Hello, I seem to have this Google "redirect" virus that a lot of people seem to have gotten lately. I'll paste my DDS log first, followed by my Malwarebytes Anti-Malware log. Hope that is suffiecit info - if not just let me know Any help is always greatly appreciated. Thanks!

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Rippa at 10:29:30 on 2011-07-24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3957.2436 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskeng.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\SysWOW64\ASTSRV.EXE
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\windows\system32\nlsInterface.exe
C:\windows\SysWOW64\Rezip.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManage r.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\windows\splwow64.exe
C:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.bearshare.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mWinlogon: Userinit=userinit.exe,
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMed iabarDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\s wg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMed iabarDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
uRun: [AdobeBridge]
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMen u.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStart Menu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183 CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: line6.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{39E13C18-BCDC-4FB4-AD7E-7824E1A6ECD3} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{39E13C18-BCDC-4FB4-AD7E-7824E1A6ECD3}\2456C6B696E6F5E413F575962756C6563737 F5549393038373 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{39E13C18-BCDC-4FB4-AD7E-7824E1A6ECD3}\25F68726F627F65776860284F6D656028457 26 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{39E13C18-BCDC-4FB4-AD7E-7824E1A6ECD3}\7596649602A5F6E65602D2024586560234C6 F65746 : DhcpNameServer = 10.5.160.31 10.5.160.32 10.1.5.5
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dl l C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
BHO-X64: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMed iabarDx.dll
BHO-X64: MediaBar - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO-X64: BitTorrentBar - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\s wg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMed iabarDx.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMen u.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStart Menu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dl l C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rippa\AppData\Roaming\Mozilla\Firefox\Pro files\neizbxb6.default\
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GBfficial
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Users\Rippa\AppData\Roaming\Mozilla\Firefox\Pro files\neizbxb6.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Rippa\AppData\Roaming\Mozilla\Firefox\Pro files\neizbxb6.default\extensions\engine@conduit.c om\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Rippa\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\windows\system32\Drivers\avgldx64.sys --> C:\windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\windows\system32\Drivers\avgmfx64.sys --> C:\windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Free Network Redirector x64;C:\windows\system32\Drivers\avgtdia.sys --> C:\windows\system32\Drivers\avgtdia.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/04/07 17:48:48];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-4-15 146928]
R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
R2 ASTSRV;Nalpeiron Licensing Service;C:\Windows\System32\ASTSRV.EXE [2010-11-16 57344]
R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-9-16 921952]
R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-9-16 308136]
R2 nlsInterface;Nalpeiron Licensing Service 64-bit;C:\windows\system32\nlsInterface.exe --> C:\windows\system32\nlsInterface.exe [?]
R2 Rezip;Rezip;C:\Windows\SysWOW64\Rezip.exe [2010-4-7 311296]
R2 Sentinel64;Sentinel64;C:\windows\system32\Drivers\ Sentinel64.sys --> C:\windows\system32\Drivers\Sentinel64.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\windows\system32\DRIVERS\rtl819xp.sys --> C:\windows\system32\DRIVERS\rtl819xp.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
S2 Adobe Licensing Console;Adobe Licensing Console;C:\Windows\System32\msvfd32.exe [2011-2-16 818087]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-1 135664]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssflt r.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-1 135664]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
S3 L6UX1;Service - Line 6 UX1;C:\windows\system32\Drivers\L6UX164.sys --> C:\windows\system32\Drivers\L6UX164.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-24 07:48:06 -------- d-----w- C:\Users\Rippa\AppData\Roaming\Malwarebytes
2011-07-24 07:47:59 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-24 07:47:58 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-24 07:47:55 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-07-24 07:47:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-24 02:05:16 63488 --sha-r- C:\windows\SysWow64\igfcg500mb.dll
2011-07-24 01:43:19 -------- d-----w- C:\ProgramData\Avid
2011-07-24 01:35:19 -------- d-----w- C:\windows\SysWow64\MEDIA
2011-07-24 01:31:54 142120 ----a-w- C:\windows\System32\drivers\sentinel64.sys
2011-07-24 01:31:47 -------- d-----w- C:\Program Files (x86)\Common Files\SafeNet Sentinel
2011-07-24 01:30:47 53248 ----a-r- C:\Users\Rippa\AppData\Roaming\Microsoft\Installer \{D01FF451-B79C-4C98-85DB-7C8C5AD9DC32}\ARPPRODUCTICON.exe
2011-07-24 01:29:51 53248 ----a-r- C:\Users\Rippa\AppData\Roaming\Microsoft\Installer \{84B1B745-128C-47C5-84BF-97ECA9E676D2}\ARPPRODUCTICON.exe
2011-07-24 01:29:50 -------- d-----w- C:\Program Files\Common Files\Avid
2011-07-24 01:28:51 53248 ----a-r- C:\Users\Rippa\AppData\Roaming\Microsoft\Installer \{4017D3E4-FFFD-49ED-A935-95B3CA027D69}\ARPPRODUCTICON.exe
2011-07-24 01:28:51 -------- d-----w- C:\Program Files\Common Files\PACE
2011-07-24 01:22:49 -------- d-----w- C:\Program Files (x86)\Digidesign
2011-07-24 01:19:23 -------- d-----w- C:\Program Files (x86)\Common Files\Avid
2011-07-24 01:14:55 -------- d-----w- C:\Program Files (x86)\Licenses
2011-07-24 01:14:49 -------- d-----w- C:\Program Files (x86)\Avid
2011-07-20 03:05:37 -------- d-----w- C:\Users\Rippa\AppData\Roaming\KORG
2011-07-20 03:00:03 -------- d-----w- C:\ProgramData\KORG
2011-07-20 02:59:47 -------- d-----w- C:\Program Files (x86)\Common Files\KORG
2011-07-16 20:48:54 -------- d-----w- C:\Program Files\Common Files\SONiVOX
2011-07-16 20:48:28 86528 ----a-w- C:\windows\SysWow64\drivers\tpkd.sys
2011-07-16 20:48:28 55808 ----a-w- C:\windows\SysWow64\zlib1.dll
2011-07-16 20:48:28 203264 ----a-w- C:\windows\SysWow64\libpng13.dll
2011-07-16 20:47:16 -------- d-----w- C:\Program Files (x86)\SONiVOX
2011-07-16 20:45:30 -------- d-----w- C:\ProgramData\SONiVOX
2011-07-13 16:07:59 -------- d-----w- C:\windows\pss
2011-07-11 20:08:27 69632 ----a-w- C:\windows\SysWow64\NI_DFD_KOMPAKT.dll
2011-07-11 20:08:27 69632 ----a-w- C:\windows\SysWow64\NI_DFD_1_2_9.dll
2011-07-11 20:08:27 69632 ----a-w- C:\windows\SysWow64\NI_DFD_1_2_7.dll
2011-07-11 20:08:27 69632 ----a-w- C:\windows\SysWow64\NI_DFD_1_2_4.dll
2011-07-11 20:08:27 69632 ----a-w- C:\windows\SysWow64\NI_DFD.dll
2011-07-11 20:08:27 65536 ----a-w- C:\windows\SysWow64\NI_DFD_1_2_8.dll
2011-07-09 23:47:06 -------- d-----w- C:\Program Files (x86)\Steinberg
2011-07-09 17:13:32 -------- d-----w- C:\Program Files (x86)\Arturia
2011-07-09 17:09:02 -------- d-----w- C:\ProgramData\Arturia
2011-07-09 12:10:25 163840 ----a-w- C:\windows\SysWow64\ArtFfct.dll
2011-07-09 12:10:25 1177600 ----a-w- C:\windows\SysWow64\SYNSOAiR.DLL
2011-07-07 13:25:39 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-07 13:25:39 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-07 13:25:24 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-07 08:19:41 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-07-06 15:32:57 197120 ----a-w- C:\windows\System32\d3d10_1.dll
2011-07-06 15:32:57 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2011-07-06 15:32:54 461312 ----a-w- C:\windows\System32\drivers\srv.sys
2011-07-06 15:32:54 399872 ----a-w- C:\windows\System32\drivers\srv2.sys
2011-07-06 15:32:54 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys
2011-07-06 15:32:51 861184 ----a-w- C:\windows\System32\oleaut32.dll
2011-07-06 15:32:51 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2011-07-06 15:32:44 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-07-06 15:32:43 740864 ----a-w- C:\windows\SysWow64\inetcomm.dll
2011-07-06 15:15:43 -------- d-----w- C:\Program Files (x86)\Common Files\Kodak
2011-07-06 15:13:52 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2011-07-06 15:13:51 -------- d-----w- C:\Program Files (x86)\Kodak
2011-07-06 15:12:42 -------- d-----w- C:\ProgramData\Kodak
.
==================== Find3M ====================
.
2011-06-11 0244 3134464 ----a-w- C:\windows\System32\win32k.sys
2011-06-02 06:45:22 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\windows\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\windows\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-06-02 06:39:54 422400 ----a-w- C:\windows\System32\KernelBase.dll
2011-06-02 06:35:56 338944 ----a-w- C:\windows\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-06-02 0528 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-06-02 0506 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-06-02 05:54:51 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-06-02 05:54:50 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-06-02 03:51:00 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-06-02 03:50:59 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-06-02 03:45:49 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-05-24 1159 404992 ----a-w- C:\windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\windows\SysWow64\drvinst.exe
2011-05-06 13:19:56 317520 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2011-05-04 05:30:38 2326016 ----a-w- C:\windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\windows\SysWow64\SearchProtocolHost.exe
2011-05-04 02:51:08 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2011-04-28 03:58:42 552448 ----a-w- C:\windows\System32\drivers\bthport.sys
2011-04-28 03:58:34 80384 ----a-w- C:\windows\System32\drivers\BTHUSB.SYS
2011-04-27 02:57:40 102400 ----a-w- C:\windows\System32\drivers\dfsc.sys
.
============= FINISH: 10:30:13.11 ===============

Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 7260

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24/07/2011 10:12:28
mbam-log-2011-07-24 (10-12-28).txt

Scan type: Full scan (C:\|)
Objects scanned: 477124
Time elapsed: 1 hour(s), 22 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 291

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XMZH42I4GI (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Value: 8DDYX0ZBPZ -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\image-line\fl studio 10\Plugins\VST\xln.audio.addictive.drums.dvdr.hybr id-airiso\Keygen.exe (Malware.Packer.Gen) -> Not selected for removal.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\08979.exe.exe (Trojan.Startup) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\14628.exe.exe (Trojan.Startup) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\60257.exe.exe (Trojan.Startup) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\037a6.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\08a76.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\097f6.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\0ef28.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\1e2ce.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\2e3a7.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\588b9.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\63a3f.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\6ba7f.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\7f620.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\829d7.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\8a9ac.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\93fd4.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\9963f.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\a0b37.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\b8de7.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\bb4f6.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\c2b1e.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\c87e3.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\dad2d.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\eccdf.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\4323569.lnk (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000339.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000340.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000341.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000342.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000343.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000344.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000345.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000346.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000347.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000348.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000349.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000350.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000351.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000352.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000353.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000354.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000355.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000356.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000357.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000358.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000359.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000400.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat064113.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat064114.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat064115.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat064118.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat064119.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat064332.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat064415.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat064422.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065650.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065735.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065736.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065737.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065738.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065739.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065740.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065741.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065742.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065743.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083109.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083114.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083134.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083149.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083152.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083153.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083154.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083156.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083157.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083158.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083159.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083200.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083208.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083213.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084429.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084430.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084431.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084432.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084433.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084434.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084435.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084436.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084437.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084438.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084439.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084440.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084441.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084442.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084443.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084444.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084445.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084446.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084447.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084448.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084449.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084450.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084451.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084452.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084453.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084454.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084455.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084456.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084457.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084458.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084459.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084500.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084501.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084502.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084503.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084504.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084505.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084506.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084507.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084508.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084509.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084510.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084511.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084512.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084513.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084514.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084515.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084516.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084517.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084518.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084519.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084520.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084521.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084522.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084523.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084524.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084525.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084526.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084527.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084528.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084529.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084530.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084531.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084532.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084533.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084534.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084535.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084536.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084654.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084717.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084718.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090014.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090015.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090016.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090017.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090018.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090019.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090020.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090021.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090022.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090023.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090024.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090025.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090026.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090027.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090028.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090029.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090030.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090031.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090032.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090033.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090034.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090035.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090036.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090037.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090038.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090039.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090040.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090041.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090042.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090043.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090044.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090045.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090046.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090047.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090048.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090049.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090050.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090051.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090052.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090053.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090054.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090055.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090056.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090057.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat122034.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat122035.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat123303.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124038.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124051.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124057.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124102.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124106.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124158.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124205.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124209.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124210.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124211.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124218.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124230.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124234.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124236.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124238.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124243.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124245.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124248.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124250.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124251.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124252.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124254.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124301.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124305.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124309.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124315.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124319.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124534.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124548.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124602.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124603.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124614.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124622.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124629.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124641.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124645.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124649.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124657.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124707.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124717.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124743.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124837.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124842.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124949.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125041.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125047.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125056.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125105.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125154.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125159.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125217.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125249.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125305.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125317.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125320.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125329.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125332.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125343.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125348.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125351.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125352.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125355.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125405.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125407.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125414.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125426.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125430.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125432.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125436.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125437.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125443.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125445.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125448.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat133028.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134347.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134348.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134349.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134350.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134351.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134352.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134353.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134354.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134355.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134356.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134357.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134358.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134359.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134400.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat235019.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat235039.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

Welcome aboard

Please, complete all steps listed here: HERE

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Hello! Thanks for the reply OK I'll paste my results below! Thanks again!

Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 7260

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24/07/2011 10:12:28
mbam-log-2011-07-24 (10-12-28).txt

Scan type: Full scan (C:\|)
Objects scanned: 477124
Time elapsed: 1 hour(s), 22 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 291

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XMZH42I4GI (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Value: 8DDYX0ZBPZ -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\image-line\fl studio 10\Plugins\VST\xln.audio.addictive.drums.dvdr.hybr id-airiso\Keygen.exe (Malware.Packer.Gen) -> Not selected for removal.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\08979.exe.exe (Trojan.Startup) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\14628.exe.exe (Trojan.Startup) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\60257.exe.exe (Trojan.Startup) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\037a6.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\08a76.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\097f6.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\0ef28.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\1e2ce.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\2e3a7.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\588b9.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\63a3f.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\6ba7f.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\7f620.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\829d7.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\8a9ac.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\93fd4.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\9963f.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\a0b37.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\b8de7.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\bb4f6.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\c2b1e.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\c87e3.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\dad2d.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\eccdf.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\4323569.lnk (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000339.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000340.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000341.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000342.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000343.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000344.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000345.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000346.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000347.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000348.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000349.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000350.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000351.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000352.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000353.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000354.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000355.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000356.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000357.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000358.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000359.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat000400.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat064113.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat064114.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat064115.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat064118.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat064119.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat064332.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat064415.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat064422.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065650.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065735.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065736.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065737.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065738.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065739.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065740.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065741.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065742.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat065743.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083109.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083114.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083134.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083149.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083152.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083153.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083154.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083156.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083157.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083158.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083159.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083200.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083208.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat083213.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084429.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084430.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084431.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084432.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084433.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084434.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084435.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084436.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084437.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084438.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084439.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084440.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084441.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084442.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084443.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084444.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084445.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084446.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084447.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084448.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084449.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084450.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084451.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084452.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084453.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084454.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084455.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084456.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084457.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084458.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084459.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084500.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084501.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084502.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084503.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084504.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084505.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084506.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084507.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084508.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084509.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084510.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084511.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084512.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084513.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084514.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084515.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084516.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084517.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084518.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084519.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084520.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084521.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084522.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084523.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084524.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084525.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084526.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084527.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084528.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084529.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084530.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084531.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084532.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084533.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084534.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084535.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084536.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084654.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084717.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat084718.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090014.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090015.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090016.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090017.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090018.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090019.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090020.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090021.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090022.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090023.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090024.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090025.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090026.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090027.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090028.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090029.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090030.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090031.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090032.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090033.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090034.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090035.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090036.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090037.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090038.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090039.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090040.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090041.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090042.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090043.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090044.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090045.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090046.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090047.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090048.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090049.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090050.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090051.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090052.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090053.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090054.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090055.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090056.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat090057.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat122034.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat122035.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat123303.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124038.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124051.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124057.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124102.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124106.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124158.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124205.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124209.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124210.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124211.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124218.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124230.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124234.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124236.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124238.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124243.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124245.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124248.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124250.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124251.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124252.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124254.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124301.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124305.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124309.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124315.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124319.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124534.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124548.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124602.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124603.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124614.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124622.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124629.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124641.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124645.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124649.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124657.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124707.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124717.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124743.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124837.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124842.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat124949.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125041.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125047.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125056.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125105.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125154.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125159.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125217.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125249.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125305.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125317.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125320.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125329.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125332.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125343.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125348.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125351.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125352.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125355.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125405.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125407.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125414.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125426.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125430.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125432.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125436.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125437.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125443.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125445.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat125448.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat133028.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134347.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134348.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134349.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134350.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134351.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134352.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134353.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134354.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134355.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134356.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134357.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134358.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134359.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat134400.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat235019.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Rippa\AppData\Roaming\microsoft\Windows\s tart menu\Programs\Startup\mel.bat235039.bat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

GMER Results:

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-28 03:48:00
Windows 6.1.7600
Running: 532nxd0d.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\0026b654edff
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\0026b654f652
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\0026b66b6864
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\0026b66b6982
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\b482fe520e45
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0xD7 0xB0 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0x11 0xAB 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAF 0x1E 0x6F 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14 919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x00 0xD4 0x3C 0xBE ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\0026b654edff (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\0026b654f652 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\0026b66b6864 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\0026b66b6982 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\b482fe520e45 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0xD7 0xB0 0x8C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4C 0x11 0xAB 0x23 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAF 0x1E 0x6F 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919E A49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x00 0xD4 0x3C 0xBE ...

---- EOF - GMER 1.0.15 ----

aswMBR Results:

aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-28 03:50:35
-----------------------------
03:50:35.308 OS Version: Windows x64 6.1.7600
03:50:35.309 Number of processors: 4 586 0x2502
03:50:35.311 ComputerName: RIPPA-PC UserName: Rippa
03:50:36.671 Initialize success
03:50:45.738 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
03:50:45.742 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
03:50:45.757 Disk 0 MBR read successfully
03:50:45.762 Disk 0 MBR scan
03:50:45.766 Disk 0 unknown MBR code
03:50:45.772 Service scanning
03:50:47.260 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
03:50:48.093 Modules scanning
03:50:48.107 Disk 0 trace - called modules:
03:50:48.146 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spvu.sys
03:50:48.153 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b22270]
03:50:48.160 3 CLASSPNP.SYS[fffff88000fbf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049d6050]
03:50:48.168 Scan finished successfully
03:51:16.692 Disk 0 MBR has been saved successfully to "C:\Users\Rippa\Desktop\MBR.dat"
03:51:16.705 The log file has been saved successfully to "C:\Users\Rippa\Desktop\aswMBR.txt"


DDS.txt Results:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Rippa at 3:52:14 on 2011-07-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3957.1834 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskeng.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManage r.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\windows\SysWOW64\ASTSRV.EXE
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\windows\system32\nlsInterface.exe
C:\windows\SysWOW64\Rezip.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wuauclt.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Users\Rippa\Downloads\aswMBR.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.bearshare.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mWinlogon: Userinit=userinit.exe,
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMed iabarDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\s wg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMed iabarDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
uRun: [AdobeBridge]
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMen u.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStart Menu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183 CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: line6.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{39E13C18-BCDC-4FB4-AD7E-7824E1A6ECD3} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{39E13C18-BCDC-4FB4-AD7E-7824E1A6ECD3}\2456C6B696E6F5E413F575962756C6563737 F5549393038373 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{39E13C18-BCDC-4FB4-AD7E-7824E1A6ECD3}\25F68726F627F65776860284F6D656028457 26 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{39E13C18-BCDC-4FB4-AD7E-7824E1A6ECD3}\7596649602A5F6E65602D2024586560234C6 F65746 : DhcpNameServer = 10.5.160.31 10.5.160.32 10.1.5.5
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dl l C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
BHO-X64: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMed iabarDx.dll
BHO-X64: MediaBar - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO-X64: BitTorrentBar - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\s wg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMed iabarDx.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMen u.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStart Menu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dl l C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rippa\AppData\Roaming\Mozilla\Firefox\Pro files\neizbxb6.default\
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GBfficial
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: C:\Users\Rippa\AppData\Roaming\Mozilla\Firefox\Pro files\neizbxb6.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Rippa\AppData\Roaming\Mozilla\Firefox\Pro files\neizbxb6.default\extensions\engine@conduit.c om\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Rippa\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\windows\system32\Drivers\avgldx64.sys --> C:\windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\windows\system32\Drivers\avgmfx64.sys --> C:\windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Free Network Redirector x64;C:\windows\system32\Drivers\avgtdia.sys --> C:\windows\system32\Drivers\avgtdia.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/04/07 17:48:48];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-4-15 146928]
R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
R2 ASTSRV;Nalpeiron Licensing Service;C:\Windows\System32\ASTSRV.EXE [2010-11-16 57344]
R2 avg9emc;AVG Free E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-9-16 921952]
R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-9-16 308136]
R2 nlsInterface;Nalpeiron Licensing Service 64-bit;C:\windows\system32\nlsInterface.exe --> C:\windows\system32\nlsInterface.exe [?]
R2 Rezip;Rezip;C:\Windows\SysWOW64\Rezip.exe [2010-4-7 311296]
R2 Sentinel64;Sentinel64;C:\windows\system32\Drivers\ Sentinel64.sys --> C:\windows\system32\Drivers\Sentinel64.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\windows\system32\DRIVERS\rtl819xp.sys --> C:\windows\system32\DRIVERS\rtl819xp.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
S2 Adobe Licensing Console;Adobe Licensing Console;C:\Windows\System32\msvfd32.exe [2011-2-16 818087]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-1 135664]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssflt r.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-1 135664]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
S3 L6UX1;Service - Line 6 UX1;C:\windows\system32\Drivers\L6UX164.sys --> C:\windows\system32\Drivers\L6UX164.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-27 04:39:20 -------- d-----w- C:\Users\Rippa\AppData\Roaming\Avid
2011-07-27 04:08:44 -------- d-----w- C:\windows\SysWow64\MEDIA
2011-07-27 04:07:27 53248 ----a-r- C:\Users\Rippa\AppData\Roaming\Microsoft\Installer \{66E2D70A-54CA-4EAB-A5FF-F10EAC397400}\ARPPRODUCTICON.exe
2011-07-27 04:07:13 53248 ----a-r- C:\Users\Rippa\AppData\Roaming\Microsoft\Installer \{3E7F8AAD-FC81-47D9-901A-1B7A37DD0AEC}\ARPPRODUCTICON.exe
2011-07-27 04:05:43 -------- d-----w- C:\Program Files (x86)\Common Files\Avid
2011-07-27 01:53:46 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-07-27 01:53:37 -------- d-----w- C:\Users\Rippa\AppData\Roaming\uTorrent
2011-07-27 01:53:37 -------- d-----w- C:\Users\Rippa\AppData\Local\uTorrent
2011-07-24 07:48:06 -------- d-----w- C:\Users\Rippa\AppData\Roaming\Malwarebytes
2011-07-24 07:47:59 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-24 07:47:58 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-24 07:47:55 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-07-24 07:47:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-24 02:05:16 63488 --sha-r- C:\windows\SysWow64\igfcg500mb.dll
2011-07-24 01:43:19 -------- d-----w- C:\ProgramData\Avid
2011-07-24 01:31:54 142120 ----a-w- C:\windows\System32\drivers\sentinel64.sys
2011-07-24 01:31:47 -------- d-----w- C:\Program Files (x86)\Common Files\SafeNet Sentinel
2011-07-24 01:30:47 53248 ----a-r- C:\Users\Rippa\AppData\Roaming\Microsoft\Installer \{D01FF451-B79C-4C98-85DB-7C8C5AD9DC32}\ARPPRODUCTICON.exe
2011-07-24 01:29:51 53248 ----a-r- C:\Users\Rippa\AppData\Roaming\Microsoft\Installer \{84B1B745-128C-47C5-84BF-97ECA9E676D2}\ARPPRODUCTICON.exe
2011-07-24 01:29:50 -------- d-----w- C:\Program Files\Common Files\Avid
2011-07-24 01:28:51 53248 ----a-r- C:\Users\Rippa\AppData\Roaming\Microsoft\Installer \{4017D3E4-FFFD-49ED-A935-95B3CA027D69}\ARPPRODUCTICON.exe
2011-07-24 01:28:51 -------- d-----w- C:\Program Files\Common Files\PACE
2011-07-24 01:14:55 -------- d-----w- C:\Program Files (x86)\Licenses
2011-07-24 01:14:49 -------- d-----w- C:\Program Files (x86)\Avid
2011-07-20 03:05:37 -------- d-----w- C:\Users\Rippa\AppData\Roaming\KORG
2011-07-20 03:00:03 -------- d-----w- C:\ProgramData\KORG
2011-07-20 02:59:47 -------- d-----w- C:\Program Files (x86)\Common Files\KORG
2011-07-16 20:48:54 -------- d-----w- C:\Program Files\Common Files\SONiVOX
2011-07-16 20:48:28 86528 ----a-w- C:\windows\SysWow64\drivers\tpkd.sys
2011-07-16 20:48:28 55808 ----a-w- C:\windows\SysWow64\zlib1.dll
2011-07-16 20:48:28 203264 ----a-w- C:\windows\SysWow64\libpng13.dll
2011-07-16 20:47:16 -------- d-----w- C:\Program Files (x86)\SONiVOX
2011-07-16 20:45:30 -------- d-----w- C:\ProgramData\SONiVOX
2011-07-13 16:07:59 -------- d-----w- C:\windows\pss
2011-07-11 20:08:27 69632 ----a-w- C:\windows\SysWow64\NI_DFD_KOMPAKT.dll
2011-07-11 20:08:27 69632 ----a-w- C:\windows\SysWow64\NI_DFD_1_2_9.dll
2011-07-11 20:08:27 69632 ----a-w- C:\windows\SysWow64\NI_DFD_1_2_7.dll
2011-07-11 20:08:27 69632 ----a-w- C:\windows\SysWow64\NI_DFD_1_2_4.dll
2011-07-11 20:08:27 69632 ----a-w- C:\windows\SysWow64\NI_DFD.dll
2011-07-11 20:08:27 65536 ----a-w- C:\windows\SysWow64\NI_DFD_1_2_8.dll
2011-07-09 23:47:06 -------- d-----w- C:\Program Files (x86)\Steinberg
2011-07-09 17:13:32 -------- d-----w- C:\Program Files (x86)\Arturia
2011-07-09 17:09:02 -------- d-----w- C:\ProgramData\Arturia
2011-07-09 12:10:25 163840 ----a-w- C:\windows\SysWow64\ArtFfct.dll
2011-07-09 12:10:25 1177600 ----a-w- C:\windows\SysWow64\SYNSOAiR.DLL
2011-07-07 13:25:39 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-07 13:25:39 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-07 13:25:24 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-07 08:19:41 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-07-06 15:32:57 197120 ----a-w- C:\windows\System32\d3d10_1.dll
2011-07-06 15:32:57 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2011-07-06 15:32:54 461312 ----a-w- C:\windows\System32\drivers\srv.sys
2011-07-06 15:32:54 399872 ----a-w- C:\windows\System32\drivers\srv2.sys
2011-07-06 15:32:54 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys
2011-07-06 15:32:51 861184 ----a-w- C:\windows\System32\oleaut32.dll
2011-07-06 15:32:51 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2011-07-06 15:32:44 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-07-06 15:32:43 740864 ----a-w- C:\windows\SysWow64\inetcomm.dll
2011-07-06 15:15:43 -------- d-----w- C:\Program Files (x86)\Common Files\Kodak
2011-07-06 15:13:52 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2011-07-06 15:13:51 -------- d-----w- C:\Program Files (x86)\Kodak
2011-07-06 15:12:42 -------- d-----w- C:\ProgramData\Kodak
.
==================== Find3M ====================
.
2011-06-11 0244 3134464 ----a-w- C:\windows\System32\win32k.sys
2011-06-02 06:45:22 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\windows\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\windows\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-06-02 06:39:54 422400 ----a-w- C:\windows\System32\KernelBase.dll
2011-06-02 06:35:56 338944 ----a-w- C:\windows\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-06-02 0528 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-06-02 0506 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-06-02 05:54:51 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-06-02 05:54:50 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-06-02 03:51:00 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-06-02 03:50:59 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-06-02 03:45:49 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-05-24 1159 404992 ----a-w- C:\windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\windows\SysWow64\drvinst.exe
2011-05-06 13:19:56 317520 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2011-05-05 11:09:10 544256 ----a-w- C:\windows\SysWow64\mmclient.dll
2011-05-04 05:30:38 2326016 ----a-w- C:\windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\windows\SysWow64\SearchProtocolHost.exe
2011-05-04 02:51:08 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
.
============= FINISH: 3:53:14.72 ===============

Attatch.txt Results:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 25/08/2010 1147
System Uptime: 27/07/2011 14:18:00 (13 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R580/R590
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | CPU 1 | 917/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 75.768 GiB free.
D: is FIXED (NTFS) - 225 GiB total, 0.006 GiB free.
E: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Addictive Drums
Adobe AIR
Adobe Community Help
Adobe Dreamweaver CS5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.4.4
Akamai NetSession Interface
Alchemy
Alien Skin Eye Candy 6
Aneesoft 3D Flash Gallery
Aneesoft Flash Gallery Classic GOTD Edition
Antares Auto-Tune 5 VST
Antares Auto-Tune Evo VST
Antares Autotune VST RTAS TDM v5.08
AnyPC Client
Apple Application Support
Apple Software Update
Ares 2.1.6
ARP2600 V2 2.0
ASIO4ALL
Atheros Client Installation Program
µTorrent
Audacity 1.3.12 (Unicode)
AVG Free 9.0
Avid EDL Manager
Avid FilmScribe
Avid Log Exchange
Avid Media Composer
Avid MediaLog
BatteryLifeExtender
BitTorrent
BitTorrentBar Toolbar
BTHomeHub
Camel Audio Cameleon 5000 v1.7 VSTi
CCScore
Championship Manager 01-02
ChargeableUSB
Classic Drum Machines Volume 1.0
Compatibility Pack for the 2007 Office system
Conduit Engine
CyberLink Blu-ray Disc Suite
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDVD 8
CyberLink PowerProducer
CyberLink YouCam
discoDSP Discovery v2.4
DivX Setup
Download Updater (AOL LLC)
Drumaxx
East West EWQLSO Gold Edition
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
Edirol HQ Orchestral v1.01
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
EZ Vinyl Converter 2.0.0 by MixMeister
FabFilter Volcano VST RTAS v2.02
FairStars MP3 Recorder 2.20
FileZilla Client 3.3.4.1
FL Studio 10
FL Studio 9
FL Studio 9.8
FM Genie Scout 11 version 1.00
Football Manager 2011 Russian
Freez Screen Video Capture v1.2
GForce - Minimonsta
Gladiator full
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
IL Download Manager
IL Harmless
Image Line ToxicIII v1.41 VSTi
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
K-Lite Codec Pack 6.4.0 (Basic)
K-Tuner
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Lennar Digital Sylenth VSTi v1.2.1
Line 6 Uninstaller
Linplug Albino v2.1
LiquidInstrument Standalone 1.0
LiquidInstrumentDXi2 1.0
LiquidInstrumentRTAS 1.0
LiquidInstrumentVst 1.0
Luxonix Purity VSTi v1.1.2
LUXONIX Ravity(S) v1.4
Magic ISO Maker v5.5 (build 0281)
Malwarebytes' Anti-Malware version 1.51.1.1800
Marvell Miniport Driver
MediaBar
Messenger Plus! 5
MetaSync
Microsoft Choice Guard
Microsoft Corporation
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 5.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MusicLab RealGuitar 2.0
Native Instruments Absynth 5
Native Instruments B4 II
Native Instruments Intakt
Native Instruments Massive v1.0.1.008 VSTi DXi RTAS
Native Instruments Pro-53
Native Instruments Service Center
Nepheton
netbrdg
Note Detector
Notifier
OfotoXMI
PCDADDIN
PCDHELP
PoiZone
QuickTime
Rapture 1.0
Reaktor 5
Reaktor 5 Addon
RealStrat 1.0
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Reason 4.0
ReFX Beast VSTi v1.0
reFX Nexus VSTi RTAS v2.2.0
reFX Vanguard 1.7.2
Rob Papen BLUE Version 1.7.0
Rob Papen Predator V1.1.0
Sakura
SampleTron
Samsung R-Series
Samsung Recovery Solution 4
Samsung Support Center
Samsung Update Plus
SamsungMovie
Sawer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sentinel Protection Installer 7.4.0
SFR
SHASTA
SKIN0001
SKINXSDK
Skype™ 5.3
Softube FET Compressor VST RTAS v1.0.3
Sonic Charge Synplant 1.0
SONiVOX DVI Symphonic Ensemble Brass
Spotify
staticcr
Steinberg The Grand VSTi DXi v2.1.0
Syncrosoft's License Control
T-RackS 3 Deluxe
tooltips
Toxic Biohazard
Tunatic
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2553975)
User Guide
VC80CRTRedist - 8.0.50727.4053
Vegas Pro 9.0
Vember Audio SURGE
VirSyn Poseidon VSTi RTAS v1.4.0
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.1.9
VPRINTOL
Waves Mercury Bundle
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
winpcap-nmap 4.02
WIRELESS
Wondershare Flash Gallery Factory Deluxe 5.0.1
Youtube Downloader HD v. 2.2
.
==== Event Viewer Messages From Past Week ========
.
28/07/2011 03:48:29, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
27/07/2011 0506, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aspi32
27/07/2011 05:19:51, Error: Service Control Manager [7000] - The Adobe Licensing Console service failed to start due to the following error: The system cannot find the file specified.
27/07/2011 05:18:51, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\Aspi32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
.
==== End Of File ===========================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Here we go

ComboFix 11-07-27.03 - Rippa 28/07/2011 4:10.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3957.2318 [GMT 1:00]
Running from: c:\users\Rippa\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\Lp_setup.exe
c:\users\Public\Documents\dll
c:\users\Rippa\AppData\Roaming\Microsoft\AdjMmsVis ta.dll
c:\windows\SysWow64\msvfd32.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-28 )))))))))))))))))))))))))))))))
.
.
2011-07-28 03:22 . 2011-07-28 03:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-28 03:04 . 2011-07-28 03:08 -------- d-----w- C:\32788R22FWJFW
2011-07-27 04:39 . 2011-07-27 04:39 -------- d-----w- c:\users\Rippa\AppData\Roaming\Avid
2011-07-27 04:08 . 2011-07-27 04:08 -------- d-----w- c:\windows\SysWow64\MEDIA
2011-07-27 04:07 . 2011-07-27 04:07 53248 ----a-r- c:\users\Rippa\AppData\Roaming\Microsoft\Installer \{66E2D70A-54CA-4EAB-A5FF-F10EAC397400}\ARPPRODUCTICON.exe
2011-07-27 04:07 . 2011-07-27 04:07 53248 ----a-r- c:\users\Rippa\AppData\Roaming\Microsoft\Installer \{3E7F8AAD-FC81-47D9-901A-1B7A37DD0AEC}\ARPPRODUCTICON.exe
2011-07-27 04:05 . 2011-07-27 04:08 -------- d-----w- c:\program files (x86)\Common Files\Avid
2011-07-27 01:53 . 2011-07-27 01:53 -------- d-----w- c:\program files (x86)\uTorrent
2011-07-27 01:53 . 2011-07-27 03:57 -------- d-----w- c:\users\Rippa\AppData\Roaming\uTorrent
2011-07-27 01:53 . 2011-07-27 01:53 -------- d-----w- c:\users\Rippa\AppData\Local\uTorrent
2011-07-24 07:48 . 2011-07-24 07:48 -------- d-----w- c:\users\Rippa\AppData\Roaming\Malwarebytes
2011-07-24 07:47 . 2011-07-06 18:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-24 07:47 . 2011-07-24 07:47 -------- d-----w- c:\programdata\Malwarebytes
2011-07-24 07:47 . 2011-07-24 07:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-24 07:47 . 2011-07-06 18:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-24 02:05 . 2011-07-24 02:05 63488 --sha-r- c:\windows\SysWow64\igfcg500mb.dll
2011-07-24 01:43 . 2011-07-27 04:39 -------- d-----w- c:\programdata\Avid
2011-07-24 01:31 . 2007-04-27 06:40 142120 ----a-w- c:\windows\system32\drivers\sentinel64.sys
2011-07-24 01:31 . 2011-07-24 01:31 -------- d-----w- c:\program files (x86)\Common Files\SafeNet Sentinel
2011-07-24 01:30 . 2011-07-24 01:30 53248 ----a-r- c:\users\Rippa\AppData\Roaming\Microsoft\Installer \{D01FF451-B79C-4C98-85DB-7C8C5AD9DC32}\ARPPRODUCTICON.exe
2011-07-24 01:29 . 2011-07-24 01:29 53248 ----a-r- c:\users\Rippa\AppData\Roaming\Microsoft\Installer \{84B1B745-128C-47C5-84BF-97ECA9E676D2}\ARPPRODUCTICON.exe
2011-07-24 01:29 . 2011-07-24 01:30 -------- d-----w- c:\program files\Common Files\Avid
2011-07-24 01:28 . 2011-07-24 01:28 53248 ----a-r- c:\users\Rippa\AppData\Roaming\Microsoft\Installer \{4017D3E4-FFFD-49ED-A935-95B3CA027D69}\ARPPRODUCTICON.exe
2011-07-24 01:28 . 2011-07-24 01:28 -------- d-----w- c:\program files\Common Files\PACE
2011-07-24 01:14 . 2011-07-24 01:14 -------- d-----w- c:\program files (x86)\Licenses
2011-07-24 01:14 . 2011-07-27 04:07 -------- d-----w- c:\program files (x86)\Avid
2011-07-20 03:05 . 2011-07-20 03:05 -------- d-----w- c:\users\Rippa\AppData\Roaming\KORG
2011-07-20 03:00 . 2011-07-20 03:00 -------- d-----w- c:\programdata\KORG
2011-07-20 02:59 . 2011-07-20 02:59 -------- d-----w- c:\program files (x86)\Common Files\KORG
2011-07-16 20:48 . 2011-07-16 20:48 -------- d-----w- c:\program files\Common Files\SONiVOX
2011-07-16 20:48 . 2008-07-02 16:03 86528 ----a-w- c:\windows\SysWow64\drivers\tpkd.sys
2011-07-16 20:48 . 2005-05-08 17:56 55808 ----a-w- c:\windows\SysWow64\zlib1.dll
2011-07-16 20:48 . 2005-05-08 17:55 203264 ----a-w- c:\windows\SysWow64\libpng13.dll
2011-07-16 20:47 . 2011-07-16 20:47 -------- d-----w- c:\program files (x86)\SONiVOX
2011-07-16 20:45 . 2011-07-16 20:45 -------- d-----w- c:\programdata\SONiVOX
2011-07-11 20:08 . 2004-02-25 17:19 69632 ----a-w- c:\windows\SysWow64\NI_DFD_1_2_9.dll
2011-07-11 20:08 . 2004-01-15 11:41 65536 ----a-w- c:\windows\SysWow64\NI_DFD_1_2_8.dll
2011-07-11 20:08 . 2003-12-15 15:02 69632 ----a-w- c:\windows\SysWow64\NI_DFD_1_2_7.dll
2011-07-11 20:08 . 2003-12-15 15:02 69632 ----a-w- c:\windows\SysWow64\NI_DFD.dll
2011-07-11 20:08 . 2003-12-04 11:47 69632 ----a-w- c:\windows\SysWow64\NI_DFD_KOMPAKT.dll
2011-07-11 20:08 . 2003-12-04 11:47 69632 ----a-w- c:\windows\SysWow64\NI_DFD_1_2_4.dll
2011-07-09 23:47 . 2011-07-09 23:47 -------- d-----w- c:\program files (x86)\Steinberg
2011-07-09 17:13 . 2011-07-09 17:19 -------- d-----w- c:\program files (x86)\Arturia
2011-07-09 17:09 . 2011-07-09 17:09 -------- d-----w- c:\programdata\Arturia
2011-07-09 12:10 . 2009-10-19 21:34 1177600 ----a-w- c:\windows\SysWow64\SYNSOAiR.DLL
2011-07-09 12:10 . 2009-09-09 15:57 163840 ----a-w- c:\windows\SysWow64\ArtFfct.dll
2011-07-07 13:25 . 2011-07-07 13:25 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-07 13:25 . 2011-07-07 13:25 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-07 13:25 . 2011-07-07 13:25 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-07 08:19 . 2011-07-07 08:19 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-07-06 15:32 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-07-06 15:32 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-07-06 15:32 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-07-06 15:32 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-07-06 15:32 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-06 15:32 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-07-06 15:32 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-07-06 15:32 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-06 15:32 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-07-06 15:15 . 2011-07-06 15:15 -------- d-----w- c:\program files (x86)\Common Files\Kodak
2011-07-06 15:13 . 2011-07-06 15:15 -------- d-----w- c:\program files (x86)\Kodak
2011-07-06 15:12 . 2011-07-06 15:16 -------- d-----w- c:\programdata\Kodak
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-07-07 13:20 . 2011-04-10 21:07 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\UpdateableMarkup\markup.dll
2011-07-07 13:20 . 2011-04-10 21:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\dSM\StartResources.dll
2011-07-07 13:20 . 2011-04-10 21:07 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2011-06-02 05:56 . 2011-07-13 17:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-06 13:19 . 2010-09-16 12:05 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2011-05-05 17:18 . 2011-05-05 17:18 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\UpdateableMarkup-2\markup.dll
2011-05-05 17:17 . 2011-05-05 17:17 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\dSM-2\StartResources.dll
2011-05-05 11:09 . 2011-05-05 11:09 544256 ----a-w- c:\windows\SysWow64\mmclient.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMed iabarDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 21:58 3913000 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-01-06 14:06 721840 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-11-13 21:58 3913000 ----a-w- c:\program files (x86)\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMe diabarDx.dll" [2009-12-20 87480]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2011-03-25 400760]
"ares"="c:\program files (x86)\Ares\Ares.exe" [2010-07-10 1015808]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMen u.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" [2009-05-19 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-04-29 75048]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStart Menu.exe" [2008-12-03 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datam ngr\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\system32\msvfd32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 135664]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 L6UX1;Service - Line 6 UX1;c:\windows\system32\Drivers\L6UX164.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/04/07 17:48];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-04-15 14:28 146928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2010-09-16 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-09-16 308136]
S2 nlsInterface;Nalpeiron Licensing Service 64-bit;c:\windows\system32\nlsInterface.exe [x]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\ Sentinel64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 13:57]
.
2011-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 13:57]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-01-06 14:06 1057712 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.d ll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-09 16413288]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datam ngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.d ll c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.bearshare.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183 CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: line6.net
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Rippa\AppData\Roaming\Mozilla\Firefox\Pro files\neizbxb6.default\
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GBfficial
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-East West EWQLSO Gold Edition - f:\ewqlsoge\UNWISE.EXE
AddRemove-FL Studio 10 - c:\program files (x86)\Image-Line\FL Studio 9\uninstall.exe
AddRemove-FL Studio 9 - c:\program files (x86)\Image-Line\FL Studio 9.1\uninstall.exe
AddRemove-FL Studio 9.8 - c:\program files (x86)\Image-Line\FL Studio 9\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{ FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-61187059-1334297750-2548552277-1001\Software\G*e*n*i*e*"!\FM Genie Scout 11]
"GameDir"="c:\\Users\\Rippa\\Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"=""
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\Rippa\\Documents\\Spo rts Interactive\\Football Manager 2011"
"SaveDir"="c:\\Users\\Rippa\\Documents\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="c:\\FM Genie Scout 11\\History Points"
"LangDB"="c:\\FM Genie Scout 11\\lang_db.dat"
"LastSaveGame"="c:\\Users\\Rippa\\Documents\\Sport s Interactive\\Football Manager 2011\\games\\Barcelona.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009ec3
"VersionOf"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000081
"UniqueID"="B6-AC60-EF9F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000001
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000001
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUt il10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10 g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10 g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10 g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10 g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-28 04:40:49
ComboFix-quarantined-files.txt 2011-07-28 03:40
.
Pre-Run: 82,952,417,280 bytes free
Post-Run: 87,841,722,368 bytes free
.
- - End Of File - - 37AFCE8A2F137FB0AD3D1FC5DBEBB44D

How is redirection?

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- c:\windows\SysWow64\igfcg500mb.dll
If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

Hi! The redirect seems to have disappeared now, thank you! I tried uploading that file but when I try I get the message "igfcg500mb.dll You don't have permission to open this file. Contact the file owner or an administrator to obtain permission." Any suggestions? Note that I am using an admin account on this laptop. Thanks again!

Good news

Copy that file to your desktop and try to upload it from there.

It won't let me copy it to my desktop....

Take ownership of that file: Add "Take Ownership" to Explorer Right-Click Menu in Win 7 or Vista - How-To Geek