-15 05:53 . 2013-03-25 22:31 25256736 ----a-w- c:\windows\system32\nvcompiler.dll

2013-03-15 05:53 . 2013-03-25 22:31 250504 ----a-w- c:\windows\system32\nvinitx.dll

2013-03-15 05:53 . 2013-03-25 22:31 2355488 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-03-15 05:53 . 2013-03-25 22:31 20542752 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2013-03-15 05:53 . 2013-03-25 22:31 205184 ----a-w- c:\windows\SysWow64\nvinit.dll

2013-03-15 05:53 . 2013-03-25 22:31 1995552 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2013-03-15 05:53 . 2013-03-25 22:31 1807136 ----a-w- c:\windows\system32\nvdispco6431422.dll

2013-03-15 05:53 . 2013-03-25 22:31 17990800 ----a-w- c:\windows\system32\nvd3dumx.dll

2013-03-15 05:53 . 2013-03-25 22:31 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2013-03-15 05:53 . 2013-03-25 22:31 1510176 ----a-w- c:\windows\system32\nvdispgenco6431422.dll

2013-03-15 05:53 . 2013-03-25 22:31 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-03-15 05:53 . 2013-03-25 22:31 11048736 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-03-15 05:53 . 2012-10-11 02:22 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-03-15 05:53 . 2012-02-22 03:37 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-03-15 05:53 . 2011-06-16 01:01 26956576 ----a-w- c:\windows\system32\nvoglv64.dll

2013-03-15 05:53 . 2011-06-16 01:01 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-03-15 05:53 . 2011-06-16 01:01 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-03-15 05:53 . 2011-02-23 09:58 2864144 ----a-w- c:\windows\system32\nvapi64.dll

2013-03-15 04:16 . 2011-02-23 08:39 3477280 ----a-w- c:\windows\system32\nvsvc64.dll

2013-03-15 04:16 . 2011-02-23 08:39 6398240 ----a-w- c:\windows\system32\nvcpl.dll

2013-03-15 04:16 . 2011-02-23 08:38 877856 ----a-w- c:\windows\system32\nvvsvc.exe

2013-03-15 04:16 . 2011-02-23 08:38 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-03-15 04:16 . 2011-02-23 08:38 237856 ----a-w- c:\windows\system32\nvmctray.dll

2013-03-15 02:07 . 2013-03-15 02:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2013-03-13 16:24 . 2012-02-22 03:38 3065455 ----a-w- c:\windows\system32\nvcoproc.bin

2013-03-03 08:03 . 2011-10-17 03:05 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll

2013-03-03 08:02 . 2012-02-02 07:20 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll

2013-03-01 21:21 . 2013-03-01 21:21 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-01 21:21 . 2013-03-01 21:21 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-01 21:21 . 2011-09-08 02:06 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-02-12 05:45 . 2013-03-13 11:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 11:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 11:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 11:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 11:35 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 11:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-12 04:12 . 2013-03-16 01:01 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-02-10 03:25 . 2013-03-01 20:54 1807136 ----a-w- c:\windows\system32\nvdispco6420294.dll

2013-02-10 03:25 . 2013-03-01 20:54 1510176 ----a-w- c:\windows\system32\nvdispgenco6420162.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]

"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2009-12-09 645296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

.

c:\users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\David Bessent\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]

kill.bat [2011-10-12 42]

mel.bat013202 PM.bat [2011-10-19 151]

mel.bat013203 PM.bat [2011-10-19 151]

mel.bat013204 PM.bat [2011-10-19 151]

mel.bat013300 PM.bat [2011-10-19 151]

mel.bat013403 PM.bat [2011-10-19 151]

mel.bat013500 PM.bat [2011-10-19 151]

mel.bat013503 PM.bat [2011-10-19 151]

mel.bat013507 PM.bat [2011-10-19 151]

mel.bat013509 PM.bat [2011-10-19 151]

mel.bat015900 PM.bat [2011-10-19 151]

mel.bat015903 PM.bat [2011-10-19 151]

mel.bat020005 PM.bat [2011-10-19 151]

mel.bat020104 PM.bat [2011-10-19 151]

mel.bat020300 PM.bat [2011-10-19 151]

mel.bat020303 PM.bat [2011-10-19 151]

mel.bat020305 PM.bat [2011-10-19 151]

mel.bat023400 PM.bat [2011-10-19 151]

mel.bat023406 PM.bat [2011-10-19 151]

mel.bat023408 PM.bat [2011-10-19 151]

mel.bat023409 PM.bat [2011-10-19 151]

mel.bat023502 PM.bat [2011-10-19 151]

mel.bat023507 PM.bat [2011-10-19 151]

mel.bat023609 PM.bat [2011-10-19 151]

mel.bat023708 PM.bat [2011-10-19 151]

mel.bat023709 PM.bat [2011-10-19 151]

mel.bat023801 PM.bat [2011-10-19 151]

mel.bat023802 PM.bat [2011-10-19 151]

mel.bat024004 PM.bat [2011-10-19 151]

mel.bat024702 PM.bat [2011-10-19 151]

mel.bat024703 PM.bat [2011-10-19 151]

mel.bat024705 PM.bat [2011-10-19 151]

mel.bat024708 PM.bat [2011-10-19 151]

mel.bat025600 PM.bat [2011-10-19 151]

mel.bat025602 PM.bat [2011-10-19 151]

mel.bat025603 PM.bat [2011-10-19 151]

mel.bat025803 PM.bat [2011-10-19 151]

mel.bat025805 PM.bat [2011-10-19 151]

mel.bat025901 PM.bat [2011-10-19 151]

mel.bat025902 PM.bat [2011-10-19 151]

mel.bat030009 PM.bat [2011-10-19 151]

mel.bat032200 PM.bat [2011-10-15 151]

mel.bat032201 PM.bat [2011-10-15 151]

mel.bat032202 PM.bat [2011-10-15 151]

mel.bat032203 PM.bat [2011-10-15 151]

mel.bat032204 PM.bat [2011-10-15 151]

mel.bat032205 PM.bat [2011-10-15 151]

mel.bat032206 PM.bat [2011-10-15 151]

mel.bat032207 PM.bat [2011-10-15 151]

mel.bat032208 PM.bat [2011-10-15 151]

mel.bat032209 PM.bat [2011-10-15 151]

mel.bat032508 PM.bat [2011-10-16 151]

mel.bat033900 PM.bat [2011-10-16 151]

mel.bat033901 PM.bat [2011-10-16 151]

mel.bat033902 PM.bat [2011-10-16 151]

mel.bat033903 PM.bat [2011-10-16 151]

mel.bat033904 PM.bat [2011-10-16 151]

mel.bat033905 PM.bat [2011-10-16 151]

mel.bat033906 PM.bat [2011-10-16 151]

mel.bat033907 PM.bat [2011-10-16 151]

mel.bat033908 PM.bat [2011-10-16 151]

mel.bat060702 PM.bat [2011-10-18 151]

mel.bat060706 PM.bat [2011-10-18 151]

mel.bat060708 PM.bat [2011-10-18 151]

mel.bat060801 PM.bat [2011-10-18 151]

mel.bat060802 PM.bat [2011-10-18 151]

mel.bat060900 PM.bat [2011-10-18 151]

mel.bat062100 PM.bat [2011-10-18 151]

mel.bat062101 PM.bat [2011-10-18 151]

mel.bat062102 PM.bat [2011-10-18 151]

mel.bat062103 PM.bat [2011-10-18 151]

mel.bat062104 PM.bat [2011-10-18 151]

mel.bat062105 PM.bat [2011-10-18 151]

mel.bat062106 PM.bat [2011-10-18 151]

mel.bat062107 PM.bat [2011-10-18 151]

mel.bat062108 PM.bat [2011-10-18 151]

mel.bat062109 PM.bat [2011-10-18 151]

mel.bat062200 PM.bat [2011-10-18 151]

mel.bat062201 PM.bat [2011-10-18 151]

mel.bat062202 PM.bat [2011-10-18 151]

mel.bat062203 PM.bat [2011-10-18 151]

mel.bat062204 PM.bat [2011-10-18 151]

mel.bat062205 PM.bat [2011-10-18 151]

mel.bat062206 PM.bat [2011-10-18 151]

mel.bat062207 PM.bat [2011-10-18 151]

mel.bat062208 PM.bat [2011-10-18 151]

mel.bat062209 PM.bat [2011-10-18 151]

mel.bat093102 PM.bat [2011-10-16 151]

mel.bat093105 PM.bat [2011-10-16 151]

mel.bat094400 PM.bat [2011-10-16 151]

mel.bat094401 PM.bat [2011-10-16 151]

mel.bat094402 PM.bat [2011-10-16 151]

mel.bat094403 PM.bat [2011-10-16 151]

mel.bat094404 PM.bat [2011-10-16 151]

mel.bat094405 PM.bat [2011-10-16 151]

mel.bat094406 PM.bat [2011-10-16 151]

mel.bat094407 PM.bat [2011-10-16 151]

mel.bat094408 PM.bat [2011-10-16 151]

mel.bat094409 PM.bat [2011-10-16 151]

mel.bat104200 PM.bat [2011-10-14 151]

mel.bat105511 PM.bat [2011-10-14 151]

mel.bat105516 PM.bat [2011-10-14 151]

mel.bat105517 PM.bat [2011-10-14 151]

mel.bat105518 PM.bat [2011-10-14 151]

mel.bat105520 PM.bat [2011-10-14 151]

mel.bat105521 PM.bat [2011-10-14 151]

mel.bat105522 PM.bat [2011-10-14 151]

mel.bat113211 PM.bat [2011-10-19 151]

mel.bat113413 PM.bat [2011-10-19 151]

mel.bat113418 PM.bat [2011-10-19 151]

mel.bat113718 PM.bat [2011-10-19 151]

mel.bat113719 PM.bat [2011-10-19 151]

mel.bat115105 PM.bat [2011-10-12 151]

mel.bat115815 PM.bat [2011-10-19 151]

mel.bat120010 PM.bat [2011-10-19 151]

mel.bat120016 PM.bat [2011-10-19 151]

mel.bat120118 PM.bat [2011-10-19 151]

mel.bat120119 PM.bat [2011-10-19 151]

mel.bat120218 AM.bat [2011-10-18 151]

mel.bat120218 PM.bat [2011-10-19 151]

mel.bat120223 AM.bat [2011-10-18 151]

mel.bat120236 AM.bat [2011-10-18 151]

mel.bat120309 AM.bat [2011-10-18 151]

mel.bat120310 PM.bat [2011-10-19 151]

mel.bat120313 PM.bat [2011-10-19 151]

mel.bat120316 PM.bat [2011-10-19 151]

mel.bat120332 AM.bat [2011-10-18 151]

mel.bat120336 AM.bat [2011-10-18 151]

mel.bat120425 AM.bat [2011-10-13 151]

mel.bat120426 AM.bat [2011-10-13 151]

mel.bat121527 AM.bat [2011-10-18 151]

mel.bat121528 AM.bat [2011-10-18 151]

mel.bat121529 AM.bat [2011-10-18 151]

mel.bat121530 AM.bat [2011-10-18 151]

mel.bat121531 AM.bat [2011-10-18 151]

mel.bat121532 AM.bat [2011-10-18 151]

mel.bat121533 AM.bat [2011-10-18 151]

mel.bat121534 AM.bat [2011-10-18 151]

mel.bat121535 AM.bat [2011-10-18 151]

mel.bat121536 AM.bat [2011-10-18 151]

mel.bat121537 AM.bat [2011-10-18 151]

mel.bat121538 AM.bat [2011-10-18 151]

mel.bat121539 AM.bat [2011-10-18 151]

mel.bat121540 AM.bat [2011-10-18 151]

mel.bat121541 AM.bat [2011-10-18 151]

mel.bat121542 AM.bat [2011-10-18 151]

mel.bat121543 AM.bat [2011-10-18 151]

mel.bat121544 AM.bat [2011-10-18 151]

mel.bat121545 AM.bat [2011-10-18 151]

mel.bat121546 AM.bat [2011-10-18 151]

mel.bat121547 AM.bat [2011-10-18 151]

mel.bat121548 AM.bat [2011-10-18 151]

mel.bat121549 AM.bat [2011-10-18 151]

mel.bat121550 AM.bat [2011-10-18 151]

mel.bat121551 AM.bat [2011-10-18 151]

mel.bat121552 AM.bat [2011-10-18 151]

mel.bat121553 AM.bat [2011-10-18 151]

mel.bat121554 AM.bat [2011-10-18 151]

mel.bat121555 AM.bat [2011-10-18 151]

mel.bat121556 AM.bat [2011-10-18 151]

mel.bat121557 AM.bat [2011-10-18 151]

mel.bat121558 AM.bat [2011-10-18 151]

mel.bat121559 AM.bat [2011-10-18 151]

mel.bat121600 AM.bat [2011-10-18 151]

mel.bat121601 AM.bat [2011-10-18 151]

mel.bat121602 AM.bat [2011-10-18 151]

mel.bat121603 AM.bat [2011-10-18 151]

mel.bat121604 AM.bat [2011-10-18 151]

mel.bat121605 AM.bat [2011-10-18 151]

mel.bat121606 AM.bat [2011-10-18 151]

mel.bat121607 AM.bat [2011-10-18 151]

mel.bat121608 AM.bat [2011-10-18 151]

mel.bat121609 AM.bat [2011-10-18 151]

mel.bat121610 AM.bat [2011-10-18 151]

mel.bat121611 AM.bat [2011-10-18 151]

mel.bat121612 AM.bat [2011-10-18 151]

mel.bat121613 AM.bat [2011-10-18 151]

mel.bat121614 AM.bat [2011-10-18 151]

mel.bat121615 AM.bat [2011-10-18 151]

mel.bat121616 AM.bat [2011-10-18 151]

mel.bat121617 AM.bat [2011-10-18 151]

mel.bat121618 AM.bat [2011-10-18 151]

mel.bat121619 AM.bat [2011-10-18 151]

mel.bat121620 AM.bat [2011-10-18 151]

mel.bat121621 AM.bat [2011-10-18 151]

mel.bat121622 AM.bat [2011-10-18 151]

mel.bat121623 AM.bat [2011-10-18 151]

mel.bat121624 AM.bat [2011-10-18 151]

mel.bat121625 AM.bat [2011-10-18 151]

mel.bat121626 AM.bat [2011-10-18 151]

mel.bat121627 AM.bat [2011-10-18 151]

mel.bat121628 AM.bat [2011-10-18 151]

mel.bat121629 AM.bat [2011-10-18 151]

mel.bat121630 AM.bat [2011-10-18 151]

mel.bat121631 AM.bat [2011-10-18 151]

mel.bat121632 AM.bat [2011-10-18 151]

mel.bat121640 AM.bat [2011-10-18 151]

mel.bat121641 AM.bat [2011-10-18 151]

mel.bat121642 AM.bat [2011-10-18 151]

mel.bat121643 AM.bat [2011-10-18 151]

mel.bat121644 AM.bat [2011-10-18 151]

mel.bat121645 AM.bat [2011-10-18 151]

mel.bat121646 AM.bat [2011-10-18 151]

mel.bat121647 AM.bat [2011-10-18 151]

mel.bat121648 AM.bat [2011-10-18 151]

mel.bat121650 AM.bat [2011-10-18 151]

mel.bat121651 AM.bat [2011-10-18 151]

mel.bat121652 AM.bat [2011-10-18 151]

mel.bat121653 AM.bat [2011-10-18 151]

mel.bat121654 AM.bat [2011-10-18 151]

mel.bat121655 AM.bat [2011-10-18 151]

mel.bat121656 AM.bat [2011-10-18 151]

mel.bat123410 PM.bat [2011-10-19 151]

mel.bat123510 PM.bat [2011-10-19 151]

mel.bat123515 PM.bat [2011-10-19 151]

mel.bat123517 PM.bat [2011-10-19 151]

mel.bat123518 PM.bat [2011-10-19 151]

mel.bat124018 PM.bat [2011-10-19 151]

mel.bat124113 PM.bat [2011-10-19 151]

mel.bat124711 PM.bat [2011-10-19 151]

mel.bat124713 PM.bat [2011-10-19 151]

mel.bat125614 PM.bat [2011-10-19 151]

mel.bat125718 PM.bat [2011-10-19 151]

mel.bat125811 PM.bat [2011-10-19 151]

mel.bat125819 PM.bat [2011-10-19 151]

mel.bat125912 PM.bat [2011-10-19 151]

mel.bat130017 PM.bat [2011-10-19 151]

mel.bat132210 PM.bat [2011-10-15 151]

mel.bat132211 PM.bat [2011-10-15 151]

mel.bat132212 PM.bat [2011-10-15 151]

mel.bat132213 PM.bat [2011-10-15 151]

mel.bat162011 PM.bat [2011-10-18 151]

mel.bat162012 PM.bat [2011-10-18 151]

mel.bat162013 PM.bat [2011-10-18 151]

mel.bat162014 PM.bat [2011-10-18 151]

mel.bat162015 PM.bat [2011-10-18 151]

mel.bat162016 PM.bat [2011-10-18 151]

mel.bat162017 PM.bat [2011-10-18 151]

mel.bat162018 PM.bat [2011-10-18 151]

mel.bat162019 PM.bat [2011-10-18 151]

mel.bat162110 PM.bat [2011-10-18 151]

mel.bat162111 PM.bat [2011-10-18 151]

mel.bat162112 PM.bat [2011-10-18 151]

mel.bat162113 PM.bat [2011-10-18 151]

mel.bat162114 PM.bat [2011-10-18 151]

mel.bat162115 PM.bat [2011-10-18 151]

mel.bat162116 PM.bat [2011-10-18 151]

mel.bat162117 PM.bat [2011-10-18 151]

mel.bat162118 PM.bat [2011-10-18 151]

mel.bat162119 PM.bat [2011-10-18 151]

mel.bat162210 PM.bat [2011-10-18 151]

mel.bat162211 PM.bat [2011-10-18 151]

mel.bat162212 PM.bat [2011-10-18 151]

mel.bat162213 PM.bat [2011-10-18 151]

mel.bat162216 PM.bat [2011-10-18 151]

mel.bat162217 PM.bat [2011-10-18 151]

mel.bat162219 PM.bat [2011-10-18 151]

mel.bat172619 PM.bat [2011-10-14 151]

mel.bat174712 PM.bat [2011-10-12 151]

mel.bat194410 PM.bat [2011-10-16 151]

mel.bat194411 PM.bat [2011-10-16 151]

mel.bat194412 PM.bat [2011-10-16 151]

mel.bat194413 PM.bat [2011-10-16 151]

mel.bat194414 PM.bat [2011-10-16 151]

mel.bat194415 PM.bat [2011-10-16 151]

mel.bat194416 PM.bat [2011-10-16 151]

mel.bat194417 PM.bat [2011-10-16 151]

mel.bat194418 PM.bat [2011-10-16 151]

mel.bat194419 PM.bat [2011-10-16 151]

mel.bat213221 PM.bat [2011-10-19 151]

mel.bat213321 PM.bat [2011-10-19 151]

mel.bat213324 PM.bat [2011-10-19 151]

mel.bat213327 PM.bat [2011-10-19 151]

mel.bat213426 PM.bat [2011-10-19 151]

mel.bat213429 PM.bat [2011-10-19 151]

mel.bat213520 PM.bat [2011-10-19 151]

mel.bat213523 PM.bat [2011-10-19 151]

mel.bat220021 PM.bat [2011-10-19 151]

mel.bat220024 PM.bat [2011-10-19 151]

mel.bat220123 PM.bat [2011-10-19 151]

mel.bat220127 PM.bat [2011-10-19 151]

mel.bat220222 PM.bat [2011-10-19 151]

mel.bat220320 PM.bat [2011-10-19 151]

mel.bat220322 PM.bat [2011-10-19 151]

mel.bat220324 PM.bat [2011-10-19 151]

mel.bat220328 PM.bat [2011-10-19 151]

mel.bat220329 PM.bat [2011-10-19 151]

mel.bat223421 PM.bat [2011-10-19 151]

mel.bat223427 PM.bat [2011-10-19 151]

mel.bat223521 PM.bat [2011-10-19 151]

mel.bat223524 PM.bat [2011-10-19 151]

mel.bat223525 PM.bat [2011-10-19 151]

mel.bat223526 PM.bat [2011-10-19 151]

mel.bat223529 PM.bat [2011-10-19 151]

mel.bat223624 PM.bat [2011-10-19 151]

mel.bat223723 PM.bat [2011-10-19 151]

mel.bat223823 AM.bat [2011-10-14 151]

mel.bat223923 PM.bat [2011-10-19 151]

mel.bat224123 PM.bat [2011-10-19 151]

mel.bat224722 PM.bat [2011-10-19 151]

mel.bat225029 PM.bat [2011-10-19 151]

mel.bat225721 PM.bat [2011-10-19 151]

mel.bat225724 PM.bat [2011-10-19 151]

mel.bat225921 PM.bat [2011-10-19 151]

mel.bat230324 PM.bat [2011-10-13 151]

mel.bat230325 PM.bat [2011-10-13 151]

mel.bat230326 PM.bat [2011-10-13 151]

mel.bat233828 PM.bat [2011-10-16 151]

mel.bat233829 PM.bat [2011-10-16 151]

mel.bat260723 PM.bat [2011-10-18 151]

mel.bat260829 PM.bat [2011-10-18 151]

mel.bat262020 PM.bat [2011-10-18 151]

mel.bat262021 PM.bat [2011-10-18 151]

mel.bat262022 PM.bat [2011-10-18 151]

mel.bat262023 PM.bat [2011-10-18 151]

mel.bat262024 PM.bat [2011-10-18 151]

mel.bat262025 PM.bat [2011-10-18 151]

mel.bat262026 PM.bat [2011-10-18 151]

mel.bat262027 PM.bat [2011-10-18 151]

mel.bat262028 PM.bat [2011-10-18 151]

mel.bat262029 PM.bat [2011-10-18 151]

mel.bat262120 PM.bat [2011-10-18 151]

mel.bat262121 PM.bat [2011-10-18 151]

mel.bat262122 PM.bat [2011-10-18 151]

mel.bat262123 PM.bat [2011-10-18 151]

mel.bat262124 PM.bat [2011-10-18 151]

mel.bat262125 PM.bat [2011-10-18 151]

mel.bat262126 PM.bat [2011-10-18 151]

mel.bat262127 PM.bat [2011-10-18 151]

mel.bat262128 PM.bat [2011-10-18 151]

mel.bat262129 PM.bat [2011-10-18 151]

mel.bat262220 PM.bat [2011-10-18 151]

mel.bat262221 PM.bat [2011-10-18 151]

mel.bat262222 PM.bat [2011-10-18 151]

mel.bat262223 PM.bat [2011-10-18 151]

mel.bat262224 PM.bat [2011-10-18 151]

mel.bat262225 PM.bat [2011-10-18 151]

mel.bat262226 PM.bat [2011-10-18 151]

mel.bat262227 PM.bat [2011-10-18 151]

mel.bat262228 PM.bat [2011-10-18 151]

mel.bat262229 PM.bat [2011-10-18 151]

mel.bat272622 PM.bat [2011-10-14 151]

mel.bat294420 PM.bat [2011-10-16 151]

mel.bat294421 PM.bat [2011-10-16 151]

mel.bat294422 PM.bat [2011-10-16 151]

mel.bat294423 PM.bat [2011-10-16 151]

mel.bat294424 PM.bat [2011-10-16 151]

mel.bat294425 PM.bat [2011-10-16 151]

mel.bat294426 PM.bat [2011-10-16 151]

mel.bat294429 PM.bat [2011-10-16 151]

mel.bat313430 PM.bat [2011-10-19 151]

mel.bat313432 PM.bat [2011-10-19 151]

mel.bat313630 PM.bat [2011-10-19 151]

mel.bat313633 PM.bat [2011-10-19 151]

mel.bat313734 PM.bat [2011-10-19 151]

mel.bat314130 PM.bat [2011-10-19 151]

mel.bat314132 PM.bat [2011-10-19 151]

mel.bat315830 PM.bat [2011-10-19 151]

mel.bat315831 PM.bat [2011-10-19 151]

mel.bat315836 PM.bat [2011-10-19 151]

mel.bat320032 PM.bat [2011-10-19 151]

mel.bat320035 PM.bat [2011-10-19 151]

mel.bat320135 PM.bat [2011-10-19 151]

mel.bat320136 PM.bat [2011-10-19 151]

mel.bat320331 PM.bat [2011-10-19 151]

mel.bat320332 PM.bat [2011-10-19 151]

mel.bat320335 PM.bat [2011-10-19 151]

mel.bat323334 PM.bat [2011-10-19 151]

mel.bat323430 PM.bat [2011-10-19 151]

mel.bat323432 PM.bat [2011-10-19 151]

mel.bat323530 PM.bat [2011-10-19 151]

mel.bat323531 PM.bat [2011-10-19 151]

mel.bat323634 PM.bat [2011-10-19 151]

mel.bat323636 PM.bat [2011-10-19 151]

mel.bat323731 PM.bat [2011-10-19 151]

mel.bat323737 PM.bat [2011-10-19 151]

mel.bat323933 PM.bat [2011-10-19 151]

mel.bat324030 PM.bat [2011-10-19 151]

mel.bat324032 PM.bat [2011-10-19 151]

mel.bat325532 PM.bat [2011-10-19 151]

mel.bat325633 PM.bat [2011-10-19 151]

mel.bat325738 PM.bat [2011-10-19 151]

mel.bat325833 PM.bat [2011-10-19 151]

mel.bat325932 PM.bat [2011-10-19 151]

mel.bat325934 PM.bat [2011-10-19 151]

mel.bat325937 PM.bat [2011-10-19 151]

mel.bat325939 PM.bat [2011-10-19 151]

mel.bat330030 PM.bat [2011-10-19 151]

mel.bat330031 PM.bat [2011-10-19 151]

mel.bat330833 PM.bat [2011-10-15 151]

mel.bat333830 PM.bat [2011-10-16 151]

mel.bat333831 PM.bat [2011-10-16 151]

mel.bat333832 PM.bat [2011-10-16 151]

mel.bat333833 PM.bat [2011-10-16 151]

mel.bat333834 PM.bat [2011-10-16 151]

mel.bat333835 PM.bat [2011-10-16 151]

mel.bat333836 PM.bat [2011-10-16 151]

mel.bat333837 PM.bat [2011-10-16 151]

mel.bat333838 PM.bat [2011-10-16 151]

mel.bat360832 PM.bat [2011-10-18 151]

mel.bat360834 PM.bat [2011-10-18 151]

mel.bat360836 PM.bat [2011-10-18 151]

mel.bat360838 PM.bat [2011-10-18 151]

mel.bat362030 PM.bat [2011-10-18 151]

mel.bat362031 PM.bat [2011-10-18 151]

mel.bat362032 PM.bat [2011-10-18 151]

mel.bat362033 PM.bat [2011-10-18 151]

mel.bat362034 PM.bat [2011-10-18 151]

mel.bat362035 PM.bat [2011-10-18 151]

mel.bat362036 PM.bat [2011-10-18 151]

mel.bat362037 PM.bat [2011-10-18 151]

mel.bat362038 PM.bat [2011-10-18 151]

mel.bat362039 PM.bat [2011-10-18 151]

mel.bat362130 PM.bat [2011-10-18 151]

mel.bat362131 PM.bat [2011-10-18 151]

mel.bat362132 PM.bat [2011-10-18 151]

mel.bat362133 PM.bat [2011-10-18 151]

mel.bat362134 PM.bat [2011-10-18 151]

mel.bat362135 PM.bat [2011-10-18 151]

mel.bat362136 PM.bat [2011-10-18 151]

mel.bat362137 PM.bat [2011-10-18 151]

mel.bat362138 PM.bat [2011-10-18 151]

mel.bat362139 PM.bat [2011-10-18 151]

mel.bat362230 PM.bat [2011-10-18 151]

mel.bat393039 PM.bat [2011-10-16 151]

mel.bat394430 PM.bat [2011-10-16 151]

mel.bat394431 PM.bat [2011-10-16 151]

mel.bat394432 PM.bat [2011-10-16 151]

mel.bat394433 PM.bat [2011-10-16 151]

mel.bat394434 PM.bat [2011-10-16 151]

mel.bat394435 PM.bat [2011-10-16 151]

mel.bat394436 PM.bat [2011-10-16 151]

mel.bat394437 PM.bat [2011-10-16 151]

mel.bat394438 PM.bat [2011-10-16 151]

mel.bat394439 PM.bat [2011-10-16 151]

mel.bat413146 PM.bat [2011-10-19 151]

mel.bat413148 PM.bat [2011-10-19 151]

mel.bat413244 PM.bat [2011-10-19 151]

mel.bat413245 PM.bat [2011-10-19 151]

mel.bat413347 PM.bat [2011-10-19 151]

mel.bat413440 PM.bat [2011-10-19 151]

mel.bat413442 PM.bat [2011-10-19 151]

mel.bat413449 PM.bat [2011-10-19 151]

mel.bat413642 PM.bat [2011-10-19 151]

mel.bat413644 PM.bat [2011-10-19 151]

mel.bat413647 PM.bat [2011-10-19 151]

mel.bat414045 PM.bat [2011-10-19 151]

mel.bat415843 PM.bat [2011-10-19 151]

mel.bat415848 PM.bat [2011-10-19 151]

mel.bat415849 PM.bat [2011-10-19 151]

mel.bat415940 PM.bat [2011-10-19 151]

mel.bat415942 PM.bat [2011-10-19 151]

mel.bat420041 PM.bat [2011-10-19 151]

mel.bat420043 PM.bat [2011-10-19 151]

mel.bat420341 PM.bat [2011-10-19 151]

mel.bat420342 PM.bat [2011-10-19 151]

mel.bat423343 PM.bat [2011-10-19 151]

mel.bat423440 PM.bat [2011-10-19 151]

mel.bat423442 PM.bat [2011-10-19 151]

mel.bat423449 PM.bat [2011-10-19 151]

mel.bat423542 PM.bat [2011-10-19 151]

mel.bat423547 PM.bat [2011-10-19 151]

mel.bat423548 PM.bat [2011-10-19 151]

mel.bat423549 PM.bat [2011-10-19 151]

mel.bat423641 PM.bat [2011-10-19 151]

mel.bat423646 PM.bat [2011-10-19 151]

mel.bat423647 PM.bat [2011-10-19 151]

mel.bat423648 PM.bat [2011-10-19 151]

mel.bat423743 PM.bat [2011-10-19 151]

mel.bat423942 PM.bat [2011-10-19 151]

mel.bat425143 AM.bat [2011-10-14 151]

mel.bat425144 AM.bat [2011-10-14 151]

mel.bat425145 AM.bat [2011-10-14 151]

mel.bat425146 AM.bat [2011-10-14 151]

mel.bat425147 AM.bat [2011-10-14 151]

mel.bat425148 AM.bat [2011-10-14 151]

mel.bat425149 AM.bat [2011-10-14 151]

mel.bat425645 PM.bat [2011-10-19 151]

mel.bat425843 PM.bat [2011-10-19 151]

mel.bat425846 PM.bat [2011-10-19 151]

mel.bat425943 PM.bat [2011-10-19 151]

mel.bat430040 PM.bat [2011-10-19 151]

mel.bat432547 PM.bat [2011-10-16 151]

mel.bat433840 PM.bat [2011-10-16 151]

mel.bat433841 PM.bat [2011-10-16 151]

mel.bat433842 PM.bat [2011-10-16 151]

mel.bat433843 PM.bat [2011-10-16 151]

mel.bat433844 PM.bat [2011-10-16 151]

mel.bat433845 PM.bat [2011-10-16 151]

mel.bat433846 PM.bat [2011-10-16 151]

mel.bat433847 PM.bat [2011-10-16 151]

mel.bat433848 PM.bat [2011-10-16 151]

mel.bat433849 PM.bat [2011-10-16 151]

mel.bat460840 PM.bat [2011-10-18 151]

mel.bat460841 PM.bat [2011-10-18 151]

mel.bat460844 PM.bat [2011-10-18 151]

mel.bat460849 PM.bat [2011-10-18 151]

mel.bat462040 PM.bat [2011-10-18 151]

mel.bat462041 PM.bat [2011-10-18 151]

mel.bat462042 PM.bat [2011-10-18 151]

mel.bat462043 PM.bat [2011-10-18 151]

mel.bat462044 PM.bat [2011-10-18 151]

mel.bat462045 PM.bat [2011-10-18 151]

mel.bat462046 PM.bat [2011-10-18 151]

mel.bat462047 PM.bat [2011-10-18 151]

mel.bat462048 PM.bat [2011-10-18 151]

mel.bat462049 PM.bat [2011-10-18 151]

mel.bat462140 PM.bat [2011-10-18 151]

mel.bat462141 PM.bat [2011-10-18 151]

mel.bat462142 PM.bat [2011-10-18 151]

mel.bat462143 PM.bat [2011-10-18 151]

mel.bat462144 PM.bat [2011-10-18 151]

mel.bat462145 PM.bat [2011-10-18 151]

mel.bat462146 PM.bat [2011-10-18 151]

mel.bat462147 PM.bat [2011-10-18 151]

mel.bat462148 PM.bat [2011-10-18 151]

mel.bat462149 PM.bat [2011-10-18 151]

mel.bat493046 PM.bat [2011-10-16 151]

mel.bat494440 PM.bat [2011-10-16 151]

mel.bat494441 PM.bat [2011-10-16 151]

mel.bat494442 PM.bat [2011-10-16 151]

mel.bat494443 PM.bat [2011-10-16 151]

mel.bat513252 PM.bat [2011-10-19 151]

mel.bat513254 PM.bat [2011-10-19 151]

mel.bat515854 PM.bat [2011-10-19 151]

mel.bat520052 PM.bat [2011-10-19 151]

mel.bat520152 PM.bat [2011-10-19 151]

mel.bat520156 PM.bat [2011-10-19 151]

mel.bat520253 PM.bat [2011-10-19 151]

mel.bat520255 PM.bat [2011-10-19 151]

mel.bat520256 PM.bat [2011-10-19 151]

mel.bat523353 PM.bat [2011-10-19 151]

mel.bat523355 PM.bat [2011-10-19 151]

mel.bat523356 PM.bat [2011-10-19 151]

mel.bat523358 PM.bat [2011-10-19 151]

mel.bat523450 PM.bat [2011-10-19 151]

mel.bat523551 PM.bat [2011-10-19 151]

mel.bat523553 PM.bat [2011-10-19 151]

mel.bat523652 PM.bat [2011-10-19 151]

mel.bat523656 PM.bat [2011-10-19 151]

mel.bat523755 PM.bat [2011-10-19 151]

mel.bat523952 PM.bat [2011-10-19 151]

mel.bat524055 PM.bat [2011-10-19 151]

mel.bat524056 PM.bat [2011-10-19 151]

mel.bat524057 PM.bat [2011-10-19 151]

mel.bat524654 PM.bat [2011-10-19 151]

mel.bat524655 PM.bat [2011-10-19 151]

mel.bat524658 PM.bat [2011-10-19 151]

mel.bat525552 PM.bat [2011-10-19 151]

mel.bat525556 PM.bat [2011-10-19 151]

mel.bat525650 PM.bat [2011-10-19 151]

mel.bat525652 PM.bat [2011-10-19 151]

mel.bat525653 PM.bat [2011-10-19 151]

mel.bat525657 PM.bat [2011-10-19 151]

mel.bat525853 PM.bat [2011-10-19 151]

mel.bat525855 PM.bat [2011-10-19 151]

mel.bat525856 PM.bat [2011-10-19 151]

mel.bat525857 PM.bat [2011-10-19 151]

mel.bat530850 PM.bat [2011-10-15 151]

mel.bat532153 PM.bat [2011-10-15 151]

mel.bat532154 PM.bat [2011-10-15 151]

mel.bat532155 PM.bat [2011-10-15 151]

mel.bat532156 PM.bat [2011-10-15 151]

mel.bat532157 PM.bat [2011-10-15 151]

mel.bat532158 PM.bat [2011-10-15 151]

mel.bat532159 PM.bat [2011-10-15 151]

mel.bat533850 PM.bat [2011-10-16 151]

mel.bat533851 PM.bat [2011-10-16 151]

mel.bat533852 PM.bat [2011-10-16 151]

mel.bat533853 PM.bat [2011-10-16 151]

mel.bat533854 PM.bat [2011-10-16 151]

mel.bat533855 PM.bat [2011-10-16 151]

mel.bat533856 PM.bat [2011-10-16 151]

mel.bat533857 PM.bat [2011-10-16 151]

mel.bat533858 PM.bat [2011-10-16 151]

mel.bat560650 PM.bat [2011-10-18 151]

mel.bat560752 PM.bat [2011-10-18 151]

mel.bat560850 PM.bat [2011-10-18 151]

mel.bat560852 PM.bat [2011-10-18 151]

mel.bat560857 PM.bat [2011-10-18 151]

mel.bat562050 PM.bat [2011-10-18 151]

mel.bat562051 PM.bat [2011-10-18 151]

mel.bat562052 PM.bat [2011-10-18 151]

mel.bat562053 PM.bat [2011-10-18 151]

mel.bat562054 PM.bat [2011-10-18 151]

mel.bat562055 PM.bat [2011-10-18 151]

mel.bat562056 PM.bat [2011-10-18 151]

mel.bat562057 PM.bat [2011-10-18 151]

mel.bat562058 PM.bat [2011-10-18 151]

mel.bat562059 PM.bat [2011-10-18 151]

mel.bat562150 PM.bat [2011-10-18 151]

mel.bat562151 PM.bat [2011-10-18 151]

mel.bat562152 PM.bat [2011-10-18 151]

mel.bat562153 PM.bat [2011-10-18 151]

mel.bat562154 PM.bat [2011-10-18 151]

mel.bat562155 PM.bat [2011-10-18 151]

mel.bat562156 PM.bat [2011-10-18 151]

mel.bat562157 PM.bat [2011-10-18 151]

mel.bat562158 PM.bat [2011-10-18 151]

mel.bat562159 PM.bat [2011-10-18 151]

mel.bat571259 PM.bat [2011-10-14 151]

mel.bat573352 PM.bat [2011-10-12 151]

mel.bat594359 PM.bat [2011-10-16 151]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files (x86)\VMLaunch\BuddyVM.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-26 1431888]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-19 1255736]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-17 254528]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]

S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-07-27 14952]

S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-15 383264]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-09 122856]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-09 369640]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]

S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]

S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 03:27]

.

2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-29 00:54]

.

2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-29 00:54]

.

2013-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4210620806-2686088599-4207646544-1000Core.job

- c:\users\David Bessent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 21:58]

.

2013-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4210620806-2686088599-4207646544-1000UA.job

- c:\users\David Bessent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 21:58]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\David Bessent\AppData\Roaming\Mozilla\Firefox\Profiles\8tt2bpms.default\

FF - ExtSQL: 2013-03-11 00:05; zvs5tw@zzeuiukdtr-.net; c:\users\David Bessent\AppData\Roaming\Mozilla\Firefox\Profiles\8tt2bpms.default\extensions\zvs5tw@zzeuiukdtr-.net

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-SP_d33a5824 - c:\program files (x86)\EasyLife\uninstall.exe

AddRemove-SP_e14dcdfa - c:\program files (x86)\ContinueToSave\uninstall.exe

AddRemove-The Witcher Grafikmods_is1 - c:\program files (x86)\The Witcher\unins000.exe

AddRemove-{06472C0F-DF4C-AFCC-5C62-99B2FEEBCC78} - c:\progra~3\INSTAL~1\{3087D~1\Setup.exe

AddRemove-{6248E943-91A1-DCEB-46BE-A60AD45E938B} - c:\progra~3\INSTAL~1\{A7796~1\Setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\SysWOW64\PnkBstrB.exe

c:\programdata\TVersity\Media Server\MediaServer.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Completion time: 2013-04-29 22:48:14 - machine was rebooted

ComboFix-quarantined-files.txt 2013-04-30 02:48

.

Pre-Run: 386,243,108,864 bytes free

Post-Run: 390,936,039,424 bytes free

.

- - End Of File - - 5D1A0406BF11E15AF0A00D37349061D5

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello TheDotEater

RESTART THE COMPUTER TO CLEAR THAT ERROR- SEE NOTE 2

We need to reset Chrome back to defaults to completely clear out what is going on.

We can keep the bookmarks by exporting them - Export Bookmarks

Then I need you to go Google Sync and sign into your account

scroll down untill you see the "Stop and Clear" button and click on button

At the prompt click on "Ok"

Now we need to uninstall chrome

I want you to uninstall Chrome and if asked about user data or settings then remove this also

restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome

After you have Chrome reinstalled please check things out and let me know how it is doing.

Gringo

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello TheDotEater

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites
TheDotEater

TheDotEater

Posted
  • Author
Posted

ComboFix 13-04-29.01 - David Bessent 04/29/2013 23:38:11.2.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8169.5796 [GMT -4:00]

Running from: c:\users\David Bessent\Desktop\ComboFix.exe

Command switches used :: c:\users\David Bessent\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\_ctypes.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\_elementtree.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\_hashlib.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\_socket.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\_ssl.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\pyexpat.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\pysqlite2._sqlite.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\python27.dll

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\pythoncom27.dll

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\PyWinTypes27.dll

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\select.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\unicodedata.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32api.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32com.shell.shell.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32crypt.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32event.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32file.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32inet.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32pdh.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32process.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32profile.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32security.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\win32ts.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\windows._cacheinvalidation.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wx._controls_.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wx._core_.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wx._gdi_.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wx._html2.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wx._misc_.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wx._windows_.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wx._wizard.pyd

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wxbase294u_net_vc90.dll

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wxbase294u_vc90.dll

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wxmsw294u_adv_vc90.dll

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wxmsw294u_core_vc90.dll

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wxmsw294u_html_vc90.dll

c:\users\David Bessent\AppData\Local\Temp\_MEI35682\wxmsw294u_webview_vc90.dll

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\_ctypes.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\_elementtree.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\_hashlib.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\_socket.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\_ssl.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\pyexpat.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\pysqlite2._sqlite.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\python27.dll

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\pythoncom27.dll

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\PyWinTypes27.dll

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\select.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\unicodedata.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32api.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32com.shell.shell.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32crypt.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32event.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32file.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32inet.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32pdh.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32process.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32profile.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32security.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\win32ts.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\windows._cacheinvalidation.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wx._controls_.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wx._core_.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wx._gdi_.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wx._html2.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wx._misc_.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wx._windows_.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wx._wizard.pyd

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wxbase294u_net_vc90.dll

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wxbase294u_vc90.dll

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wxmsw294u_adv_vc90.dll

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wxmsw294u_core_vc90.dll

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wxmsw294u_html_vc90.dll

c:\users\DAVIDB~1\AppData\Local\Temp\_MEI35682\wxmsw294u_webview_vc90.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-30 )))))))))))))))))))))))))))))))

.

.

2013-04-30 03:45 . 2013-04-30 03:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-04-30 03:45 . 2013-04-30 03:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-30 00:25 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB79E734-A04E-405C-A6B2-DFF90D7FF858}\mpengine.dll

2013-04-29 22:32 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-24 00:14 . 2013-04-24 00:13 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D729F57-DB71-423E-A990-EBB2F43E7050}\gapaengine.dll

2013-04-24 00:08 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-14 23:54 . 2013-04-14 23:54 -------- d-----w- c:\users\David Bessent\AppData\Local\Macromedia

2013-04-11 02:32 . 2013-04-11 02:32 310688 ----a-w- c:\windows\system32\javaws.exe

2013-04-11 02:32 . 2013-04-11 02:32 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-04-11 02:32 . 2013-04-11 02:32 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-04-11 02:32 . 2013-04-11 02:32 188832 ----a-w- c:\windows\system32\javaw.exe

2013-04-11 02:32 . 2013-04-11 02:32 188320 ----a-w- c:\windows\system32\java.exe

2013-04-02 00:24 . 2013-04-30 02:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-04-02 00:24 . 2013-04-30 02:44 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2

2013-04-02 00:23 . 2013-04-02 00:23 -------- d-----w- c:\users\David Bessent\AppData\Local\Programs

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-11 07:01 . 2011-06-15 21:52 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-04-11 03:27 . 2012-04-05 08:24 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-11 03:27 . 2011-06-17 06:07 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-11 02:32 . 2011-09-08 02:09 963488 ----a-w- c:\windows\system32\deployJava1.dll

2013-04-02 10:34 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-03-15 05:53 . 2013-03-25 22:31 968408 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2013-03-15 05:53 . 2013-03-25 22:31 9414456 ----a-w- c:\windows\system32\nvcuda.dll

2013-03-15 05:53 . 2013-03-25 22:31 7959000 ----a-w- c:\windows\SysWow64\nvcuda.dll

2013-03-15 05:53 . 2013-03-25 22:31 7573816 ----a-w- c:\windows\system32\nvopencl.dll

2013-03-15 05:53 . 2013-03-25 22:31 6271872 ----a-w- c:\windows\SysWow64\nvopencl.dll

2013-03-15 05:53 . 2013-03-25 22:31 2913056 ----a-w- c:\windows\system32\nvcuvid.dll

2013-03-15 05:53 . 2013-03-25 22:31 2728736 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2013-03-15 05:53 . 2013-03-25 22:31 25256736 ----a-w- c:\windows\system32\nvcompiler.dll

2013-03-15 05:53 . 2013-03-25 22:31 250504 ----a-w- c:\windows\system32\nvinitx.dll

2013-03-15 05:53 . 2013-03-25 22:31 2355488 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-03-15 05:53 . 2013-03-25 22:31 20542752 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2013-03-15 05:53 . 2013-03-25 22:31 205184 ----a-w- c:\windows\SysWow64\nvinit.dll

2013-03-15 05:53 . 2013-03-25 22:31 1995552 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2013-03-15 05:53 . 2013-03-25 22:31 1807136 ----a-w- c:\windows\system32\nvdispco6431422.dll

2013-03-15 05:53 . 2013-03-25 22:31 17990800 ----a-w- c:\windows\system32\nvd3dumx.dll

2013-03-15 05:53 . 2013-03-25 22:31 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2013-03-15 05:53 . 2013-03-25 22:31 1510176 ----a-w- c:\windows\system32\nvdispgenco6431422.dll

2013-03-15 05:53 . 2013-03-25 22:31 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-03-15 05:53 . 2013-03-25 22:31 11048736 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-03-15 05:53 . 2012-10-11 02:22 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-03-15 05:53 . 2012-02-22 03:37 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-03-15 05:53 . 2011-06-16 01:01 26956576 ----a-w- c:\windows\system32\nvoglv64.dll

2013-03-15 05:53 . 2011-06-16 01:01 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-03-15 05:53 . 2011-06-16 01:01 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-03-15 05:53 . 2011-02-23 09:58 2864144 ----a-w- c:\windows\system32\nvapi64.dll

2013-03-15 04:16 . 2011-02-23 08:39 3477280 ----a-w- c:\windows\system32\nvsvc64.dll

2013-03-15 04:16 . 2011-02-23 08:39 6398240 ----a-w- c:\windows\system32\nvcpl.dll

2013-03-15 04:16 . 2011-02-23 08:38 877856 ----a-w- c:\windows\system32\nvvsvc.exe

2013-03-15 04:16 . 2011-02-23 08:38 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-03-15 04:16 . 2011-02-23 08:38 237856 ----a-w- c:\windows\system32\nvmctray.dll

2013-03-15 02:07 . 2013-03-15 02:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2013-03-13 16:24 . 2012-02-22 03:38 3065455 ----a-w- c:\windows\system32\nvcoproc.bin

2013-03-03 08:03 . 2011-10-17 03:05 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll

2013-03-03 08:02 . 2012-02-02 07:20 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll

2013-03-01 21:21 . 2013-03-01 21:21 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-01 21:21 . 2013-03-01 21:21 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-01 21:21 . 2011-09-08 02:06 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-02-12 05:45 . 2013-03-13 11:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 11:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 11:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 11:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 11:35 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 11:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-12 04:12 . 2013-03-16 01:01 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-02-10 03:25 . 2013-03-01 20:54 1807136 ----a-w- c:\windows\system32\nvdispco6420294.dll

2013-02-10 03:25 . 2013-03-01 20:54 1510176 ----a-w- c:\windows\system32\nvdispgenco6420162.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]

"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2009-12-09 645296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

.

c:\users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\David Bessent\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]

kill.bat [2011-10-12 42]

mel.bat013202 PM.bat [2011-10-19 151]

mel.bat013203 PM.bat [2011-10-19 151]

mel.bat013204 PM.bat [2011-10-19 151]

mel.bat013300 PM.bat [2011-10-19 151]

mel.bat013403 PM.bat [2011-10-19 151]

mel.bat013500 PM.bat [2011-10-19 151]

mel.bat013503 PM.bat [2011-10-19 151]

mel.bat013507 PM.bat [2011-10-19 151]

mel.bat013509 PM.bat [2011-10-19 151]

mel.bat015900 PM.bat [2011-10-19 151]

mel.bat015903 PM.bat [2011-10-19 151]

mel.bat020005 PM.bat [2011-10-19 151]

mel.bat020104 PM.bat [2011-10-19 151]

mel.bat020300 PM.bat [2011-10-19 151]

mel.bat020303 PM.bat [2011-10-19 151]

mel.bat020305 PM.bat [2011-10-19 151]

mel.bat023400 PM.bat [2011-10-19 151]

mel.bat023406 PM.bat [2011-10-19 151]

mel.bat023408 PM.bat [2011-10-19 151]

mel.bat023409 PM.bat [2011-10-19 151]

mel.bat023502 PM.bat [2011-10-19 151]

mel.bat023507 PM.bat [2011-10-19 151]

mel.bat023609 PM.bat [2011-10-19 151]

mel.bat023708 PM.bat [2011-10-19 151]

mel.bat023709 PM.bat [2011-10-19 151]

mel.bat023801 PM.bat [2011-10-19 151]

mel.bat023802 PM.bat [2011-10-19 151]

mel.bat024004 PM.bat [2011-10-19 151]

mel.bat024702 PM.bat [2011-10-19 151]

mel.bat024703 PM.bat [2011-10-19 151]

mel.bat024705 PM.bat [2011-10-19 151]

mel.bat024708 PM.bat [2011-10-19 151]

mel.bat025600 PM.bat [2011-10-19 151]

mel.bat025602 PM.bat [2011-10-19 151]

mel.bat025603 PM.bat [2011-10-19 151]

mel.bat025803 PM.bat [2011-10-19 151]

mel.bat025805 PM.bat [2011-10-19 151]

mel.bat025901 PM.bat [2011-10-19 151]

mel.bat025902 PM.bat [2011-10-19 151]

mel.bat030009 PM.bat [2011-10-19 151]

mel.bat032200 PM.bat [2011-10-15 151]

mel.bat032201 PM.bat [2011-10-15 151]

mel.bat032202 PM.bat [2011-10-15 151]

mel.bat032203 PM.bat [2011-10-15 151]

mel.bat032204 PM.bat [2011-10-15 151]

mel.bat032205 PM.bat [2011-10-15 151]

mel.bat032206 PM.bat [2011-10-15 151]

mel.bat032207 PM.bat [2011-10-15 151]

mel.bat032208 PM.bat [2011-10-15 151]

mel.bat032209 PM.bat [2011-10-15 151]

mel.bat032508 PM.bat [2011-10-16 151]

mel.bat033900 PM.bat [2011-10-16 151]

mel.bat033901 PM.bat [2011-10-16 151]

mel.bat033902 PM.bat [2011-10-16 151]

mel.bat033903 PM.bat [2011-10-16 151]

mel.bat033904 PM.bat [2011-10-16 151]

mel.bat033905 PM.bat [2011-10-16 151]

mel.bat033906 PM.bat [2011-10-16 151]

mel.bat033907 PM.bat [2011-10-16 151]

mel.bat033908 PM.bat [2011-10-16 151]

mel.bat060702 PM.bat [2011-10-18 151]

mel.bat060706 PM.bat [2011-10-18 151]

mel.bat060708 PM.bat [2011-10-18 151]

mel.bat060801 PM.bat [2011-10-18 151]

mel.bat060802 PM.bat [2011-10-18 151]

mel.bat060900 PM.bat [2011-10-18 151]

mel.bat062100 PM.bat [2011-10-18 151]

mel.bat062101 PM.bat [2011-10-18 151]

mel.bat062102 PM.bat [2011-10-18 151]

mel.bat062103 PM.bat [2011-10-18 151]

mel.bat062104 PM.bat [2011-10-18 151]

mel.bat062105 PM.bat [2011-10-18 151]

mel.bat062106 PM.bat [2011-10-18 151]

mel.bat062107 PM.bat [2011-10-18 151]

mel.bat062108 PM.bat [2011-10-18 151]

mel.bat062109 PM.bat [2011-10-18 151]

mel.bat062200 PM.bat [2011-10-18 151]

mel.bat062201 PM.bat [2011-10-18 151]

mel.bat062202 PM.bat [2011-10-18 151]

mel.bat062203 PM.bat [2011-10-18 151]

mel.bat062204 PM.bat [2011-10-18 151]

mel.bat062205 PM.bat [2011-10-18 151]

mel.bat062206 PM.bat [2011-10-18 151]

mel.bat062207 PM.bat [2011-10-18 151]

mel.bat062208 PM.bat [2011-10-18 151]

mel.bat062209 PM.bat [2011-10-18 151]

mel.bat093102 PM.bat [2011-10-16 151]

mel.bat093105 PM.bat [2011-10-16 151]

mel.bat094400 PM.bat [2011-10-16 151]

mel.bat094401 PM.bat [2011-10-16 151]

mel.bat094402 PM.bat [2011-10-16 151]

mel.bat094403 PM.bat [2011-10-16 151]

mel.bat094404 PM.bat [2011-10-16 151]

mel.bat094405 PM.bat [2011-10-16 151]

mel.bat094406 PM.bat [2011-10-16 151]

mel.bat094407 PM.bat [2011-10-16 151]

mel.bat094408 PM.bat [2011-10-16 151]

mel.bat094409 PM.bat [2011-10-16 151]

mel.bat104200 PM.bat [2011-10-14 151]

mel.bat105511 PM.bat [2011-10-14 151]

mel.bat105516 PM.bat [2011-10-14 151]

mel.bat105517 PM.bat [2011-10-14 151]

mel.bat105518 PM.bat [2011-10-14 151]

mel.bat105520 PM.bat [2011-10-14 151]

mel.bat105521 PM.bat [2011-10-14 151]

mel.bat105522 PM.bat [2011-10-14 151]

mel.bat113211 PM.bat [2011-10-19 151]

mel.bat113413 PM.bat [2011-10-19 151]

mel.bat113418 PM.bat [2011-10-19 151]

mel.bat113718 PM.bat [2011-10-19 151]

mel.bat113719 PM.bat [2011-10-19 151]

mel.bat115105 PM.bat [2011-10-12 151]

mel.bat115815 PM.bat [2011-10-19 151]

mel.bat120010 PM.bat [2011-10-19 151]

mel.bat120016 PM.bat [2011-10-19 151]

mel.bat120118 PM.bat [2011-10-19 151]

mel.bat120119 PM.bat [2011-10-19 151]

mel.bat120218 AM.bat [2011-10-18 151]

mel.bat120218 PM.bat [2011-10-19 151]

mel.bat120223 AM.bat [2011-10-18 151]

mel.bat120236 AM.bat [2011-10-18 151]

mel.bat120309 AM.bat [2011-10-18 151]

mel.bat120310 PM.bat [2011-10-19 151]

mel.bat120313 PM.bat [2011-10-19 151]

mel.bat120316 PM.bat [2011-10-19 151]

mel.bat120332 AM.bat [2011-10-18 151]

mel.bat120336 AM.bat [2011-10-18 151]

mel.bat120425 AM.bat [2011-10-13 151]

mel.bat120426 AM.bat [2011-10-13 151]

mel.bat121527 AM.bat [2011-10-18 151]

mel.bat121528 AM.bat [2011-10-18 151]

mel.bat121529 AM.bat [2011-10-18 151]

mel.bat121530 AM.bat [2011-10-18 151]

mel.bat121531 AM.bat [2011-10-18 151]

mel.bat121532 AM.bat [2011-10-18 151]

mel.bat121533 AM.bat [2011-10-18 151]

mel.bat121534 AM.bat [2011-10-18 151]

mel.bat121535 AM.bat [2011-10-18 151]

mel.bat121536 AM.bat [2011-10-18 151]

mel.bat121537 AM.bat [2011-10-18 151]

mel.bat121538 AM.bat [2011-10-18 151]

mel.bat121539 AM.bat [2011-10-18 151]

mel.bat121540 AM.bat [2011-10-18 151]

mel.bat121541 AM.bat [2011-10-18 151]

mel.bat121542 AM.bat [2011-10-18 151]

mel.bat121543 AM.bat [2011-10-18 151]

mel.bat121544 AM.bat [2011-10-18 151]

mel.bat121545 AM.bat [2011-10-18 151]

mel.bat121546 AM.bat [2011-10-18 151]

mel.bat121547 AM.bat [2011-10-18 151]

mel.bat121548 AM.bat [2011-10-18 151]

mel.bat121549 AM.bat [2011-10-18 151]

mel.bat121550 AM.bat [2011-10-18 151]

mel.bat121551 AM.bat [2011-10-18 151]

mel.bat121552 AM.bat [2011-10-18 151]

mel.bat121553 AM.bat [2011-10-18 151]

mel.bat121554 AM.bat [2011-10-18 151]

mel.bat121555 AM.bat [2011-10-18 151]

mel.bat121556 AM.bat [2011-10-18 151]

mel.bat121557 AM.bat [2011-10-18 151]

mel.bat121558 AM.bat [2011-10-18 151]

mel.bat121559 AM.bat [2011-10-18 151]

mel.bat121600 AM.bat [2011-10-18 151]

mel.bat121601 AM.bat [2011-10-18 151]

mel.bat121602 AM.bat [2011-10-18 151]

mel.bat121603 AM.bat [2011-10-18 151]

mel.bat121604 AM.bat [2011-10-18 151]

mel.bat121605 AM.bat [2011-10-18 151]

mel.bat121606 AM.bat [2011-10-18 151]

mel.bat121607 AM.bat [2011-10-18 151]

mel.bat121608 AM.bat [2011-10-18 151]

mel.bat121609 AM.bat [2011-10-18 151]

mel.bat121610 AM.bat [2011-10-18 151]

mel.bat121611 AM.bat [2011-10-18 151]

mel.bat121612 AM.bat [2011-10-18 151]

mel.bat121613 AM.bat [2011-10-18 151]

mel.bat121614 AM.bat [2011-10-18 151]

mel.bat121615 AM.bat [2011-10-18 151]

mel.bat121616 AM.bat [2011-10-18 151]

mel.bat121617 AM.bat [2011-10-18 151]

mel.bat121618 AM.bat [2011-10-18 151]

mel.bat121619 AM.bat [2011-10-18 151]

mel.bat121620 AM.bat [2011-10-18 151]

mel.bat121621 AM.bat [2011-10-18 151]

mel.bat121622 AM.bat [2011-10-18 151]

mel.bat121623 AM.bat [2011-10-18 151]

mel.bat121624 AM.bat [2011-10-18 151]

mel.bat121625 AM.bat [2011-10-18 151]

mel.bat121626 AM.bat [2011-10-18 151]

mel.bat121627 AM.bat [2011-10-18 151]

mel.bat121628 AM.bat [2011-10-18 151]

mel.bat121629 AM.bat [2011-10-18 151]

mel.bat121630 AM.bat [2011-10-18 151]

mel.bat121631 AM.bat [2011-10-18 151]

mel.bat121632 AM.bat [2011-10-18 151]

mel.bat121640 AM.bat [2011-10-18 151]

mel.bat121641 AM.bat [2011-10-18 151]

mel.bat121642 AM.bat [2011-10-18 151]

mel.bat121643 AM.bat [2011-10-18 151]

mel.bat121644 AM.bat [2011-10-18 151]

mel.bat121645 AM.bat [2011-10-18 151]

mel.bat121646 AM.bat [2011-10-18 151]

mel.bat121647 AM.bat [2011-10-18 151]

mel.bat121648 AM.bat [2011-10-18 151]

mel.bat121650 AM.bat [2011-10-18 151]

mel.bat121651 AM.bat [2011-10-18 151]

mel.bat121652 AM.bat [2011-10-18 151]

mel.bat121653 AM.bat [2011-10-18 151]

mel.bat121654 AM.bat [2011-10-18 151]

mel.bat121655 AM.bat [2011-10-18 151]

mel.bat121656 AM.bat [2011-10-18 151]

mel.bat123410 PM.bat [2011-10-19 151]

mel.bat123510 PM.bat [2011-10-19 151]

mel.bat123515 PM.bat [2011-10-19 151]

mel.bat123517 PM.bat [2011-10-19 151]

mel.bat123518 PM.bat [2011-10-19 151]

mel.bat124018 PM.bat [2011-10-19 151]

mel.bat124113 PM.bat [2011-10-19 151]

mel.bat124711 PM.bat [2011-10-19 151]

mel.bat124713 PM.bat [2011-10-19 151]

mel.bat125614 PM.bat [2011-10-19 151]

mel.bat125718 PM.bat [2011-10-19 151]

mel.bat125811 PM.bat [2011-10-19 151]

mel.bat125819 PM.bat [2011-10-19 151]

mel.bat125912 PM.bat [2011-10-19 151]

mel.bat130017 PM.bat [2011-10-19 151]

mel.bat132210 PM.bat [2011-10-15 151]

mel.bat132211 PM.bat [2011-10-15 151]

mel.bat132212 PM.bat [2011-10-15 151]

mel.bat132213 PM.bat [2011-10-15 151]

mel.bat162011 PM.bat [2011-10-18 151]

mel.bat162012 PM.bat [2011-10-18 151]

mel.bat162013 PM.bat [2011-10-18 151]

mel.bat162014 PM.bat [2011-10-18 151]

mel.bat162015 PM.bat [2011-10-18 151]

mel.bat162016 PM.bat [2011-10-18 151]

mel.bat162017 PM.bat [2011-10-18 151]

mel.bat162018 PM.bat [2011-10-18 151]

mel.bat162019 PM.bat [2011-10-18 151]

mel.bat162110 PM.bat [2011-10-18 151]

mel.bat162111 PM.bat [2011-10-18 151]

mel.bat162112 PM.bat [2011-10-18 151]

mel.bat162113 PM.bat [2011-10-18 151]

mel.bat162114 PM.bat [2011-10-18 151]

mel.bat162115 PM.bat [2011-10-18 151]

mel.bat162116 PM.bat [2011-10-18 151]

mel.bat162117 PM.bat [2011-10-18 151]

mel.bat162118 PM.bat [2011-10-18 151]

mel.bat162119 PM.bat [2011-10-18 151]

mel.bat162210 PM.bat [2011-10-18 151]

mel.bat162211 PM.bat [2011-10-18 151]

mel.bat162212 PM.bat [2011-10-18 151]

mel.bat162213 PM.bat [2011-10-18 151]

mel.bat162216 PM.bat [2011-10-18 151]

mel.bat162217 PM.bat [2011-10-18 151]

mel.bat162219 PM.bat [2011-10-18 151]

mel.bat172619 PM.bat [2011-10-14 151]

mel.bat174712 PM.bat [2011-10-12 151]

mel.bat194410 PM.bat [2011-10-16 151]

mel.bat194411 PM.bat [2011-10-16 151]

mel.bat194412 PM.bat [2011-10-16 151]

mel.bat194413 PM.bat [2011-10-16 151]

mel.bat194414 PM.bat [2011-10-16 151]

mel.bat194415 PM.bat [2011-10-16 151]

mel.bat194416 PM.bat [2011-10-16 151]

mel.bat194417 PM.bat [2011-10-16 151]

mel.bat194418 PM.bat [2011-10-16 151]

mel.bat194419 PM.bat [2011-10-16 151]

mel.bat213221 PM.bat [2011-10-19 151]

mel.bat213321 PM.bat [2011-10-19 151]

mel.bat213324 PM.bat [2011-10-19 151]

mel.bat213327 PM.bat [2011-10-19 151]

mel.bat213426 PM.bat [2011-10-19 151]

mel.bat213429 PM.bat [2011-10-19 151]

mel.bat213520 PM.bat [2011-10-19 151]

mel.bat213523 PM.bat [2011-10-19 151]

mel.bat220021 PM.bat [2011-10-19 151]

mel.bat220024 PM.bat [2011-10-19 151]

mel.bat220123 PM.bat [2011-10-19 151]

mel.bat220127 PM.bat [2011-10-19 151]

mel.bat220222 PM.bat [2011-10-19 151]

mel.bat220320 PM.bat [2011-10-19 151]

mel.bat220322 PM.bat [2011-10-19 151]

mel.bat220324 PM.bat [2011-10-19 151]

mel.bat220328 PM.bat [2011-10-19 151]

mel.bat220329 PM.bat [2011-10-19 151]

mel.bat223421 PM.bat [2011-10-19 151]

mel.bat223427 PM.bat [2011-10-19 151]

mel.bat223521 PM.bat [2011-10-19 151]

mel.bat223524 PM.bat [2011-10-19 151]

mel.bat223525 PM.bat [2011-10-19 151]

mel.bat223526 PM.bat [2011-10-19 151]

mel.bat223529 PM.bat [2011-10-19 151]

mel.bat223624 PM.bat [2011-10-19 151]

mel.bat223723 PM.bat [2011-10-19 151]

mel.bat223823 AM.bat [2011-10-14 151]

mel.bat223923 PM.bat [2011-10-19 151]

mel.bat224123 PM.bat [2011-10-19 151]

mel.bat224722 PM.bat [2011-10-19 151]

mel.bat225029 PM.bat [2011-10-19 151]

mel.bat225721 PM.bat [2011-10-19 151]

mel.bat225724 PM.bat [2011-10-19 151]

mel.bat225921 PM.bat [2011-10-19 151]

mel.bat230324 PM.bat [2011-10-13 151]

mel.bat230325 PM.bat [2011-10-13 151]

mel.bat230326 PM.bat [2011-10-13 151]

mel.bat233828 PM.bat [2011-10-16 151]

mel.bat233829 PM.bat [2011-10-16 151]

mel.bat260723 PM.bat [2011-10-18 151]

mel.bat260829 PM.bat [2011-10-18 151]

mel.bat262020 PM.bat [2011-10-18 151]

mel.bat262021 PM.bat [2011-10-18 151]

mel.bat262022 PM.bat [2011-10-18 151]

mel.bat262023 PM.bat [2011-10-18 151]

mel.bat262024 PM.bat [2011-10-18 151]

mel.bat262025 PM.bat [2011-10-18 151]

mel.bat262026 PM.bat [2011-10-18 151]

mel.bat262027 PM.bat [2011-10-18 151]

mel.bat262028 PM.bat [2011-10-18 151]

mel.bat262029 PM.bat [2011-10-18 151]

mel.bat262120 PM.bat [2011-10-18 151]

mel.bat262121 PM.bat [2011-10-18 151]

mel.bat262122 PM.bat [2011-10-18 151]

mel.bat262123 PM.bat [2011-10-18 151]

mel.bat262124 PM.bat [2011-10-18 151]

mel.bat262125 PM.bat [2011-10-18 151]

mel.bat262126 PM.bat [2011-10-18 151]

mel.bat262127 PM.bat [2011-10-18 151]

mel.bat262128 PM.bat [2011-10-18 151]

mel.bat262129 PM.bat [2011-10-18 151]

mel.bat262220 PM.bat [2011-10-18 151]

mel.bat262221 PM.bat [2011-10-18 151]

mel.bat262222 PM.bat [2011-10-18 151]

mel.bat262223 PM.bat [2011-10-18 151]

mel.bat262224 PM.bat [2011-10-18 151]

mel.bat262225 PM.bat [2011-10-18 151]

mel.bat262226 PM.bat [2011-10-18 151]

mel.bat262227 PM.bat [2011-10-18 151]

mel.bat262228 PM.bat [2011-10-18 151]

mel.bat262229 PM.bat [2011-10-18 151]

mel.bat272622 PM.bat [2011-10-14 151]

mel.bat294420 PM.bat [2011-10-16 151]

mel.bat294421 PM.bat [2011-10-16 151]

mel.bat294422 PM.bat [2011-10-16 151]

mel.bat294423 PM.bat [2011-10-16 151]

mel.bat294424 PM.bat [2011-10-16 151]

mel.bat294425 PM.bat [2011-10-16 151]

mel.bat294426 PM.bat [2011-10-16 151]

mel.bat294429 PM.bat [2011-10-16 151]

mel.bat313430 PM.bat [2011-10-19 151]

mel.bat313432 PM.bat [2011-10-19 151]

mel.bat313630 PM.bat [2011-10-19 151]

mel.bat313633 PM.bat [2011-10-19 151]

mel.bat313734 PM.bat [2011-10-19 151]

mel.bat314130 PM.bat [2011-10-19 151]

mel.bat314132 PM.bat [2011-10-19 151]

mel.bat315830 PM.bat [2011-10-19 151]

mel.bat315831 PM.bat [2011-10-19 151]

mel.bat315836 PM.bat [2011-10-19 151]

mel.bat320032 PM.bat [2011-10-19 151]

mel.bat320035 PM.bat [2011-10-19 151]

mel.bat320135 PM.bat [2011-10-19 151]

mel.bat320136 PM.bat [2011-10-19 151]

mel.bat320331 PM.bat [2011-10-19 151]

mel.bat320332 PM.bat [2011-10-19 151]

mel.bat320335 PM.bat [2011-10-19 151]

mel.bat323334 PM.bat [2011-10-19 151]

mel.bat323430 PM.bat [2011-10-19 151]

mel.bat323432 PM.bat [2011-10-19 151]

mel.bat323530 PM.bat [2011-10-19 151]

mel.bat323531 PM.bat [2011-10-19 151]

mel.bat323634 PM.bat [2011-10-19 151]

mel.bat323636 PM.bat [2011-10-19 151]

mel.bat323731 PM.bat [2011-10-19 151]

mel.bat323737 PM.bat [2011-10-19 151]

mel.bat323933 PM.bat [2011-10-19 151]

mel.bat324030 PM.bat [2011-10-19 151]

mel.bat324032 PM.bat [2011-10-19 151]

mel.bat325532 PM.bat [2011-10-19 151]

mel.bat325633 PM.bat [2011-10-19 151]

mel.bat325738 PM.bat [2011-10-19 151]

mel.bat325833 PM.bat [2011-10-19 151]

mel.bat325932 PM.bat [2011-10-19 151]

mel.bat325934 PM.bat [2011-10-19 151]

mel.bat325937 PM.bat [2011-10-19 151]

mel.bat325939 PM.bat [2011-10-19 151]

mel.bat330030 PM.bat [2011-10-19 151]

mel.bat330031 PM.bat [2011-10-19 151]

mel.bat330833 PM.bat [2011-10-15 151]

mel.bat333830 PM.bat [2011-10-16 151]

mel.bat333831 PM.bat [2011-10-16 151]

mel.bat333832 PM.bat [2011-10-16 151]

mel.bat333833 PM.bat [2011-10-16 151]

mel.bat333834 PM.bat [2011-10-16 151]

mel.bat333835 PM.bat [2011-10-16 151]

mel.bat333836 PM.bat [2011-10-16 151]

mel.bat333837 PM.bat [2011-10-16 151]

mel.bat333838 PM.bat [2011-10-16 151]

mel.bat360832 PM.bat [2011-10-18 151]

mel.bat360834 PM.bat [2011-10-18 151]

mel.bat360836 PM.bat [2011-10-18 151]

mel.bat360838 PM.bat [2011-10-18 151]

mel.bat362030 PM.bat [2011-10-18 151]

mel.bat362031 PM.bat [2011-10-18 151]

mel.bat362032 PM.bat [2011-10-18 151]

mel.bat362033 PM.bat [2011-10-18 151]

mel.bat362034 PM.bat [2011-10-18 151]

mel.bat362035 PM.bat [2011-10-18 151]

mel.bat362036 PM.bat [2011-10-18 151]

mel.bat362037 PM.bat [2011-10-18 151]

mel.bat362038 PM.bat [2011-10-18 151]

mel.bat362039 PM.bat [2011-10-18 151]

mel.bat362130 PM.bat [2011-10-18 151]

mel.bat362131 PM.bat [2011-10-18 151]

mel.bat362132 PM.bat [2011-10-18 151]

mel.bat362133 PM.bat [2011-10-18 151]

mel.bat362134 PM.bat [2011-10-18 151]

mel.bat362135 PM.bat [2011-10-18 151]

mel.bat362136 PM.bat [2011-10-18 151]

mel.bat362137 PM.bat [2011-10-18 151]

mel.bat362138 PM.bat [2011-10-18 151]

mel.bat362139 PM.bat [2011-10-18 151]

mel.bat362230 PM.bat [2011-10-18 151]

mel.bat393039 PM.bat [2011-10-16 151]

mel.bat394430 PM.bat [2011-10-16 151]

mel.bat394431 PM.bat [2011-10-16 151]

mel.bat394432 PM.bat [2011-10-16 151]

mel.bat394433 PM.bat [2011-10-16 151]

mel.bat394434 PM.bat [2011-10-16 151]

mel.bat394435 PM.bat [2011-10-16 151]

mel.bat394436 PM.bat [2011-10-16 151]

mel.bat394437 PM.bat [2011-10-16 151]

mel.bat394438 PM.bat [2011-10-16 151]

mel.bat394439 PM.bat [2011-10-16 151]

mel.bat413146 PM.bat [2011-10-19 151]

mel.bat413148 PM.bat [2011-10-19 151]

mel.bat413244 PM.bat [2011-10-19 151]

mel.bat413245 PM.bat [2011-10-19 151]

mel.bat413347 PM.bat [2011-10-19 151]

mel.bat413440 PM.bat [2011-10-19 151]

mel.bat413442 PM.bat [2011-10-19 151]

mel.bat413449 PM.bat [2011-10-19 151]

mel.bat413642 PM.bat [2011-10-19 151]

mel.bat413644 PM.bat [2011-10-19 151]

mel.bat413647 PM.bat [2011-10-19 151]

mel.bat414045 PM.bat [2011-10-19 151]

mel.bat415843 PM.bat [2011-10-19 151]

mel.bat415848 PM.bat [2011-10-19 151]

mel.bat415849 PM.bat [2011-10-19 151]

mel.bat415940 PM.bat [2011-10-19 151]

mel.bat415942 PM.bat [2011-10-19 151]

mel.bat420041 PM.bat [2011-10-19 151]

mel.bat420043 PM.bat [2011-10-19 151]

mel.bat420341 PM.bat [2011-10-19 151]

mel.bat420342 PM.bat [2011-10-19 151]

mel.bat423343 PM.bat [2011-10-19 151]

mel.bat423440 PM.bat [2011-10-19 151]

mel.bat423442 PM.bat [2011-10-19 151]

mel.bat423449 PM.bat [2011-10-19 151]

mel.bat423542 PM.bat [2011-10-19 151]

mel.bat423547 PM.bat [2011-10-19 151]

mel.bat423548 PM.bat [2011-10-19 151]

mel.bat423549 PM.bat [2011-10-19 151]

mel.bat423641 PM.bat [2011-10-19 151]

mel.bat423646 PM.bat [2011-10-19 151]

mel.bat423647 PM.bat [2011-10-19 151]

mel.bat423648 PM.bat [2011-10-19 151]

mel.bat423743 PM.bat [2011-10-19 151]

mel.bat423942 PM.bat [2011-10-19 151]

mel.bat425143 AM.bat [2011-10-14 151]

mel.bat425144 AM.bat [2011-10-14 151]

mel.bat425145 AM.bat [2011-10-14 151]

mel.bat425146 AM.bat [2011-10-14 151]

mel.bat425147 AM.bat [2011-10-14 151]

mel.bat425148 AM.bat [2011-10-14 151]

mel.bat425149 AM.bat [2011-10-14 151]

mel.bat425645 PM.bat [2011-10-19 151]

mel.bat425843 PM.bat [2011-10-19 151]

mel.bat425846 PM.bat [2011-10-19 151]

mel.bat425943 PM.bat [2011-10-19 151]

mel.bat430040 PM.bat [2011-10-19 151]

mel.bat432547 PM.bat [2011-10-16 151]

mel.bat433840 PM.bat [2011-10-16 151]

mel.bat433841 PM.bat [2011-10-16 151]

mel.bat433842 PM.bat [2011-10-16 151]

mel.bat433843 PM.bat [2011-10-16 151]

mel.bat433844 PM.bat [2011-10-16 151]

mel.bat433845 PM.bat [2011-10-16 151]

mel.bat433846 PM.bat [2011-10-16 151]

mel.bat433847 PM.bat [2011-10-16 151]

mel.bat433848 PM.bat [2011-10-16 151]

mel.bat433849 PM.bat [2011-10-16 151]

mel.bat460840 PM.bat [2011-10-18 151]

mel.bat460841 PM.bat [2011-10-18 151]

mel.bat460844 PM.bat [2011-10-18 151]

mel.bat460849 PM.bat [2011-10-18 151]

mel.bat462040 PM.bat [2011-10-18 151]

mel.bat462041 PM.bat [2011-10-18 151]

mel.bat462042 PM.bat [2011-10-18 151]

mel.bat462043 PM.bat [2011-10-18 151]

mel.bat462044 PM.bat [2011-10-18 151]

mel.bat462045 PM.bat [2011-10-18 151]

mel.bat462046 PM.bat [2011-10-18 151]

mel.bat462047 PM.bat [2011-10-18 151]

mel.bat462048 PM.bat [2011-10-18 151]

mel.bat462049 PM.bat [2011-10-18 151]

mel.bat462140 PM.bat [2011-10-18 151]

mel.bat462141 PM.bat [2011-10-18 151]

mel.bat462142 PM.bat [2011-10-18 151]

mel.bat462143 PM.bat [2011-10-18 151]

mel.bat462144 PM.bat [2011-10-18 151]

mel.bat462145 PM.bat [2011-10-18 151]

mel.bat462146 PM.bat [2011-10-18 151]

mel.bat462147 PM.bat [2011-10-18 151]

mel.bat462148 PM.bat [2011-10-18 151]

mel.bat462149 PM.bat [2011-10-18 151]

mel.bat493046 PM.bat [2011-10-16 151]

mel.bat494440 PM.bat [2011-10-16 151]

mel.bat494441 PM.bat [2011-10-16 151]

mel.bat494442 PM.bat [2011-10-16 151]

mel.bat494443 PM.bat [2011-10-16 151]

mel.bat513252 PM.bat [2011-10-19 151]

mel.bat513254 PM.bat [2011-10-19 151]

mel.bat515854 PM.bat [2011-10-19 151]

mel.bat520052 PM.bat [2011-10-19 151]

mel.bat520152 PM.bat [2011-10-19 151]

mel.bat520156 PM.bat [2011-10-19 151]

mel.bat520253 PM.bat [2011-10-19 151]

mel.bat520255 PM.bat [2011-10-19 151]

mel.bat520256 PM.bat [2011-10-19 151]

mel.bat523353 PM.bat [2011-10-19 151]

mel.bat523355 PM.bat [2011-10-19 151]

mel.bat523356 PM.bat [2011-10-19 151]

mel.bat523358 PM.bat [2011-10-19 151]

mel.bat523450 PM.bat [2011-10-19 151]

mel.bat523551 PM.bat [2011-10-19 151]

mel.bat523553 PM.bat [2011-10-19 151]

mel.bat523652 PM.bat [2011-10-19 151]

mel.bat523656 PM.bat [2011-10-19 151]

mel.bat523755 PM.bat [2011-10-19 151]

mel.bat523952 PM.bat [2011-10-19 151]

mel.bat524055 PM.bat [2011-10-19 151]

mel.bat524056 PM.bat [2011-10-19 151]

mel.bat524057 PM.bat [2011-10-19 151]

mel.bat524654 PM.bat [2011-10-19 151]

mel.bat524655 PM.bat [2011-10-19 151]

mel.bat524658 PM.bat [2011-10-19 151]

mel.bat525552 PM.bat [2011-10-19 151]

mel.bat525556 PM.bat [2011-10-19 151]

mel.bat525650 PM.bat [2011-10-19 151]

mel.bat525652 PM.bat [2011-10-19 151]

mel.bat525653 PM.bat [2011-10-19 151]

mel.bat525657 PM.bat [2011-10-19 151]

mel.bat525853 PM.bat [2011-10-19 151]

mel.bat525855 PM.bat [2011-10-19 151]

mel.bat525856 PM.bat [2011-10-19 151]

mel.bat525857 PM.bat [2011-10-19 151]

mel.bat530850 PM.bat [2011-10-15 151]

mel.bat532153 PM.bat [2011-10-15 151]

mel.bat532154 PM.bat [2011-10-15 151]

mel.bat532155 PM.bat [2011-10-15 151]

mel.bat532156 PM.bat [2011-10-15 151]

mel.bat532157 PM.bat [2011-10-15 151]

mel.bat532158 PM.bat [2011-10-15 151]

mel.bat532159 PM.bat [2011-10-15 151]

mel.bat533850 PM.bat [2011-10-16 151]

mel.bat533851 PM.bat [2011-10-16 151]

mel.bat533852 PM.bat [2011-10-16 151]

mel.bat533853 PM.bat [2011-10-16 151]

mel.bat533854 PM.bat [2011-10-16 151]

mel.bat533855 PM.bat [2011-10-16 151]

mel.bat533856 PM.bat [2011-10-16 151]

mel.bat533857 PM.bat [2011-10-16 151]

mel.bat533858 PM.bat [2011-10-16 151]

mel.bat560650 PM.bat [2011-10-18 151]

mel.bat560752 PM.bat [2011-10-18 151]

mel.bat560850 PM.bat [2011-10-18 151]

mel.bat560852 PM.bat [2011-10-18 151]

mel.bat560857 PM.bat [2011-10-18 151]

mel.bat562050 PM.bat [2011-10-18 151]

mel.bat562051 PM.bat [2011-10-18 151]

mel.bat562052 PM.bat [2011-10-18 151]

mel.bat562053 PM.bat [2011-10-18 151]

mel.bat562054 PM.bat [2011-10-18 151]

mel.bat562055 PM.bat [2011-10-18 151]

mel.bat562056 PM.bat [2011-10-18 151]

mel.bat562057 PM.bat [2011-10-18 151]

mel.bat562058 PM.bat [2011-10-18 151]

mel.bat562059 PM.bat [2011-10-18 151]

mel.bat562150 PM.bat [2011-10-18 151]

mel.bat562151 PM.bat [2011-10-18 151]

mel.bat562152 PM.bat [2011-10-18 151]

mel.bat562153 PM.bat [2011-10-18 151]

mel.bat562154 PM.bat [2011-10-18 151]

mel.bat562155 PM.bat [2011-10-18 151]

mel.bat562156 PM.bat [2011-10-18 151]

mel.bat562157 PM.bat [2011-10-18 151]

mel.bat562158 PM.bat [2011-10-18 151]

mel.bat562159 PM.bat [2011-10-18 151]

mel.bat571259 PM.bat [2011-10-14 151]

mel.bat573352 PM.bat [2011-10-12 151]

mel.bat594359 PM.bat [2011-10-16 151]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files (x86)\VMLaunch\BuddyVM.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-26 1431888]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-19 1255736]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-17 254528]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]

S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-07-27 14952]

S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-15 383264]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-09 122856]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-09 369640]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]

S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]

S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-30 03:14 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 03:27]

.

2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-29 00:54]

.

2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-29 00:54]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\David Bessent\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\David Bessent\AppData\Roaming\Mozilla\Firefox\Profiles\8tt2bpms.default\

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-SP_d33a5824 - c:\program files (x86)\EasyLife\uninstall.exe

AddRemove-SP_e14dcdfa - c:\program files (x86)\ContinueToSave\uninstall.exe

AddRemove-The Witcher Grafikmods_is1 - c:\program files (x86)\The Witcher\unins000.exe

AddRemove-{06472C0F-DF4C-AFCC-5C62-99B2FEEBCC78} - c:\progra~3\INSTAL~1\{3087D~1\Setup.exe

AddRemove-{6248E943-91A1-DCEB-46BE-A60AD45E938B} - c:\progra~3\INSTAL~1\{A7796~1\Setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\SysWOW64\PnkBstrB.exe

c:\programdata\TVersity\Media Server\MediaServer.exe

c:\programdata\TVersity\Media Server\berkelium.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Completion time: 2013-04-29 23:50:43 - machine was rebooted

ComboFix-quarantined-files.txt 2013-04-30 03:50

ComboFix2.txt 2013-04-30 02:48

.

Pre-Run: 391,241,367,552 bytes free

Post-Run: 391,195,516,928 bytes free

.

- - End Of File - - 7EC416D226AA83978F34A914DCFEC884

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

  • Programs to remove

    • ContinueToSave
      ContinueToSave 1.74
      EasyLife Gadget
      EasyLife Search 1.74
      EasylifeGadget
      Java 7 Update 15
      Java 7 Update 17 (64-bit)
      Java 6 Update 30
      Java SE Development Kit 7 (64-bit)

Please download and install Revo Uninstaller Free

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.

.

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.

Run Malwarebytes

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware

    [*] then click Finish.

    [*]If an update is found, it will download and install the latest version.

    [*]Once the program has loaded, select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

"information and logs"

  • In your next post I need the following
  1. Log From MBAM
  2. report from Hijackthis
  3. let me know of any problems you may have had
  4. How is the computer doing now?

Gringo

Link to post
Share on other sites
TheDotEater

TheDotEater

Posted
  • Author
Posted

I didn't have any issues. Computer seems to be running fine. The post is too long so I'll try separating it into multiple posts.

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.29.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

David Bessent :: DAVIDBESSENT-PC [administrator]

4/30/2013 12:16:35 AM

mbam-log-2013-04-30 (00-16-35).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 240957

Time elapsed: 2 minute(s), 23 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 602

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat594359 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat573352 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat571259 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562159 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562158 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562157 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562156 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562155 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562154 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562153 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562152 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562151 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562150 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562059 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562058 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562057 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562056 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562055 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562054 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562053 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562052 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562051 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat562050 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat560857 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat560852 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat560850 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat560752 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat560650 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533858 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533857 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533856 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533855 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533854 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533853 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533852 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533851 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat533850 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat532159 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat532158 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat532157 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat532156 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat532155 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat532154 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat532153 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat530850 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525857 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525856 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525855 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525853 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525657 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525653 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525652 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525650 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525556 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat525552 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat524658 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat524655 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat524654 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat524057 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat524056 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat524055 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523952 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523755 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523656 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523652 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523553 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523551 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523450 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523358 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523356 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523355 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat523353 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat520256 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat520255 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat520253 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat520156 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat520152 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat520052 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat515854 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat513254 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat513252 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat494443 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat494442 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat494441 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat494440 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat493046 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462149 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462148 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462147 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462146 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462145 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462144 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462143 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462142 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462141 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462140 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462049 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462048 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462047 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462046 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462045 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462044 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462043 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462042 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462041 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat462040 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat460849 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat460844 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat460841 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat460840 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433849 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433848 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433847 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433846 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433845 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433844 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433843 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433842 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433841 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat433840 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat432547 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat430040 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425943 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425846 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425843 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425645 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425149 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425148 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425147 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425146 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425145 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425144 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat425143 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423942 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423743 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423648 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423647 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423646 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423641 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423549 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423548 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423547 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423542 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423449 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423442 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423440 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat423343 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat420342 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat420341 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat420043 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat420041 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat415942 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat415940 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat415849 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat415848 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat415843 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat414045 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413647 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413644 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413642 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413449 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413442 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413440 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413347 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413245 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413244 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413148 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat413146 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394439 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394438 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394437 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394436 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394435 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394434 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394433 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394432 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394431 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat394430 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat393039 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362230 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362139 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362138 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362137 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362136 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362135 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362134 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362133 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362132 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362131 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362130 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362039 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362038 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362037 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362036 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362035 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362034 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362033 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362032 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362031 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat362030 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat360838 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat360836 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat360834 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat360832 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat333838 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat333837 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat333836 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat333835 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat333834 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat333833 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat333832 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat333831 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat333830 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat330833 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat330031 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat330030 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat325939 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat325937 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat325934 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat325932 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat325833 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat325738 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat325633 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat325532 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat324032 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat324030 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323933 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323737 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323731 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323636 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323634 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323531 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323530 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323432 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323430 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat323334 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat320335 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat320332 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat320331 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat320136 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat320135 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat320035 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat320032 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat315836 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat315831 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat315830 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat314132 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat314130 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat313734 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat313633 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat313630 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat313432 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat313430 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat294429 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat294426 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat294425 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat294424 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat294423 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat294422 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat294421 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat294420 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat272622 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262229 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262228 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262227 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262226 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262225 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262224 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262223 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262222 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262221 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites
TheDotEater

TheDotEater

Posted
  • Author
Posted

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262220 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262129 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262128 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262127 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262126 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262125 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262124 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262123 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262122 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262121 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262120 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262029 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262028 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262027 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262026 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262025 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262024 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262023 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262022 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262021 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat262020 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat260829 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat260723 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat233829 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat233828 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat230326 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat230325 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat230324 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat225921 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat225724 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat225721 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat225029 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat224722 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat224123 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223923 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223823 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223723 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223624 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223529 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223526 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223525 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223524 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223521 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223427 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat223421 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220329 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220328 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220324 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220322 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220320 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220222 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220127 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220123 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220024 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat220021 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat213523 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat213520 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat213429 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat213426 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat213327 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat213324 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat213321 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat213221 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194419 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194418 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194417 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194416 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194415 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194414 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194413 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194412 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194411 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat194410 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat174712 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat172619 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162219 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162217 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162216 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162213 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162212 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162211 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162210 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162119 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162118 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162117 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162116 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162115 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162114 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162113 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162112 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162111 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162110 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162019 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162018 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162017 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162016 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162015 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162014 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162013 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162012 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat162011 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat132213 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat132212 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat132211 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat132210 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat130017 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat125912 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat125819 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat125811 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat125718 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat125614 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat124713 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat124711 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat124113 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat124018 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat123518 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat123517 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat123515 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat123510 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat123410 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121656 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121655 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121654 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121653 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121652 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121651 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121650 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121648 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121647 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121646 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121645 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121644 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121643 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121642 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121641 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121640 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121632 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121631 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121630 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121629 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121628 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121627 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121626 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121625 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121624 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121623 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121622 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121621 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121620 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121619 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121618 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121617 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121616 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121615 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121614 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121613 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121612 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121611 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121610 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121609 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121608 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121607 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121606 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121605 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121604 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121603 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121602 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121601 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121600 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121559 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121558 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121557 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121556 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121555 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121554 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121553 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121552 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121551 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121550 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121549 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121548 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121547 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121546 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121545 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121544 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121543 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121542 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121541 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121540 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121539 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121538 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121537 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121536 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121535 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121534 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121533 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121532 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121531 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121530 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121529 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121528 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat121527 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120426 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120425 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120336 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120332 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120316 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120313 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120310 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120309 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120236 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120223 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120218 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120218 AM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120119 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120118 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120016 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120010 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115815 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115105 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat113719 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat113718 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat113418 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat113413 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat113211 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat105522 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat105521 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat105520 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat105518 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat105517 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat105516 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat105511 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat104200 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094409 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094408 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094407 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094406 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094405 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094404 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094403 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094402 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094401 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat094400 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat093105 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat093102 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062209 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062208 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062207 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062206 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062205 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062204 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062203 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062202 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062201 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062200 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062109 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062108 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062107 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062106 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062105 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062104 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062103 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062102 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062101 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat062100 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat060900 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat060802 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat060801 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat060708 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat060706 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat060702 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033908 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033907 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033906 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033905 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033904 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033903 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033902 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033901 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat033900 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032508 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032209 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032208 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032207 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032206 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032205 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032204 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032203 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032202 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032201 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat032200 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat030009 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat025902 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat025901 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat025805 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat025803 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat025603 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat025602 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat025600 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat024708 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat024705 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat024703 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat024702 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat024004 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023802 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023801 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023709 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023708 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023609 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023507 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023502 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023409 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023408 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023406 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat023400 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat020305 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat020303 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat020300 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat020104 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat020005 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat015903 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat015900 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat013509 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat013507 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat013503 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat013500 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat013403 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat013300 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat013204 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat013203 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\David Bessent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat013202 PM.bat (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites
TheDotEater

TheDotEater

Posted
  • Author
Posted

Wow, that's alot... Here's the HijackThis log.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:22:27 AM, on 4/30/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\ProgramData\TVersity\Media Server\berkelium.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Users\David Bessent\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\David Bessent\Desktop\HijackThis (1).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"

O4 - HKUS\S-1-5-21-4210620806-2686088599-4207646544-1007\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-4210620806-2686088599-4207646544-1007\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: Dropbox.lnk = David Bessent\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: kill.bat

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit (mi-raysat_3dsmax2012_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10780 bytes

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
      O4 - HKUS\S-1-5-21-4210620806-2686088599-4207646544-1007\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-4210620806-2686088599-4207646544-1007\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - Startup: Dropbox.lnk = David Bessent\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Startup: kill.bat

[*] Close all open windows and browsers/email, etc...

[*] Click on the "Fix Checked" button

[*] When completed, close the application.

  • NOTE**You can research each of those lines
>here< and see if you want to keep them or not
just copy the name between the brackets and paste into the search space
O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start

    [*]When asked, allow the add/on to be installed

    • Click Start

    [*]Make sure that the option Remove found threats is unticked

    [*]Click on Advanced Settings, ensure the options

    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

    [*]Click Scan

    [*]wait for the virus definitions to be downloaded

    [*]Wait for the scan to finish

When the scan is complete

  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found

  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here

Gringo

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello TheDotEater

There are some minor things in your online scan that should be removed.

delete files

  • Copy all text in the code box (below)...to Notepad.
    @echo off
    del /f /s /q "C:\Program Files (x86)\SimpleSpeedy\sprotector.dll"
    del %0


  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

  • Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.
    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

About Java

  • During the cleaning process if I found that Java was installed I asked for it to be uninstalled, Many home users will not miss it. If you use OpenOffice, play online games or use business applications which require Java, Then you need to install the latest version and make sure to disable it in your web browsers.
    If an application or website requires it, you should receive a notification indicating that when you attempt to launch that application or access that website.
    Link to download latest version. -
install Java
How to disable java in your web browsers - Disable Java

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls
CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner
Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety
Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as 'perfect security'. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Gringo

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.