"Unable to connect to the Service" after Chinese malware

[ClanOS]

Background: I've had MBAM installed on my computer for years. After I got hit with a load (And I mean a LOAD - Stuff from tencent to no publisher to some chinese name) after running a sketchy installer (I know, I know. Don't run untrusted .exe files...) Malwarebytes has stopped working on my computer. Whenever I boot up and whenever I try to run it, I get the message, "Unable to connect to the Service". Relevantly, I also have Discord installed on my computer. Whenever I try to run it (Or it runs on startup) it's unable to connect to the Discord server as well. Both of these have started occuring after I ran the sketchy installer. Additionally, the viruses seem to have invalidated the license of Malwarebytes- I had to clear the viruses using Hitmanpro, f-secure, and SUPERantispyware, and then delete the publisher data before trying to re-installed. Twice, I've run mbam-clean and re-installed Malwarebytes. The error still exists, even after restart.

On a related note, today I noticed some more malware. Specifically, vmxclient.exe hogging some ram. I haven't run any .exe s today. Is it possible I'm somehow rootkitted, or is there a different way to make time-delayed activation virus? f-secure didn't catch vmxclient.exe in its Memory scan, worryingly enough.

[Aura]

Hi ClanOS

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

• As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
• As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
• The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
• If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
• If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
• Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
• I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
• In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
• I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
  This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
  

This being said, it's time to clean-up some malware, so let's get started, shall we?

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
 
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/
 
If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after. 

[ClanOS]

23 hours ago, Aura said:

Hi ClanOS

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

• As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
• As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
• The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
• If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
• If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
• Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
• I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
• In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
• I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
  This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;

This being said, it's time to clean-up some malware, so let's get started, shall we?

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
 
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/
 
If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after. 

Hey. Still running the scan, just wanted to give you a quick update while it runs.

Firstly, thanks for helping me out! I really appreciate it and I'll do my best to be as responsive as possible

Secondly, my computer's a bit potato, so the scan is taking a while.

Thirdly, I don't know if this is normal, but so far it's detected 9642 items. Gulp.

Fourthly, again, I don't know if this is normal, or just an artifact of my computer being potato. When I first ran it, it gave me the, "Could not load DDA Driver" prompt. After a manual restart, things seem to be working normally. I've used Process Lasso to bump up mbar's priority as high as it can go, and it still freezes occasionally (Windows "Is not responding" prompt, window gets a white sheen.). Once, I tried killing it after it froze. It didn't seem to want to die, Task Manager or otherwise, so I restarted. I created a dump file first. Are you going to want that? Now it seems to occasionally get stuck scanning a certain file, but leaving it for a while resolves the issue, it seems.

[Aura]

Quote

Secondly, my computer's a bit potato, so the scan is taking a while.

Understandable. I know it'll take a while already since SmartService drops a lot of files on the system.

Quote

Thirdly, I don't know if this is normal, but so far it's detected 9642 items. Gulp.

Normal, hence my comment above

Quote

Fourthly, again, I don't know if this is normal, or just an artifact of my computer being potato. When I first ran it, it gave me the, "Could not load DDA Driver" prompt. After a manual restart, things seem to be working normally. I've used Process Lasso to bump up mbar's priority as high as it can go, and it still freezes occasionally (Windows "Is not responding" prompt, window gets a white sheen.). Once, I tried killing it after it froze. It didn't seem to want to die, Task Manager or otherwise, so I restarted. I created a dump file first. Are you going to want that? Now it seems to occasionally get stuck scanning a certain file, but leaving it for a while resolves the issue, it seems.

MBAR can have a hard time scanning a system infected with SmartService. It really depends on how many files SS dropped, and your computer specs. However, if you close all your other programs, leave the MBAR window open and do not touch the computer till MBAR is done scanning (it can take up to hours on some systems), then I guarantee you that it'll eventually go through.

[ClanOS]

2 hours ago, Aura said:

Understandable. I know it'll take a while already since SmartService drops a lot of files on the system.

Normal, hence my comment above

MBAR can have a hard time scanning a system infected with SmartService. It really depends on how many files SS dropped, and your computer specs. However, if you close all your other programs, leave the MBAR window open and do not touch the computer till MBAR is done scanning (it can take up to hours on some systems), then I guarantee you that it'll eventually go through.

Oh, it took hours. Hours and hours. Still, Malwarebytes still displays the "Unable to connect to the Service" error. Log file is attached.

EDIT: Curiously, I had discovered scvmx and dataup on my computer, including their precise file locations before running the scan (Mainly due to scvmx eating memory like mad, and dataup being in the same folder) but no scan run on the folders returned any positives, and it seemed impervious to even SUPERdelete file removal included with SUPERantispyware. Do files in the Windows directory get special privileges or something?

mbar-log-2017-07-28 (19-11-44).txt

Edited July 29, 2017 by ClanOS
Additional info

[Aura]

Files in the %windir% (C:\Windows) have permissions different from the rest of the files on the system, yes.

Now, if Malwarebytes still throws you the "Unable to connect the service" error, uninstall it and reinstall it. It should do the trick.

Malwarebytes - Clean Mode

• Download and install the free version of Malwarebytes
  Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
• Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
• Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
• Let the scan run, the time required to complete the scan depends of your system and computer specs;
• Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
  
  • If it asks you to restart your computer to complete the removal, do so;
    
• Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;
  

[ClanOS]

7 hours ago, Aura said:

Files in the %windir% (C:\Windows) have permissions different from the rest of the files on the system, yes.

Now, if Malwarebytes still throws you the "Unable to connect the service" error, uninstall it and reinstall it. It should do the trick.

Malwarebytes - Clean Mode

• Download and install the free version of Malwarebytes
  Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
• Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
• Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
• Let the scan run, the time required to complete the scan depends of your system and computer specs;
• Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
  • If it asks you to restart your computer to complete the removal, do so;
• Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

 

Once again, thanks for the help: Below is the copy-pasted summary.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/29/17
Scan Time: 3:09 PM
Log File: 
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2464
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Meepo\George

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 450815
Threats Detected: 2029
Threats Quarantined: 2029
Time Elapsed: 16 min, 2 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 141
PUP.Optional.UCBrowser, HKU\S-1-5-18\SOFTWARE\UCBrowser, Delete-on-Reboot, [1310], [403633],1.0.2464
PUP.Optional.InstallCore, HKU\S-1-5-21-2383111392-567966768-2532307980-1000\SOFTWARE\csastats, Delete-on-Reboot, [2], [260986],1.0.2464
PUP.Optional.UCBrowser, HKU\S-1-5-21-2383111392-567966768-2532307980-1000\SOFTWARE\UCBrowser, Delete-on-Reboot, [1310], [403633],1.0.2464
PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\CONSOLE\TASKENG.EXE, Delete-on-Reboot, [8379], [408199],1.0.2464
PUP.Optional.InstallCore, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\csastats, Delete-on-Reboot, [2], [260986],1.0.2464
PUP.Optional.UCBrowser, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\UCBrowser, Delete-on-Reboot, [1310], [403633],1.0.2464
PUP.Optional.SearchManager, HKU\S-1-5-21-2383111392-567966768-2532307980-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [503], [183362],1.0.2464
PUP.Optional.UCBrowser, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\UCBrowserPID, Delete-on-Reboot, [1310], [403634],1.0.2464
PUP.Optional.YeaDesktop, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\YeaDesktop, Delete-on-Reboot, [1477], [391400],1.0.2464
PUP.Optional.SearchManager, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [503], [183362],1.0.2464
PUP.Optional.WinYahoo, HKU\S-1-5-21-2383111392-567966768-2532307980-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT, Delete-on-Reboot, [71], [262014],1.0.2464
PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\UCBrowser.exe, Delete-on-Reboot, [1310], [396224],1.0.2464
PUP.Optional.ProductSetup, HKU\S-1-5-21-2383111392-567966768-2532307980-1000\SOFTWARE\PRODUCTSETUP, Delete-on-Reboot, [13826], [242047],1.0.2464
PUP.Optional.BlockAdsPro, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BlockAdsPro, Delete-on-Reboot, [8593], [419770],1.0.2464
PUP.Optional.Searchy, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}, Delete-on-Reboot, [6947], [415599],1.0.2464
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [503], [260991],1.0.2464
PUP.Optional.ProductSetup, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\PRODUCTSETUP, Delete-on-Reboot, [13826], [242047],1.0.2464
PUP.Optional.YeaDesktop, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Yeadesktop_RASAPI32, Delete-on-Reboot, [1477], [409418],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09, Delete-on-Reboot, [5444], [406765],1.0.2464
PUP.Optional.UCBrowser, HKU\S-1-5-21-2383111392-567966768-2532307980-1008\SOFTWARE\UCBrowser, Delete-on-Reboot, [1310], [403633],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB, Delete-on-Reboot, [5444], [406766],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884, Delete-on-Reboot, [5444], [406767],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE, Delete-on-Reboot, [5444], [406768],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF, Delete-on-Reboot, [5444], [406769],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF, Delete-on-Reboot, [5444], [406770],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7, Delete-on-Reboot, [5444], [406773],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59, Delete-on-Reboot, [5444], [406774],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09, Delete-on-Reboot, [5444], [406765],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB, Delete-on-Reboot, [5444], [406766],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A, Delete-on-Reboot, [5444], [406775],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F, Delete-on-Reboot, [5444], [406778],1.0.2464
PUP.Optional.SpeeDownloader, HKLM\SOFTWARE\Speedownloader0099, Delete-on-Reboot, [7935], [384272],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884, Delete-on-Reboot, [5444], [406767],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC, Delete-on-Reboot, [5444], [406779],1.0.2464
PUP.Optional.UCBrowser, HKLM\SOFTWARE\UCBrowser, Delete-on-Reboot, [1310], [407411],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159, Delete-on-Reboot, [5444], [406781],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01, Delete-on-Reboot, [5444], [406788],1.0.2464
PUP.Optional.WinYahoo, HKU\S-1-5-21-2383111392-567966768-2532307980-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Delete-on-Reboot, [71], [254683],1.0.2464
PUP.Optional.WinYahoo, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Delete-on-Reboot, [71], [254683],1.0.2464
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Delete-on-Reboot, [71], [254683],1.0.2464
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Delete-on-Reboot, [71], [254683],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE, Delete-on-Reboot, [5444], [406768],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF, Delete-on-Reboot, [5444], [406787],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF, Delete-on-Reboot, [5444], [406769],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF, Delete-on-Reboot, [5444], [406783],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF, Delete-on-Reboot, [5444], [406770],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C, Delete-on-Reboot, [5444], [406784],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D, Delete-on-Reboot, [5444], [406789],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7, Delete-on-Reboot, [5444], [406773],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E, Delete-on-Reboot, [5444], [406823],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29, Delete-on-Reboot, [5444], [406822],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59, Delete-on-Reboot, [5444], [406774],1.0.2464
PUP.Optional.UCBrowser, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\UCBrowser.exe, Delete-on-Reboot, [1310], [396224],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF, Delete-on-Reboot, [5444], [406790],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB, Delete-on-Reboot, [5444], [406791],1.0.2464
PUP.Optional.YeaDesktop, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YeaDesktop, Delete-on-Reboot, [1477], [391399],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A, Delete-on-Reboot, [5444], [406775],1.0.2464
PUP.Optional.WebOptimum, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0187837F-FA61-437D-9647-EE1E86233276}, Delete-on-Reboot, [1460], [253742],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F, Delete-on-Reboot, [5444], [406778],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF, Delete-on-Reboot, [5444], [406792],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC, Delete-on-Reboot, [5444], [406779],1.0.2464
PUP.Optional.WebOptimum, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CBB7A1EB-D3C4-45A9-A5C9-EFB40A22BF7E}, Delete-on-Reboot, [1460], [261889],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E, Delete-on-Reboot, [5444], [406793],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159, Delete-on-Reboot, [5444], [406781],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1, Delete-on-Reboot, [5444], [406821],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01, Delete-on-Reboot, [5444], [406788],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361, Delete-on-Reboot, [5444], [406806],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF, Delete-on-Reboot, [5444], [406787],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5, Delete-on-Reboot, [5444], [406807],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF, Delete-on-Reboot, [5444], [406783],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13, Delete-on-Reboot, [5444], [406812],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C, Delete-on-Reboot, [5444], [406784],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99, Delete-on-Reboot, [5444], [406811],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D, Delete-on-Reboot, [5444], [406789],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309, Delete-on-Reboot, [5444], [406810],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E, Delete-on-Reboot, [5444], [406823],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F, Delete-on-Reboot, [5444], [406809],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947, Delete-on-Reboot, [5444], [406804],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29, Delete-on-Reboot, [5444], [406822],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F, Delete-on-Reboot, [5444], [406805],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF, Delete-on-Reboot, [5444], [406790],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0, Delete-on-Reboot, [5444], [406803],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8, Delete-on-Reboot, [5444], [406802],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB, Delete-on-Reboot, [5444], [406791],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598, Delete-on-Reboot, [5444], [406801],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF, Delete-on-Reboot, [5444], [406792],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87, Delete-on-Reboot, [5444], [406799],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E, Delete-on-Reboot, [5444], [406793],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA, Delete-on-Reboot, [5444], [406798],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1, Delete-on-Reboot, [5444], [406821],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00, Delete-on-Reboot, [5444], [406797],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361, Delete-on-Reboot, [5444], [406806],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF, Delete-on-Reboot, [5444], [406796],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5, Delete-on-Reboot, [5444], [406807],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13, Delete-on-Reboot, [5444], [406812],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54, Delete-on-Reboot, [5444], [406795],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9, Delete-on-Reboot, [5444], [406786],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99, Delete-on-Reboot, [5444], [406811],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A, Delete-on-Reboot, [5444], [406785],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309, Delete-on-Reboot, [5444], [406810],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138, Delete-on-Reboot, [5444], [406777],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F, Delete-on-Reboot, [5444], [406809],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947, Delete-on-Reboot, [5444], [406804],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F, Delete-on-Reboot, [5444], [406805],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0, Delete-on-Reboot, [5444], [406803],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8, Delete-on-Reboot, [5444], [406802],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598, Delete-on-Reboot, [5444], [406801],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87, Delete-on-Reboot, [5444], [406799],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA, Delete-on-Reboot, [5444], [406798],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00, Delete-on-Reboot, [5444], [406797],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF, Delete-on-Reboot, [5444], [406796],1.0.2464
PUP.Optional.UCBrowser, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ucdrv, Delete-on-Reboot, [1310], [380111],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54, Delete-on-Reboot, [5444], [406795],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9, Delete-on-Reboot, [5444], [406786],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A, Delete-on-Reboot, [5444], [406785],1.0.2464
PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138, Delete-on-Reboot, [5444], [406777],1.0.2464
PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC Screenshot Control Builder, Delete-on-Reboot, [7], [308961],1.0.2464
PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SoftUpgrade, Delete-on-Reboot, [990], [260476],1.0.2464
PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UCBrowserSecureUpdater, Delete-on-Reboot, [1310], [380116],1.0.2464
PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UCBrowserUpdater, Delete-on-Reboot, [1310], [380116],1.0.2464
PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UCBrowserUpdaterCore, Delete-on-Reboot, [1310], [380116],1.0.2464
PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\beb7299b2b0d8a91a58faf055e360ed9, Delete-on-Reboot, [14606], [261569],1.0.2464
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [503], [260991],1.0.2464
PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{02F1E432-A954-4612-B236-2EEC2F8A9606}, Delete-on-Reboot, [990], [260475],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0390E12E-720C-4838-84E0-40EA24E96AE8}, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0D3701F9-A877-4441-8515-47B6485E9847}, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{17753457-4535-454C-9278-BD52461C15EB}, Delete-on-Reboot, [1310], [380117],1.0.2464
PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1B2A6260-2764-40DC-964B-DE6AFCADBBC0}, Delete-on-Reboot, [1310], [380117],1.0.2464
PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{36D012F9-340B-4713-AC4F-8CF6A97441F7}, Delete-on-Reboot, [7], [308958],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3B8EBECA-2008-4EEF-A32A-FA66327C145A}, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3F3167C2-3230-4C87-8D48-52BF9A632285}, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{41CE33B3-5FA8-4AD3-A884-0A4310AF92CE}, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{535B138D-A425-4EB6-9B00-12B13AF019A4}, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{64A2560A-5ECF-4F12-BCDC-7D0F63CC1C3C}, Delete-on-Reboot, [1310], [380117],1.0.2464
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6A8744AB-90D8-4D7B-BED0-3F53E310833B}, Delete-on-Reboot, [748], [335676],1.0.2464
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6D06F23E-0014-480A-BD53-0B1CC5F01127}, Delete-on-Reboot, [452], [258705],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{778FEC7D-07AF-4BC2-ADC0-29B8E6230C47}, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8BB2EAFE-0291-4D5E-9B7A-ECB61804F2A3}, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BBF99526-EDF7-46DC-8385-9FCF9B3F342E}, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C9256332-5DE3-4AE5-8BB5-95D6B892DA4B}, Delete-on-Reboot, [748], [335673],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F25B63ED-6785-451D-926A-9206528A5137}, Delete-on-Reboot, [214], [259199],1.0.2464

Registry Value: 32
Adware.Elex.SHHKRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS|{5F51FFFE-7463-4220-B711-E5B9ACB8EDFE}, Delete-on-Reboot, [9], [357968],1.0.2464
PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Delete-on-Reboot, [8379], [408201],1.0.2464
PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Delete-on-Reboot, [8379], [408199],1.0.2464
PUP.Optional.WinYahoo, HKU\S-1-5-21-2383111392-567966768-2532307980-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|TABS, Delete-on-Reboot, [71], [261450],1.0.2464
PUP.Optional.WinYahoo, HKU\S-1-5-21-2383111392-567966768-2532307980-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT|FILENAME, Delete-on-Reboot, [71], [262014],1.0.2464
PUP.Optional.WinYahoo, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|TABS, Delete-on-Reboot, [71], [261450],1.0.2464
PUP.Optional.ProductSetup, HKU\S-1-5-21-2383111392-567966768-2532307980-1000\SOFTWARE\PRODUCTSETUP|TB, Delete-on-Reboot, [13826], [242047],1.0.2464
PUP.Optional.ProductSetup, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\PRODUCTSETUP|TB, Delete-on-Reboot, [13826], [242047],1.0.2464
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|CINPL-2.5CV16.09-BG.EXE, Delete-on-Reboot, [962], [260099],1.0.2464
PUP.Optional.YeaDesktop.ClnShrt, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|YEADESKTOP.EXE, Delete-on-Reboot, [1318], [396226],1.0.2464
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|URL, Delete-on-Reboot, [71], [254683],1.0.2464
PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\beb7299b2b0d8a91a58faf055e360ed9|DISPLAYNAME, Delete-on-Reboot, [14606], [261569],1.0.2464
PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{02F1E432-A954-4612-B236-2EEC2F8A9606}|PATH, Delete-on-Reboot, [990], [260475],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0390E12E-720C-4838-84E0-40EA24E96AE8}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0D3701F9-A877-4441-8515-47B6485E9847}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{17753457-4535-454C-9278-BD52461C15EB}|PATH, Delete-on-Reboot, [1310], [380117],1.0.2464
PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1B2A6260-2764-40DC-964B-DE6AFCADBBC0}|PATH, Delete-on-Reboot, [1310], [380117],1.0.2464
PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{36D012F9-340B-4713-AC4F-8CF6A97441F7}|PATH, Delete-on-Reboot, [7], [308958],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3B8EBECA-2008-4EEF-A32A-FA66327C145A}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3F3167C2-3230-4C87-8D48-52BF9A632285}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{41CE33B3-5FA8-4AD3-A884-0A4310AF92CE}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{535B138D-A425-4EB6-9B00-12B13AF019A4}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{64A2560A-5ECF-4F12-BCDC-7D0F63CC1C3C}|PATH, Delete-on-Reboot, [1310], [380117],1.0.2464
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6A8744AB-90D8-4D7B-BED0-3F53E310833B}|PATH, Delete-on-Reboot, [748], [335676],1.0.2464
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6D06F23E-0014-480A-BD53-0B1CC5F01127}|PATH, Delete-on-Reboot, [452], [258705],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{778FEC7D-07AF-4BC2-ADC0-29B8E6230C47}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8BB2EAFE-0291-4D5E-9B7A-ECB61804F2A3}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BBF99526-EDF7-46DC-8385-9FCF9B3F342E}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C9256332-5DE3-4AE5-8BB5-95D6B892DA4B}|PATH, Delete-on-Reboot, [748], [335673],1.0.2464
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F25B63ED-6785-451D-926A-9206528A5137}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464
PUP.Optional.UCBrowser, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{91805174-6A84-42EC-8E3A-E90311C0D394}, Delete-on-Reboot, [1310], [392932],1.0.2464
PUP.Optional.UCBrowser, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{2C288FB8-ADD3-4C7A-BBA6-16C544CA411D}, Delete-on-Reboot, [1310], [392932],1.0.2464

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 191
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\build, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\css, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\res, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\USERS\GEORGE\APPDATA\LOCAL\2345explorer, Delete-on-Reboot, [7], [308620],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#inread.anyclip.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#inread.anyclip.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#aka.spotxcdn.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#eereader.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#efreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#egreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#efreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#egreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#efreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#eereader.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#egreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#eereader.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\inread.anyclip.com\#com.junkbyte\Console, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\inread.anyclip.com\#com.junkbyte\Console, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\inread.anyclip.com\#com.junkbyte, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\inread.anyclip.com\#com.junkbyte, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\inread.anyclip.com\ac#, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\inread.anyclip.com\ac#, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\cdn.stickyadstv.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\cdn.stickyadstv.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\cdn.stickyadstv.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\inread.anyclip.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\inread.anyclip.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\aka.spotxcdn.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\egreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\efreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\eereader.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\eereader.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\efreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\egreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\eereader.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\efreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\egreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\PYJS2SBW, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\XVG6J6ZJ, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\QQ3VAAKF, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\https_www.thisisanfield.com_0.indexeddb.leveldb, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\IndexedDB\http_www.investopedia.com_0.indexeddb.leveldb, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\http_ads.avocet.io_0.indexeddb.leveldb, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\000\t\Paths, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\Origins, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\000\t, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\000, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\databases, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\IndexedDB, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\databases, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\IndexedDB, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\databases, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data643, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data644, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data646, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data647, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data648, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data649, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data650, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data652, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data653, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data654, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data655, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data657, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data658, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data659, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data660, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data661, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data662, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data663, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data664, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data665, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data666, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data668, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data669, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data670, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data671, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data672, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data673, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data674, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data675, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data676, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data677, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data678, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data679, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data680, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data681, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data684, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data686, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data688, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data689, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data690, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data604, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data605, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data606, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data608, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data609, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data610, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data611, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data613, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data614, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data615, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data616, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data618, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data619, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data620, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data622, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data623, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data626, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data628, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data629, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data630, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data691, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data631, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data632, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data633, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data634, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data635, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data636, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data638, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data639, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data640, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data641, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data651, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data601, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data603, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data693, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data694, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data698, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data700, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\dump, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\llssoft\winvmx, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\regtool, Delete-on-Reboot, [21], [383807],1.0.2464
Trojan.Clicker, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup, Delete-on-Reboot, [21], [383807],1.0.2464
Trojan.Clicker, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\ntuserlitelist, Delete-on-Reboot, [21], [383807],1.0.2464
PUP.Optional.InternetMonitor, C:\Users\George\AppData\Local\CrashRpt\UnsentCrashReports\BandwidthStat_394\Logs, Delete-on-Reboot, [11913], [182462],1.0.2464
PUP.Optional.InternetMonitor, C:\USERS\GEORGE\APPDATA\LOCAL\CRASHRPT\UNSENTCRASHREPORTS\BandwidthStat_394, Delete-on-Reboot, [11913], [182462],1.0.2464
PUP.Optional.YeaDesktop, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\YEADESKTOP, Delete-on-Reboot, [1477], [391395],1.0.2464
PUP.Optional.Imali, C:\USERS\GEORGE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL EXTENSION SETTINGS\MIGPPLBCNGHGLPAJIPGFAOKDIACFPKPJ, Delete-on-Reboot, [2252], [417846],1.0.2464
PUP.Optional.UCBrowser, C:\USERS\GEORGE\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\UC浏览器, Delete-on-Reboot, [1310], [396223],1.0.2464

File: 1665
PUP.Optional.UCBrowser, C:\USERS\GEORGE\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\UC浏览器.LNK, Delete-on-Reboot, [1310], [380124],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\build\background.js, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\build\constant.js, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\css\popup.css, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\6pm.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\amazon-de.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\amazon-jp.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\amazon.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\Ashford.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\Asos.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\Carters.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\ebay.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\gnc.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\Jomashop.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\letian.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\levi.com.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\NB.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\Nordstorm.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\Oshkosh.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\ralphlauren.com.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\Zappos.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\res\default_icon.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\res\icon.gif, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\res\icon_48.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\res\icon_64.png, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\background.html, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\contentscript.js, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\explugin.js, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\manifest.json, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\popup.html, Delete-on-Reboot, [7], [308620],1.0.2464
PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\popup.js, Delete-on-Reboot, [7], [308620],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data601\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data601\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data601\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data601\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data601\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data601\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data601\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data601\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data603\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data603\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data603\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data603\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data603\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data603\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data603\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data603\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data604\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data604\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data604\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data604\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data604\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data604\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data604\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data604\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data605\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data605\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data605\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data605\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data605\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data605\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data605\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data605\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data606\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data606\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data606\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data606\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data606\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data606\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data606\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data606\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data608\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data608\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data608\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data608\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data608\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data608\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data608\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data608\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data609\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data609\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data609\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data609\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data609\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data609\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data609\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data609\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data610\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data610\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data610\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data610\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data610\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data610\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data610\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data610\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data611\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data611\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data611\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data611\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data611\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data611\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data611\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data611\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data613\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data613\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data613\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data613\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data613\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data613\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data613\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data613\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data614\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data614\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data614\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data614\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data614\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data614\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data614\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data614\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data615\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data615\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data615\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data615\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data615\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data615\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data615\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data615\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data616\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data616\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data616\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data616\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data616\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data616\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data616\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data616\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\databases\Databases.db, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\databases\Databases.db-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\IndexedDB\http_www.investopedia.com_0.indexeddb.leveldb\000003.log, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\IndexedDB\http_www.investopedia.com_0.indexeddb.leveldb\CURRENT, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\IndexedDB\http_www.investopedia.com_0.indexeddb.leveldb\LOCK, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\IndexedDB\http_www.investopedia.com_0.indexeddb.leveldb\LOG, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\IndexedDB\http_www.investopedia.com_0.indexeddb.leveldb\MANIFEST-000001, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_sb.monetate.net_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_c.betrad.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_c.betrad.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_cdn.krxd.net_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_cdn.krxd.net_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_connexity.net_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_connexity.net_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_gateway.answerscloud.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_gateway.answerscloud.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_sb.monetate.net_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_widgets.outbrain.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_widgets.outbrain.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_www.fitnessmagazine.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_www.fitnessmagazine.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_connexity.net_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_connexity.net_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_shop.nordstrom.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_shop.nordstrom.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_www.blessyouboys.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_www.blessyouboys.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_www.businessinsider.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_www.businessinsider.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_www.macworld.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_www.macworld.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#aka.spotxcdn.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#eereader.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#efreader.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#egreader.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000001, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000002, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000003, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000004, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000005, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000006, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000007, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000008, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000009, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00000a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00000b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00000c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00000e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00000f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000010, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000011, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000012, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000013, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000014, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000015, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000016, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000017, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000018, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000019, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00001a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00001b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00001c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00001d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00001e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00001f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000020, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000022, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000023, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000024, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000025, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000026, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000027, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000028, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000029, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00002a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00002b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00002c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00002d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00002e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00002f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000030, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000031, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000032, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000033, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000034, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000036, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000037, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000038, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000039, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00003a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00003b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00003c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00003d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00003e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00003f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000040, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000041, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000042, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000043, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000044, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000045, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000046, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000047, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000048, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00004a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00004b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00004c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00004d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00004e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00004f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000050, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000051, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000054, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000055, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000057, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000058, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000059, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00005a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00005b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00005c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00005d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00005e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00005f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000061, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000062, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000064, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000065, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000066, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000067, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000068, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000069, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00006a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00006b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00006c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00006d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00006e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00006f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000070, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000071, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000072, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000073, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000074, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00000d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000021, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000035, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000049, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000060, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000075, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00008a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00009e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c6, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000da, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ee, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000103, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000117, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00012c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000140, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000156, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00016b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00017f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000193, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000076, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000077, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000078, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000079, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00007a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00007b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00007c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00007d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00007e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00007f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000080, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000081, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000082, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000083, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000084, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000085, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000086, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000087, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000089, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00008b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00008c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00008d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00008e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00008f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000090, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000091, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000092, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000093, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000094, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000095, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000096, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000097, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000098, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000099, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00009a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00009b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00009c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00009d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00009f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a4, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a5, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a6, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a7, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a8, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a9, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000aa, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ab, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ac, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ad, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ae, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000af, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b4, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b5, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b6, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b7, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b8, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b9, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ba, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000bb, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000bc, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000bd, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000be, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000bf, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c4, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c5, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c7, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c8, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c9, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ca, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000cb, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000cc, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000cd, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ce, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000cf, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d4, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d5, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d6, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d7, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d8, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d9, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000db, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000dc, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000dd, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000de, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000df, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e4, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e5, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e6, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e7, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e8, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e9, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ea, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ec, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ed, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ef, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000f1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000f2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000f3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000f4, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000f5, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000f6, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000f7, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000f8, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000f9, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000fa, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000fb, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000fc, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000fd, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000fe, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ff, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000100, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000101, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000102, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000104, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000105, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000106, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000107, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000108, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000109, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00010a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00010b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00010c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00010d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00010e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00010f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000110, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000111, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000112, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000113, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000114, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000115, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000116, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000119, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00011a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00011b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00011c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00011d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00011e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00011f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000120, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000121, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000122, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000123, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000124, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000126, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000127, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000128, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000129, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00012a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00012b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00012d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00012e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00012f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000130, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000131, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000132, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000133, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000134, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000135, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000136, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000137, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000138, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000139, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00013a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00013b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00013c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00013d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00013e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00013f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000141, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000142, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000143, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000144, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000145, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000146, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000147, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000148, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000149, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00014a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00014b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00014e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00014f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000150, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000151, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000152, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000153, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000154, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000155, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000157, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000158, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000159, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00015a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00015b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00015c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00015d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00015f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000160, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000161, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000162, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000163, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000164, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000165, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000166, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000167, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000168, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000169, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00016a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00016c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00016d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00016e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00016f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000170, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000171, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000172, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000173, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000174, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000175, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000176, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000177, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000178, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000179, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00017a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00017b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00017c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00017d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00017e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000180, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000181, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000182, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000183, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000184, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000185, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000186, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000187, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000188, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000189, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00018a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00018b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00018c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00018d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00018e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00018f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000190, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000191, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000192, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000194, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000195, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000196, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000197, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000198, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000199, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00019a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00019b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00019c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00019d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00019e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00019f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0001a0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0001a1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0001a2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0001a3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\QuotaManager, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\QuotaManager-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data618\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data618\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data618\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data618\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data618\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data618\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data618\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data618\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data619\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data619\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data619\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data619\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data619\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data619\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data619\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data619\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data620\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data620\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data620\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data620\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data620\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data620\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data620\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data620\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data622\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data622\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data622\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data622\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data622\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data622\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data622\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data622\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data623\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data623\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data623\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data623\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data623\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data623\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data623\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data623\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data626\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data626\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data626\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data626\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data626\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data626\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data626\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data626\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data628\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data628\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data628\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data628\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data628\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data628\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data628\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data628\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data629\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data629\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data629\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data629\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data629\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data629\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data629\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data629\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data630\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data630\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data630\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data630\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data630\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data630\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data630\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data630\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data631\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data631\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data631\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data631\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data631\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data631\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data631\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data631\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data632\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data632\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data632\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data632\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data632\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data632\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data632\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data632\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data633\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data633\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data633\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data633\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data633\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data633\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data633\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data633\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data634\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data634\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data634\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data634\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data634\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data634\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data634\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data634\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data635\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data635\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data635\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data635\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data635\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data635\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data635\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data635\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data636\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data636\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data636\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data636\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data636\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data636\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data636\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data636\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data638\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data638\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data638\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data638\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data638\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data638\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data638\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data638\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data639\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data639\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data639\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data639\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data639\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data639\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data639\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data639\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data640\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data640\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data640\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data640\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data640\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data640\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data640\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data640\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\databases\Databases.db, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\databases\Databases.db-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\000003.log, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\CURRENT, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\LOCK, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\LOG, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\MANIFEST-000001, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\https_connexity.net_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\https_connexity.net_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\https_www.heatandcool.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\https_www.heatandcool.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\https_www.wildtangent.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\https_www.wildtangent.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\http_connexity.net_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\http_connexity.net_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\http_www.blessyouboys.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\http_www.blessyouboys.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\inread.anyclip.com\ac#\_manager_any20170118-163652.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\inread.anyclip.com\analytics.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#eereader.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#efreader.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#egreader.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#inread.anyclip.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000001, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000003, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000004, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000005, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000006, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000007, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000008, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000009, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00000a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00000b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00000c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00000e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00000f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000010, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000011, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000012, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000013, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000014, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000015, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000016, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000017, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000018, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000019, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00001a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00001b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00001c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00001d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00001e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000020, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000022, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000023, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000024, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000025, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000026, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000027, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000028, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000029, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00002a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00002b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00002c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00002d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00002e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00002f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000030, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000031, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000032, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000033, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000034, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000036, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000037, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000038, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000039, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00003a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00003b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00003c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00003d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00003e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00003f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000040, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000041, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000042, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000043, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000044, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000045, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000046, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000047, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000048, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00004a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00004b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00004c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00004d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00004e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00004f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000050, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000051, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000052, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000053, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000054, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000055, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000056, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000057, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000058, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000059, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00005a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00005b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00005c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00005e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00005f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000060, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000061, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000062, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000063, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000064, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000065, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000066, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000067, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000068, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000069, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00006a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00006b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00006c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00006d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00006e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00006f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000070, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00000d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000021, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000035, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000049, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00005d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000071, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000085, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00009a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000af, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c5, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000072, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000073, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000074, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000075, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000076, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000077, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000078, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000079, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00007a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00007b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00007c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00007d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00007e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00007f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000080, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000081, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000082, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000083, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000084, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000087, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000088, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000089, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00008a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00008b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00008c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00008d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00008e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00008f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000090, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000091, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000092, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000093, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000094, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000095, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000096, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000097, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000098, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000099, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00009b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00009c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00009d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00009e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00009f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000a0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000a1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000a2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000a3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000a5, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000a6, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000a7, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000a8, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000a9, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000aa, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000ab, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000ac, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000ad, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000ae, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000b0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000b1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000b3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000b4, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000b5, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000b6, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000b7, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000b8, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000b9, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000ba, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000bb, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000bd, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000be, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000bf, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c4, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c6, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c7, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c8, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c9, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000ca, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000cb, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000cd, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000ce, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000cf, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000d0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000d2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000d3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000d4, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000d5, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000d6, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000d7, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000d8, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000d9, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000da, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\QuotaManager, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\QuotaManager-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data643\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data643\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data643\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data643\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data643\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data643\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data643\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data643\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data644\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data644\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data644\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data644\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data644\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data644\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data644\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data644\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data646\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data646\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data646\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data646\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data646\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data646\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data646\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data646\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data647\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data647\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data647\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data647\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data647\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data647\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data647\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data647\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data648\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data648\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data648\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data648\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data648\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data648\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data648\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data648\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data649\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data649\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data649\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data649\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data649\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data649\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data649\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data649\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data650\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data650\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data650\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data650\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data650\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data650\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data650\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data650\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data652\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data652\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data652\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data652\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data652\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data652\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data652\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data652\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data653\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data653\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data653\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data653\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data653\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data653\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data653\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data653\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data654\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data654\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data654\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data654\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data654\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data654\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data654\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data654\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data655\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data655\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data655\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data655\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data655\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data655\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data655\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data655\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data657\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data657\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data657\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data657\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data657\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data657\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data657\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data657\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data658\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data658\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data658\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data658\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data658\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data658\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data658\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data658\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data659\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data659\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data659\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data659\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data659\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data659\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data659\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data659\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data662\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data662\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data662\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data662\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data662\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data662\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data662\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data662\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data663\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data663\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data663\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data663\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data663\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data663\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data663\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data663\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data664\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data664\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data664\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data664\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data664\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data664\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data664\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data664\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data665\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data665\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data665\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data665\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data665\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data665\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data665\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data665\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data666\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data666\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data666\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data666\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data666\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data666\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data666\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data666\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data668\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data668\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data668\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data668\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data668\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data668\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data668\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data668\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data669\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data669\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data669\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data669\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data669\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data669\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data669\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data669\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data670\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data670\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data670\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data670\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data670\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data670\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data670\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data670\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data671\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data671\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data671\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data671\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data671\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data671\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data671\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data671\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data672\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data672\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data672\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data672\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data672\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data672\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data672\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data672\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data673\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data673\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data673\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data673\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data673\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data673\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data673\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data673\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data674\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data674\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data674\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data674\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data674\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data674\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data674\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data674\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data675\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data675\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data675\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data675\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data675\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data675\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data675\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data675\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data676\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data676\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data676\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data676\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data676\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data676\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data676\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data676\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data677\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data677\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data677\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data677\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data677\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data677\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data677\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data677\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data678\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data678\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data678\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data678\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data678\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data678\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data678\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data678\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data679\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data679\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data679\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data679\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data679\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data679\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data679\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data679\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data680\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data680\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data680\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data680\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data680\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data680\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data680\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data680\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data681\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data681\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data681\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data681\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data681\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data681\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data681\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data681\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data684\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data684\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data684\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data684\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data684\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data684\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data684\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data684\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data686\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data686\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data686\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data686\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data686\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data686\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data686\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data686\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data688\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data688\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data688\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data688\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data688\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data688\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data688\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data688\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data689\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data689\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data689\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data689\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data689\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data689\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data689\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data689\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data690\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data690\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data690\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data690\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data690\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data690\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data690\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data690\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data691\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data691\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data691\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data691\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data691\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data691\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data691\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data691\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\databases\Databases.db, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\databases\Databases.db-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\000\t\Paths\000003.log, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\000\t\Paths\CURRENT, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\000\t\Paths\LOCK, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\000\t\Paths\LOG, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\000\t\Paths\MANIFEST-000001, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\000\t\.usage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\Origins\000003.log, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\Origins\CURRENT, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\Origins\LOCK, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\Origins\LOG, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\Origins\MANIFEST-000001, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\https_www.thisisanfield.com_0.indexeddb.leveldb\000003.log, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\https_www.thisisanfield.com_0.indexeddb.leveldb\CURRENT, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\https_www.thisisanfield.com_0.indexeddb.leveldb\LOCK, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\https_www.thisisanfield.com_0.indexeddb.leveldb\LOG, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\https_www.thisisanfield.com_0.indexeddb.leveldb\MANIFEST-000001, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\http_ads.avocet.io_0.indexeddb.leveldb\000003.log, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\http_ads.avocet.io_0.indexeddb.leveldb\CURRENT, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\http_ads.avocet.io_0.indexeddb.leveldb\LOCK, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\http_ads.avocet.io_0.indexeddb.leveldb\LOG, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\http_ads.avocet.io_0.indexeddb.leveldb\MANIFEST-000001, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\https_www.thisisanfield.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\https_c.betrad.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\https_c.betrad.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\https_disqus.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\https_disqus.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\https_www.thisisanfield.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\https_www.youtube.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\https_www.youtube.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\http_connexity.net_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\http_connexity.net_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\http_nfl.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\http_nfl.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\http_www.complex.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\http_www.complex.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\inread.anyclip.com\ac#\_manager_any20170118-163652.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\inread.anyclip.com\analytics.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#eereader.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#efreader.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#egreader.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#inread.anyclip.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000001, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000003, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000004, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000006, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000007, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000008, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000009, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00000a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00000b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00000c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00000e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00000f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000010, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000011, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000012, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000013, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000014, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000015, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000016, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000017, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000018, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000019, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00001a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00001b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00001c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00001d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00001e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00001f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000020, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000022, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000023, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000024, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000025, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000026, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000027, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000028, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000029, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00002a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00002b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00002c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00002d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00002e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00002f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000030, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000031, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000032, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000033, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000034, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000036, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000037, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000038, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000039, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00003a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00003b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00003c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00003d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00003e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00003f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000040, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000041, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000042, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000043, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000044, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000045, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000046, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000047, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000048, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00004a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00004b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00004c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00004d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00004e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00004f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000050, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000051, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000052, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000053, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000054, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000055, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000056, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000057, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000058, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000059, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00005a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00005b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00005c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00005e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00005f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000060, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000061, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000062, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000063, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000064, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000065, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000066, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000067, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000068, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000069, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00006a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00006b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00006c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00006d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00006e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00006f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000070, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00000d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000021, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000035, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000049, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00005d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000071, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000086, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00009c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c4, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d8, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000073, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000074, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000075, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000076, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000077, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000078, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000079, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00007a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00007b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00007c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00007d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00007e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00007f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000080, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000081, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000082, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000083, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000084, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000085, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000087, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000088, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00008a, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00008b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00008c, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00008d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00008e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00008f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000090, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000091, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000093, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000094, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000095, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000096, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000097, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000098, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000099, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00009b, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00009d, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00009e, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00009f, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a4, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a5, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a6, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a7, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a8, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a9, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000aa, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000ab, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000ac, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000ad, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000ae, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000af, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b4, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b5, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b6, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b7, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b8, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b9, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000ba, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000bb, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000bc, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000bd, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000be, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000bf, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c5, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c6, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c7, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c8, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c9, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000ca, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000cb, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000cc, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000cd, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000ce, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000cf, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d4, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d5, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d6, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d7, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d9, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000da, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000db, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000dc, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000dd, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000de, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000df, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e4, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e5, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e6, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e7, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e8, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e9, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000ea, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\QuotaManager, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\QuotaManager-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data693\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data693\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data693\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data693\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data693\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data693\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data693\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data693\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data694\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data694\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data694\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data694\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data694\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data694\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data694\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data694\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data698\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data698\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data698\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data698\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data698\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data698\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data698\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data698\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data700\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data700\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data700\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data700\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data700\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data700\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data700\index, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data700\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464
Trojan.Clicker, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.exe, Delete-on-Reboot, [21], [383807],1.0.2464
Trojan.Clicker, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.ini, Delete-on-Reboot, [21], [383807],1.0.2464
Trojan.Clicker, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\help_dll.dll, Delete-on-Reboot, [21], [383807],1.0.2464
Trojan.Clicker, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\NTSVC.ocx, Delete-on-Reboot, [21], [383807],1.0.2464
Trojan.Clicker, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\regtool\regtool.exe, Delete-on-Reboot, [21], [383807],1.0.2464
PUP.Optional.YeaDesktop, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop\YeaDesktop.lnk, Delete-on-Reboot, [1477], [391395],1.0.2464
PUP.Optional.Imali, C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\migpplbcnghglpajipgfaokdiacfpkpj\000003.log, Delete-on-Reboot, [2252], [417846],1.0.2464
PUP.Optional.Imali, C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\migpplbcnghglpajipgfaokdiacfpkpj\CURRENT, Delete-on-Reboot, [2252], [417846],1.0.2464
PUP.Optional.Imali, C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\migpplbcnghglpajipgfaokdiacfpkpj\LOCK, Delete-on-Reboot, [2252], [417846],1.0.2464
PUP.Optional.Imali, C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\migpplbcnghglpajipgfaokdiacfpkpj\LOG, Delete-on-Reboot, [2252], [417846],1.0.2464
PUP.Optional.Imali, C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\migpplbcnghglpajipgfaokdiacfpkpj\LOG.old, Delete-on-Reboot, [2252], [417846],1.0.2464
PUP.Optional.Imali, C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\migpplbcnghglpajipgfaokdiacfpkpj\MANIFEST-000001, Delete-on-Reboot, [2252], [417846],1.0.2464
PUP.Optional.UCBrowser, C:\WINDOWS\TASKS\UCBROWSERUPDATERCORE.JOB, Delete-on-Reboot, [1310], [380114],1.0.2464
PUP.Optional.UCBrowser, C:\WINDOWS\TASKS\UCBROWSERUPDATER.JOB, Delete-on-Reboot, [1310], [380114],1.0.2464
PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\DRIVERS:X64, Delete-on-Reboot, [1310], [380119],1.0.2464
PUP.Optional.FullTab, C:\USERS\GEORGE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fulltab.com_0.localstorage, Delete-on-Reboot, [1981], [376100],1.0.2464
PUP.Optional.FullTab, C:\USERS\GEORGE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fulltab.com_0.localstorage-journal, Delete-on-Reboot, [1981], [376100],1.0.2464
PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\DRIVERS:UCDRV-X64.SYS, Delete-on-Reboot, [1310], [380118],1.0.2464
PUP.Optional.Imali, C:\USERS\GEORGE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_migpplbcnghglpajipgfaokdiacfpkpj_0.localstorage, Delete-on-Reboot, [2252], [417847],1.0.2464
PUP.Optional.Imali, C:\USERS\GEORGE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_migpplbcnghglpajipgfaokdiacfpkpj_0.localstorage-journal, Delete-on-Reboot, [2252], [417847],1.0.2464
PUP.Optional.FullTab, C:\USERS\GEORGE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.fulltabsearch.com_0.localstorage, Delete-on-Reboot, [1981], [376101],1.0.2464
PUP.Optional.FullTab, C:\USERS\GEORGE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.fulltabsearch.com_0.localstorage-journal, Delete-on-Reboot, [1981], [376101],1.0.2464
PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\TASKS\UCBrowserSecureUpdater, Delete-on-Reboot, [1310], [380115],1.0.2464
PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\TASKS\UCBrowserUpdater, Delete-on-Reboot, [1310], [380115],1.0.2464
PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\TASKS\UCBrowserUpdaterCore, Delete-on-Reboot, [1310], [380115],1.0.2464
PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\DRIVERS:X86, Delete-on-Reboot, [1310], [380120],1.0.2464
PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System Care Task, Delete-on-Reboot, [452], [241381],1.0.2464
PUP.Optional.UCBrowser, C:\USERS\GEORGE\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\UC浏览器\卸载UC浏览器.lnk, Delete-on-Reboot, [1310], [396223],1.0.2464

Physical Sector: 0
(No malicious items detected)

(end)

[Aura]

Good Now let's do a sweep with AdwCleaner and JRT.

AdwCleaner - Fix Mode

• Download AdwCleaner and move it to your Desktop;
• Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Accept the EULA (I accept), then click on Scan;
• Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes;
  
• Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
• After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
  

Junkware Removal Tool (JRT)

• Download Junkware Removal Tool (JRT) and move it to your Desktop;
• Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Press on any key to launch the scan and let it complete;
  
  Credits : BleepingComputer.com
• Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
  

Your next reply(ies) should therefore contain:

• Copy/pasted AdwCleaner clean log;
• Copy/pasted JRT log;
  

[ClanOS]

28 minutes ago, Aura said:

Good Now let's do a sweep with AdwCleaner and JRT.

AdwCleaner - Fix Mode

• Download AdwCleaner and move it to your Desktop;
• Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Accept the EULA (I accept), then click on Scan;
• Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes;
  
• Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
• After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

 

Junkware Removal Tool (JRT)

• Download Junkware Removal Tool (JRT) and move it to your Desktop;
• Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Press on any key to launch the scan and let it complete;
  
  Credits : BleepingComputer.com
• Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

 

Your next reply(ies) should therefore contain:

• Copy/pasted AdwCleaner clean log;
• Copy/pasted JRT log;

 

ADWCleaner Log:

# AdwCleaner 7.0.0.0 - Logfile created on Sat Jul 29 22:29:18 2017
# Updated on 2017/17/07 by Malwarebytes 
# Running on Windows 7 Ultimate (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\Tencent
Deleted: C:\Users\Mark\AppData\Roaming\Tencent
Deleted: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent
Deleted: C:\Users\Mark\AppData\Local\VirtualStore\Program Files (x86)\Tencent
Deleted: C:\Program Files (x86)\Common Files\freemake shared
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
Deleted: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯游戏
Deleted: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯游戏
Deleted: C:/Users\George\AppData\Roaming\\UpdateTask
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\llssoft
Deleted: C:\Users\George\AppData\Local\llssoft
Deleted: C:\Users\Mark\AppData\Roaming\RHEng
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\LavasoftTcpService
Deleted: C:\Users\Mark\AppData\Roaming\Search Protection

***** [ Files ] *****

Deleted: C:/\user.js
Deleted: C:\Windows\System32\drivers\TS888x64.sys
Deleted: C:\Windows\SysNative\drivers\TFsFltX64.sys
Deleted: C:\Windows\System32\lavasofttcpservice.dll
Deleted: C:\Windows\System32\LavasoftTcpServiceOff.ini
Deleted: C:\Windows\SysNative\LavasoftTcpServiceOff.ini
Deleted: C:\Windows\SysNative\LavasoftTcpService64.dll
Deleted: C:\ProgramData\pclunst.exe
Deleted: C:\ProgramData\Application Data\pclunst.exe
Deleted: C:\Users\All Users\pclunst.exe
Deleted: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\cfhwemi6.default\searchplugins\yahoo! powered.xml
Deleted: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\cfhwemi6.default\SEARCHPLUGINS\YAHOO! POWERED.XML

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: QQBrowser Udpater Task(Core)
Deleted: QQBrowser Udpater Task
Deleted: Microsoft\Windows\Windows Error Reporting\ErrorReporting

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\InstalledBrowserExtensions
Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKCU\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154}
Deleted: [Key] - HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKCU\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winsearch
Deleted: [Key] - HKLM\SOFTWARE\Speedownloader0099
Deleted: [Key] - HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Software\Speedownloader0099
Deleted: [Key] - HKCU\Software\Speedownloader0099
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{86F4A33C-E46F-4F98-8AAC-0A7F0D697C5E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{CE30957B-3180-41F0-838C-2F3E64BA24BA}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F77EC82F-0B3A-4E59-8B7C-0C132DDB60C0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{754DF2CE-51E8-4895-B53C-6381418B84AE}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{754DF2CE-51E8-4895-B53C-6381418B84AE}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{4C097DF1-0716-4FA1-84A9-025BC1E7B03F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{88260EA6-BC91-42DF-ABEF-4A683E8A3C23}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{EC0FA563-E0F2-406F-8659-1E728458A91E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{6E1533F0-E0B5-465A-9F16-98FF0C76D493}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{8519F1E4-E25B-42B1-B361-0C643F45CF11}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|AndroidServer.exe
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe
Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@qq.com/npqscall
Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@qq.com/npchrome
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
Deleted: [Value] - HKCU\SOFTWARE\Classes\.crx\OpenWithProgids|UCHTML.AssocFile.CRX
Deleted: [Value] - HKCU\SOFTWARE\Classes\.htm\OpenWithProgids|UCHTML.AssocFile.HTM
Deleted: [Value] - HKCU\SOFTWARE\Classes\.html\OpenWithProgids|UCHTML.AssocFile.HTML
Deleted: [Value] - HKCU\SOFTWARE\Classes\.mht\OpenWithProgids|UCHTML.AssocFile.MHT
Deleted: [Value] - HKCU\SOFTWARE\Classes\.shtm\OpenWithProgids|UCHTML.AssocFile.SHTM
Deleted: [Value] - HKCU\SOFTWARE\Classes\.shtml\OpenWithProgids|UCHTML.AssocFile.SHTML
Deleted: [Value] - HKCU\SOFTWARE\Classes\.webp\OpenWithProgids|UCHTML.AssocFile.WEBP
Deleted: [Value] - HKCU\SOFTWARE\Classes\.xht\OpenWithProgids|UCHTML.AssocFile.XHT
Deleted: [Value] - HKCU\SOFTWARE\Classes\.xhtml\OpenWithProgids|UCHTML.AssocFile.XHTML
Deleted: [Value] - HKLM\SOFTWARE\Classes\.crx\OpenWithProgids|UCHTML.AssocFile.CRX
Deleted: [Value] - HKLM\SOFTWARE\Classes\.htm\OpenWithProgids|UCHTML.AssocFile.HTM
Deleted: [Value] - HKLM\SOFTWARE\Classes\.html\OpenWithProgids|UCHTML.AssocFile.HTML
Deleted: [Value] - HKLM\SOFTWARE\Classes\.mht\OpenWithProgids|UCHTML.AssocFile.MHT
Deleted: [Value] - HKLM\SOFTWARE\Classes\.shtm\OpenWithProgids|UCHTML.AssocFile.SHTM
Deleted: [Value] - HKLM\SOFTWARE\Classes\.shtml\OpenWithProgids|UCHTML.AssocFile.SHTML
Deleted: [Value] - HKLM\SOFTWARE\Classes\.webp\OpenWithProgids|UCHTML.AssocFile.WEBP
Deleted: [Value] - HKLM\SOFTWARE\Classes\.xht\OpenWithProgids|UCHTML.AssocFile.XHT
Deleted: [Value] - HKLM\SOFTWARE\Classes\.xhtml\OpenWithProgids|UCHTML.AssocFile.XHTML
Deleted: [Key] - HKLM\SOFTWARE\betterads
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MeOptimum_x86
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Software\Installer
Deleted: [Key] - HKCU\Software\Installer
Deleted: [Key] - HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Software\msaver
Deleted: [Key] - HKCU\Software\msaver
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKCU\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Deleted: [Key] - HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Software\Hotspot
Deleted: [Key] - HKCU\Software\Hotspot
Deleted: [Key] - HKLM\SOFTWARE\betterads
Deleted: [Key] - HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Software\Amigo
Deleted: [Key] - HKCU\Software\Amigo
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

SearchProvider deleted: AOL - aol.com
SearchProvider deleted: AOL - aol.com
SearchProvider deleted: AOL - aol.com
SearchProvider deleted: Ask - ask.com
SearchProvider deleted: Ask - ask.com
SearchProvider deleted: Ask - ask.com

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [12633 B] - [2017/7/29 22:15:5]
C:/AdwCleaner/AdwCleaner[S1].txt - [12246 B] - [2017/7/29 22:21:36]
C:/AdwCleaner/AdwCleaner[S2].txt - [12315 B] - [2017/7/29 22:27:43]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

(END OF ADWCLEANER LOG)

JRT Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64 
Ran by George (Administrator) on 29/07/2017 at 18:34:49.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 12 

Successfully deleted: C:\ProgramData\DP0004.dat (File) 
Successfully deleted: C:\ProgramData\DT0001.dat (File) 
Successfully deleted: C:\ProgramData\DT0006.dat (File) 
Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\ProgramData\pc1data (Folder) 
Successfully deleted: C:\Users\Public\thunder network (Folder) 
Successfully deleted: C:\Windows\system32\newsoft (File) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B13UC901 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1PO8V6M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B13UC901 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1PO8V6M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\SysWOW64\REND95D.tmp (File) 

Registry: 6 

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\QMUdisk (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\TS888x64 (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\TsDefenseBt (Registry Key) 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5F815EE-1391-4A6C-A0DD-488E9A6EC0F2} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5F815EE-1391-4A6C-A0DD-488E9A6EC0F2} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{BB94CCC5-F838-412D-9760-28A307E376B5} (Registry Value) 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/07/2017 at 18:38:11.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

If I wanted to learn more about malware and IT Security on my own, where would you recommend I start?

Edited July 29, 2017 by ClanOS
Adding JRT Log

[Aura]

Quote

If I wanted to learn more about malware and IT Security on my own, where would you recommend I start?

I'll give you some helpful resources at the end of the clean-up. If you ever need more, you are free to PM me afterwards

Now, let's run a scan with FRST to see if there's anything left to remove.

Farbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

• Download the right version of FRST for your system:
  
  • FRST 64-bit
    
• Move the executable (FRST.exe or FRST64.exe) on your Desktop;
• Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
• Make sure the Addition.txt box is checked;
• Click on the Scan button;
  
• On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
• Copy and paste the content of both FRST.txt and Addition.txt in your next reply;
  

[ClanOS]

1 hour ago, Aura said:

I'll give you some helpful resources at the end of the clean-up. If you ever need more, you are free to PM me afterwards

Now, let's run a scan with FRST to see if there's anything left to remove.

Farbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

• Download the right version of FRST for your system:
  • FRST 64-bit
• Move the executable (FRST.exe or FRST64.exe) on your Desktop;
• Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
• Make sure the Addition.txt box is checked;
• Click on the Scan button;
  
• On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
• Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

 

FTST.txt :

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-07-2017
Ran by George (administrator) on MEEPO (30-07-2017 11:41:07)
Running from C:\Users\George\Desktop
Loaded Profiles: George (Available Profiles: Mark & new mark & George)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\George\AppData\Local\Vivaldi\Application\vivaldi.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Red Software) C:\Program Files\PDFescape Desktop\creator-ws.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
() C:\Windows\DAODx.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hammer & Chisel, Inc.) C:\Users\George\AppData\Local\Discord\app-0.0.297\Discord.exe
(Flux Software LLC) C:\Users\George\AppData\Local\FluxSoftware\Flux\flux.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Vivaldi Technologies AS) C:\Users\George\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\George\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\George\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\George\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\George\AppData\Local\Vivaldi\Application\vivaldi.exe
(Hammer & Chisel, Inc.) C:\Users\George\AppData\Local\Discord\app-0.0.297\Discord.exe
(Vivaldi Technologies AS) C:\Users\George\AppData\Local\Vivaldi\Application\vivaldi.exe
(Hammer & Chisel, Inc.) C:\Users\George\AppData\Local\Discord\app-0.0.297\Discord.exe
(Vivaldi Technologies AS) C:\Users\George\AppData\Local\Vivaldi\Application\vivaldi.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\Run: [Discord] => C:\Users\George\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\Run: [f.lux] => C:\Users\George\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC)
HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\MountPoints2: E - E:\INSTALL\SETUP.EXE
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CC775005-5A3A-4864-AC20-BB298AFF5B34}: [DhcpNameServer] 192.168.142.2
Tcpip\..\Interfaces\{D0A875C5-B33F-4450-9BFD-010AFF816B80}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F90945C9-1384-4CA5-AD99-D05B561498B4}: [DhcpNameServer] 192.168.116.1

Internet Explorer:
==================
HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\S-1-5-21-2383111392-567966768-2532307980-1009 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-04] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-04-02] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-07-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-02] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-07-04] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-02] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-2383111392-567966768-2532307980-1009 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-04] (Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [pdfescape_desktop_conv@pdfescape.com] - C:\Program Files\PDFescape Desktop\resources\pdfescapedesktopfirefoxextension
FF Extension: (PDFescape Desktop Creator) - C:\Program Files\PDFescape Desktop\resources\pdfescapedesktopfirefoxextension [2017-01-23] [not signed]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-08-16]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-11-24] (Unity Technologies ApS)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @gentek.com/thinclient -> C:\Users\Mark\AppData\Roaming\gentek\npthinclient.dll [No File]
FF Plugin-x32: @haitao.com/npHaitaoPlugin -> C:\Users\George\AppData\Local\htyh\application\htwebHelper.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-02] (Oracle Corporation)
FF Plugin-x32: @kingsfot.com/npkws -> C:\Program Files (x86)\Kingsoft\kingsoft antivirus\npkws.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2016-09-14] (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: PDFescape Desktop -> C:\Program Files (x86)\PDFescape Desktop\np-previewer.dll [2017-01-17] (Red Software)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.bcsdny.org
CHR NewTab: Default ->  Active:"chrome-extension://migpplbcnghglpajipgfaokdiacfpkpj/index.html"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&atb=v50-3_d
CHR DefaultSearchKeyword: Default -> duckduckgo.com_
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\George\AppData\Local\Google\Chrome\User Data\Default [2017-07-29]
CHR Extension: (Google Slides) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-06]
CHR Extension: (Google Docs) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-06]
CHR Extension: (Google Drive) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-06]
CHR Extension: (DuckDuckGo Search) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-05-07]
CHR Extension: (uBlock Origin) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-06-21]
CHR Extension: (Google Sheets) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-06]
CHR Extension: (Google Docs Offline) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-06]
CHR Extension: (Grammarly for Chrome) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-11]
CHR Extension: (Gmail) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-06]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aeppgfljjlhcnnbddcccndljodpdkpdh] -  <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1494024 2017-06-27] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation)
S4 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [887056 2014-07-10] (Disc Soft Ltd)
S3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-08-05] (Electronic Arts)
S3 PDFescape Desktop; C:\Program Files\PDFescape Desktop\ws.exe [2142184 2017-01-17] (Red Software)
S3 PDFescape Desktop CrashHandler; C:\Program Files\PDFescape Desktop\crash-handler-ws.exe [926184 2017-01-17] (Red Software)
R2 PDFescape Desktop Creator; C:\Program Files\PDFescape Desktop\creator-ws.exe [733672 2017-01-17] (Red Software)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2017-02-08] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 IpOverUsbSvc; "C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-24] (Disc Soft Ltd)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-09-16] (Disc Soft Ltd)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 GMLXD16Fltr; C:\Windows\System32\drivers\GMLXDFltr01.sys [19488 2016-05-27] (LXD Development, Inc.)
R2 hcmon; C:\Windows\System32\DRIVERS\hcmon.sys [83008 2017-02-20] () [File not signed]
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-07-28] ()
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-07-30] (Malwarebytes)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 sjcst; C:\Windows\system32\sjcsu64.sys [86352 2015-11-25] ()
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-09-08] (Oracle Corporation)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [66520 2017-03-21] () [File not signed]
R2 VMnetUserif; C:\Windows\System32\DRIVERS\vmnetuserif.sys [43992 2017-03-21] () [File not signed]
R2 vmx86; C:\Windows\System32\DRIVERS\vmx86.sys [88128 2017-03-21] () [File not signed]
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [93248 2016-09-30] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-30 11:41 - 2017-07-30 11:41 - 00018399 _____ C:\Users\George\Desktop\FRST.txt
2017-07-30 11:40 - 2017-07-30 11:41 - 00000000 ____D C:\FRST
2017-07-30 11:40 - 2017-07-30 11:40 - 02381312 _____ (Farbar) C:\Users\George\Desktop\FRST64.exe
2017-07-29 21:42 - 2017-03-21 19:13 - 00088128 _____ C:\Windows\system32\Drivers\vmx86.sys
2017-07-29 21:42 - 2016-09-30 01:11 - 00093248 _____ C:\Windows\system32\Drivers\vsock.sys
2017-07-29 21:42 - 2016-09-30 01:11 - 00069104 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2017-07-29 21:42 - 2016-09-30 01:11 - 00065008 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2017-07-29 21:41 - 2017-07-29 21:41 - 00001188 _____ C:\Users\Public\Desktop\VMware Workstation 12 Player.lnk
2017-07-29 21:41 - 2017-07-29 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2017-07-29 21:41 - 2017-07-29 21:41 - 00000000 ____D C:\Program Files\Common Files\VMware
2017-07-29 21:41 - 2017-03-21 19:18 - 01149416 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2017-07-29 21:41 - 2017-03-21 19:18 - 00400872 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2017-07-29 21:41 - 2017-03-21 19:18 - 00366568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2017-07-29 21:41 - 2017-03-21 19:01 - 00066520 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2017-07-29 21:41 - 2017-03-21 19:01 - 00046032 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys
2017-07-29 21:41 - 2017-03-21 19:01 - 00043992 _____ C:\Windows\system32\Drivers\vmnetuserif.sys
2017-07-29 21:41 - 2017-02-20 08:02 - 00083008 _____ C:\Windows\system32\Drivers\hcmon.sys
2017-07-29 21:37 - 2017-07-29 21:37 - 69902808 _____ C:\Users\George\Downloads\VMwarePlayer12.5.5.zip
2017-07-29 21:37 - 2017-07-29 21:37 - 00000000 ____D C:\Users\George\Downloads\VMwarePlayer12.5.5
2017-07-29 21:25 - 2017-07-29 21:32 - 2091008000 _____ C:\Users\George\Downloads\wt7-elite-1315.04.182016.iso
2017-07-29 18:38 - 2017-07-29 18:38 - 00002407 _____ C:\Users\George\Desktop\JRT.txt
2017-07-29 18:33 - 2017-07-29 18:33 - 01790024 _____ (Malwarebytes) C:\Users\George\Desktop\JRT.exe
2017-07-29 18:13 - 2017-07-29 18:29 - 00000000 ____D C:\AdwCleaner
2017-07-29 18:13 - 2017-07-29 18:13 - 08162248 _____ (Malwarebytes) C:\Users\George\Desktop\AdwCleaner.exe
2017-07-29 15:08 - 2017-07-30 11:37 - 00253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-29 15:08 - 2017-07-29 15:08 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-29 15:08 - 2017-07-29 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-29 15:08 - 2017-07-29 15:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-29 15:08 - 2017-06-27 12:06 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-29 15:01 - 2017-07-29 15:01 - 65033984 _____ (Malwarebytes ) C:\Users\George\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (2).exe
2017-07-28 17:41 - 2017-07-29 14:56 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-28 17:37 - 2017-07-28 17:37 - 00055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-07-28 17:34 - 2017-07-29 00:46 - 00000000 ____D C:\Users\George\Desktop\mbar
2017-07-28 17:34 - 2017-07-28 17:34 - 16564750 _____ (Malwarebytes Corp.) C:\Users\George\Downloads\mbar-1.09.4.1001.exe
2017-07-27 21:24 - 2017-07-27 21:25 - 65033984 _____ (Malwarebytes ) C:\Users\George\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (1).exe
2017-07-27 21:24 - 2017-07-27 21:24 - 00566128 _____ (Malwarebytes) C:\Users\George\Downloads\mbam-clean-2.3.0.1001.exe
2017-07-26 22:46 - 2017-07-26 22:46 - 00000222 _____ C:\Users\George\Desktop\Shadow Warrior.url
2017-07-26 20:43 - 2017-07-26 20:43 - 00496896 _____ C:\Users\George\Downloads\flux-setup.exe
2017-07-26 20:43 - 2017-07-26 20:43 - 00002046 _____ C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2017-07-26 20:43 - 2017-07-26 20:43 - 00000000 ____D C:\Users\George\AppData\Local\FluxSoftware
2017-07-23 21:16 - 2017-07-23 21:16 - 00000000 ____D C:\Users\George\Documents\Unnamed FantaSci Novel.scriv
2017-07-23 20:01 - 2017-07-23 20:01 - 00000000 ____D C:\Users\George\Downloads\ccl-1.11-windows
2017-07-23 20:00 - 2017-07-23 20:00 - 43050039 _____ C:\Users\George\Downloads\ccl-1.11-windows.zip
2017-07-22 23:08 - 2017-07-22 23:08 - 00003640 _____ C:\Users\George\Documents\betterantigua v3.svg
2017-07-22 23:06 - 2017-07-22 23:06 - 00003572 _____ C:\Users\George\Documents\betterantigua v2.svg
2017-07-21 01:39 - 2017-07-21 01:58 - 00017342 _____ C:\Users\George\Documents\Discussion Questions (Essay).odt
2017-07-20 21:44 - 2017-07-20 21:44 - 00000000 ____D C:\Users\George\Downloads\Beginning Ethical Hacking with Python  - True PDF - 4446 [ECLiPSE]
2017-07-20 18:48 - 2017-07-20 18:48 - 00000000 ____D C:\Users\new mark\AppData\Roaming\ProcessLasso
2017-07-20 18:48 - 2017-07-20 18:48 - 00000000 ____D C:\Users\new mark\AppData\Roaming\Adobe
2017-07-20 18:48 - 2017-07-20 18:48 - 00000000 ____D C:\Users\new mark\AppData\Local\TSVNCache
2017-07-20 18:47 - 2017-07-20 18:47 - 00000000 ____D C:\Users\Mark\AppData\Roaming\ProcessLasso
2017-07-20 03:52 - 2017-07-20 04:21 - 00024419 _____ C:\Users\George\Documents\We Need To Talk..odt
2017-07-17 12:07 - 2017-07-28 14:30 - 00000000 ____D C:\Users\George\AppData\Local\FSDART
2017-07-17 12:07 - 2017-07-27 23:36 - 00000000 ____D C:\ProgramData\F-Secure
2017-07-17 12:07 - 2017-07-17 12:07 - 00524248 _____ (F-Secure Corporation) C:\Users\George\Downloads\F-SecureOnlineScanner.exe
2017-07-17 12:07 - 2017-07-17 12:07 - 00000000 ____D C:\Users\George\AppData\Local\F-Secure
2017-07-17 11:45 - 2017-07-28 15:13 - 00003952 _____ C:\Windows\system32\.crusader
2017-07-17 10:39 - 2017-07-17 10:39 - 00021352 _____ C:\Users\George\Desktop\mb-check-results.zip
2017-07-17 10:37 - 2017-07-17 10:38 - 00000000 ____D C:\Users\George\AppData\Local\Discord
2017-07-17 10:37 - 2017-07-17 10:37 - 52553728 _____ (Hammer & Chisel, Inc.) C:\Users\George\Downloads\DiscordSetup.exe
2017-07-17 09:36 - 2017-07-17 11:45 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-17 09:35 - 2017-07-17 09:36 - 11584088 _____ (SurfRight B.V.) C:\Users\George\Downloads\HitmanPro_x64.exe
2017-07-17 09:04 - 2017-07-29 15:07 - 00028859 _____ C:\Users\George\Desktop\mb-clean-results.txt
2017-07-17 09:03 - 2017-07-17 09:03 - 65033984 _____ (Malwarebytes ) C:\Users\George\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-17 08:58 - 2017-07-17 08:58 - 00841160 _____ (Malwarebytes) C:\Users\George\Downloads\mb-clean-3.1.0.1014.exe
2017-07-17 08:56 - 2017-07-17 08:57 - 02322896 _____ (Malwarebytes Corporation) C:\Users\George\Downloads\mb-check-3.1.5.1001.exe
2017-07-17 08:01 - 2017-07-17 08:01 - 00000000 ____D C:\Users\George\AppData\Local\ElevatedDiagnostics
2017-07-17 01:38 - 2017-07-17 01:38 - 00000000 ____D C:\Users\George\AppData\Local\Apps\2.0
2017-07-16 22:22 - 2017-07-17 07:50 - 00000000 ____D C:\SUPERDelete
2017-07-16 22:17 - 2017-07-16 22:17 - 00000000 ____D C:\extensions
2017-07-16 22:17 - 2017-07-16 22:17 - 00000000 ____D C:\chrome
2017-07-16 22:16 - 2017-07-16 23:23 - 00000000 ____D C:\ProgramData\WindowsErrorReporting
2017-07-16 22:16 - 2017-07-16 22:16 - 00001114 _____ C:\Users\George\Desktop\Играть в Dragon Knight.lnk
2017-07-16 22:16 - 2017-07-16 22:16 - 00001110 _____ C:\Users\George\Desktop\Play World Of Warships.lnk
2017-07-16 22:16 - 2017-07-16 22:16 - 00001102 _____ C:\Users\George\Desktop\Play Dragon Blood.lnk
2017-07-16 22:16 - 2017-07-16 22:16 - 00001098 _____ C:\Users\George\Desktop\Play Imperia Online.lnk
2017-07-16 22:16 - 2017-07-16 22:16 - 00001094 _____ C:\Users\George\Desktop\Play World Of Tanks.lnk
2017-07-16 22:16 - 2017-07-16 22:16 - 00001088 _____ C:\Users\George\Desktop\Play Warframe.lnk
2017-07-16 22:16 - 2017-07-16 22:16 - 00001088 _____ C:\Users\George\Desktop\Play Crossout.lnk
2017-07-16 22:16 - 2017-07-16 22:16 - 00001084 _____ C:\Users\George\Desktop\Play Warface.lnk
2017-07-16 22:16 - 2017-06-21 08:55 - 00000332 _____ C:\Users\George\Desktop\Download Video and Audio Online.lnk
2017-07-16 22:15 - 2017-07-16 22:15 - 00001082 _____ C:\Users\George\Desktop\Play WarThunder.lnk
2017-07-16 22:15 - 2017-07-16 22:15 - 00000000 ____D C:\Users\George\AppData\Local\CrashRpt
2017-07-16 22:13 - 2017-07-16 22:13 - 00000000 ____D C:\Users\George\AppData\Roaming\c
2017-07-16 22:13 - 2017-07-16 22:13 - 00000000 ____D C:\Users\George\AppData\Local\begnowsj
2017-07-14 00:00 - 2017-07-14 00:00 - 00051630 _____ C:\Windows\uninstaller.dat
2017-07-13 17:18 - 2017-07-17 08:27 - 00000000 ____D C:\Users\George\Heaven
2017-07-13 17:18 - 2017-07-13 17:18 - 00728064 _____ C:\Users\George\AppData\Local\file__0.localstorage
2017-07-13 17:05 - 2017-07-13 17:13 - 258728440 _____ (Unigine Corp. ) C:\Users\George\Downloads\Unigine_Heaven-4.0.exe
2017-07-11 20:09 - 2017-07-11 20:09 - 00750680 _____ C:\Users\George\Downloads\flux-setup4.exe
2017-07-10 22:39 - 2017-07-10 22:39 - 00000000 ____D C:\Windows\system32\data
2017-07-10 22:39 - 2017-07-10 22:39 - 00000000 ____D C:\Users\George\AppData\Roaming\com.base.main.Main
2017-07-10 22:33 - 2017-07-10 22:33 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2017-07-10 22:33 - 2017-07-10 22:33 - 00000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-07-10 22:28 - 2017-07-10 22:28 - 02216944 _____ C:\Users\George\Downloads\winrar-x64-55b5.exe
2017-07-09 21:29 - 2017-07-20 03:52 - 00000000 ____D C:\Users\George\.atom
2017-07-09 21:29 - 2017-07-09 21:30 - 00000000 ____D C:\Users\George\AppData\Roaming\Atom
2017-07-09 21:29 - 2017-07-09 21:29 - 00002135 _____ C:\Users\George\Desktop\Atom.lnk
2017-07-09 21:29 - 2017-07-09 21:29 - 00000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-07-09 21:27 - 2017-07-09 21:30 - 00000000 ____D C:\Users\George\AppData\Local\atom
2017-07-09 21:23 - 2017-07-09 21:24 - 181252128 _____ (GitHub Inc.) C:\Users\George\Downloads\AtomSetup-x64.exe
2017-07-08 10:35 - 2017-07-08 10:35 - 41715320 _____ (Vivaldi Technologies AS) C:\Users\George\Downloads\Vivaldi.1.10.867.46.exe
2017-07-06 22:46 - 2017-07-06 22:46 - 00000220 _____ C:\Users\George\Desktop\Garry's Mod.url
2017-07-06 20:10 - 2017-07-06 20:10 - 00000219 _____ C:\Users\George\Desktop\Left 4 Dead 2.url
2017-07-06 20:08 - 2017-07-06 20:08 - 00000222 _____ C:\Users\George\Desktop\FTL Faster Than Light.url
2017-07-01 22:17 - 2017-07-01 22:17 - 00000000 ____D C:\Users\George\AppData\Roaming\baidu
2017-07-01 22:17 - 2017-07-01 22:17 - 00000000 ____D C:\Users\George\AppData\Roaming\360se6
2017-07-01 22:17 - 2017-07-01 22:17 - 00000000 ____D C:\Users\George\AppData\Local\360chrome

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-30 11:38 - 2016-12-23 17:41 - 00000000 ____D C:\Users\George\AppData\Local\TSVNCache
2017-07-30 11:37 - 2017-06-23 14:11 - 00000000 ____D C:\ProgramData\VMware
2017-07-30 11:37 - 2016-07-14 14:54 - 00000278 _____ C:\Windows\Tasks\{22351821-B10C-D45F-1E7E-344ACE1788EB}.job
2017-07-30 11:37 - 2015-05-27 17:34 - 00000566 _____ C:\Windows\Tasks\quick_weather_updates_helper_service.job
2017-07-30 11:37 - 2014-09-16 17:29 - 00001460 _____ C:\Windows\Tasks\d6256d17-71cf-40f9-bc9c-9a806979253d.job
2017-07-30 11:37 - 2014-09-16 17:29 - 00001330 _____ C:\Windows\Tasks\TWTP.job
2017-07-30 11:37 - 2014-09-16 17:28 - 00001332 _____ C:\Windows\Tasks\FNAFN.job
2017-07-30 11:37 - 2014-09-16 17:28 - 00000626 _____ C:\Windows\Tasks\05b2e1f6-2431-4ff4-9cc6-b3da4906c824.job
2017-07-30 11:37 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-30 11:36 - 2014-09-05 22:58 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-30 11:36 - 2009-07-14 00:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-30 11:36 - 2009-07-14 00:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-30 02:00 - 2016-11-16 20:48 - 00000000 ____D C:\Users\George\AppData\Local\Adobe
2017-07-29 22:56 - 2017-06-23 14:15 - 00000000 ____D C:\Users\George\AppData\Local\VMware
2017-07-29 21:44 - 2017-06-23 14:28 - 00000000 ____D C:\Users\George\Documents\Virtual Machines
2017-07-29 21:44 - 2017-06-23 14:15 - 00000000 ____D C:\Users\George\AppData\Roaming\VMware
2017-07-29 21:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-07-29 21:41 - 2017-06-23 14:11 - 00000000 ____D C:\Program Files (x86)\VMware
2017-07-29 21:41 - 2014-08-24 22:01 - 00809244 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-07-29 19:53 - 2014-08-27 19:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-29 18:29 - 2015-06-24 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-07-29 18:26 - 2016-12-04 07:07 - 00000000 ____D C:\Users\George\AppData\Local\CrashDumps
2017-07-29 18:15 - 2015-01-16 17:57 - 00000000 ____D C:\Users\UpdatusUser
2017-07-29 18:02 - 2016-11-12 23:11 - 00000000 ____D C:\Users\George\AppData\Roaming\vlc
2017-07-29 15:12 - 2009-07-14 01:13 - 00804702 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-29 15:08 - 2017-01-28 22:19 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-28 19:27 - 2017-02-20 22:19 - 00000000 ____D C:\Users\George\AppData\Roaming\discord
2017-07-28 17:27 - 2017-06-16 05:10 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-07-28 17:15 - 2016-11-07 20:24 - 00000000 ____D C:\Users\George\AppData\Roaming\qBittorrent
2017-07-27 20:10 - 2016-11-26 07:44 - 00000000 ___HD C:\Users\George\AppData\Local\2ce9cdc060ac46c2
2017-07-27 20:10 - 2016-11-06 17:31 - 00001042 _____ C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-27 20:10 - 2016-07-29 00:54 - 00000000 ___HD C:\Users\Mark\AppData\Local\4b74a33042f8b5f7
2017-07-27 20:10 - 2015-12-05 16:15 - 00001042 _____ C:\Users\new mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-27 20:10 - 2014-08-24 21:17 - 00001042 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-26 22:46 - 2016-12-11 18:11 - 00000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-07-23 05:33 - 2015-01-14 00:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-22 14:12 - 2016-11-21 21:45 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-20 21:54 - 2015-08-14 09:56 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-07-17 11:46 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\PC Screenshot Control Builder
2017-07-17 11:45 - 2016-09-13 16:48 - 00000000 ____D C:\Users\Mark\Desktop\maplestory private server
2017-07-17 11:45 - 2016-01-25 16:47 - 00000000 ____D C:\Users\Mark\Documents\MEGAsync Downloads
2017-07-17 11:45 - 2014-09-12 20:24 - 00000000 ____D C:\Users\Mark\AppData\Roaming\BitTorrent
2017-07-17 11:45 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Winaphild
2017-07-17 10:39 - 2017-02-20 22:19 - 00000000 ____D C:\Users\George\AppData\Local\SquirrelTemp
2017-07-17 10:38 - 2017-02-20 22:19 - 00002127 _____ C:\Users\George\Desktop\Discord.lnk
2017-07-17 09:25 - 2016-07-14 14:53 - 00000344 __RSH C:\ProgramData\ntuser.pol
2017-07-17 09:10 - 2015-12-26 11:38 - 00000000 ____D C:\Windows\pss
2017-07-17 08:25 - 2014-08-29 21:32 - 00000000 ____D C:\Users\Mark\AppData\Local\Akamai
2017-07-17 08:22 - 2015-11-20 22:18 - 00000000 ____D C:\Users\Mark\AppData\Local\MyComGames
2017-07-17 08:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-07-17 08:01 - 2015-04-26 12:50 - 00000000 ____D C:\Users\Mark\AppData\Roaming\gentek
2017-07-16 23:02 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-07-16 22:59 - 2015-04-12 12:06 - 00000000 ____D C:\Suba Games
2017-07-16 22:58 - 2016-01-06 20:26 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suba Games
2017-07-16 22:29 - 2014-08-26 10:35 - 00000000 ____D C:\Windows\Minidump
2017-07-16 22:10 - 2014-08-24 21:52 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-15 23:31 - 2016-11-07 21:58 - 00000000 ____D C:\Users\George\Documents\My Games
2017-07-15 01:50 - 2017-06-25 06:43 - 00002220 _____ C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2017-07-15 01:50 - 2017-06-25 06:43 - 00002212 _____ C:\Users\George\Desktop\Vivaldi.lnk
2017-07-15 01:50 - 2017-06-25 06:42 - 00000000 ____D C:\Users\George\AppData\Local\Vivaldi
2017-07-13 17:18 - 2016-11-06 17:31 - 00000000 ____D C:\Users\George
2017-07-11 21:18 - 2016-10-13 14:19 - 00004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-07-11 21:18 - 2014-09-15 21:17 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-11 21:18 - 2014-09-15 21:17 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-11 21:18 - 2014-09-15 21:17 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-11 21:18 - 2014-09-15 21:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-10 22:33 - 2014-09-16 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

==================== Files in the root of some directories =======

2016-11-12 13:29 - 2017-05-12 16:01 - 0000387 _____ () C:\Users\George\AppData\Roaming\WB.CFG
2017-07-13 17:18 - 2017-07-13 17:18 - 0728064 _____ () C:\Users\George\AppData\Local\file__0.localstorage
2017-03-02 22:07 - 2017-03-02 22:07 - 0000848 _____ () C:\Users\George\AppData\Local\recently-used.xbel
2017-05-17 11:32 - 2017-05-17 11:32 - 0125952 _____ () C:\Users\George\AppData\Local\report
2016-02-07 19:43 - 2014-11-05 08:51 - 1654869 _____ (Dynu Systems Inc.) C:\ProgramData\DynuEncrypt.dll
2016-11-27 22:12 - 2016-11-27 22:12 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-05-28 14:31 - 2015-05-28 14:35 - 45447520 _____ () C:\ProgramData\PCMgrSetup.exe
2017-06-18 18:30 - 2017-06-18 18:30 - 0010255 _____ () C:\ProgramData\regid.2011-06.com.youtubebyclick_3C521B99-9ACE-47EA-AC9F-26075467D03B.swidtag

Files to move or delete:
====================
C:\ProgramData\DynuEncrypt.dll
C:\ProgramData\PCMgrSetup.exe
C:\Users\Mark\audacity-win-2-0-6.exe
C:\Users\Mark\main.exe
C:\Windows\Tasks\{22351821-B10C-D45F-1E7E-344ACE1788EB}.job

Some files in TEMP:
====================
2012-08-27 06:06 - 2012-08-27 06:06 - 0460160 ____R (Macrovision Corporation) C:\Users\Mark\AppData\Local\Temp\_is7B6.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-22 12:38

==================== End of FRST.txt ============================

 

 

 

 

 

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-07-2017
Ran by George (30-07-2017 11:42:38)
Running from C:\Users\George\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-08-25 01:16:26)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2383111392-567966768-2532307980-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2383111392-567966768-2532307980-1007 - Limited - Enabled)
George (S-1-5-21-2383111392-567966768-2532307980-1009 - Administrator - Enabled) => C:\Users\George
Guest (S-1-5-21-2383111392-567966768-2532307980-501 - Limited - Disabled)
Mark (S-1-5-21-2383111392-567966768-2532307980-1000 - Administrator - Enabled) => C:\Users\Mark
new mark (S-1-5-21-2383111392-567966768-2532307980-1008 - Administrator - Enabled) => C:\Users\new mark

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Application Profiles (HKLM-x32\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
AruaROSE version 940 (HKLM-x32\...\{8BF09025-5FD9-4026-9F7D-6B56791C7099}_is1) (Version: 940 - AruaROSE)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
ASUS Product Register Program (HKLM-x32\...\{C0B16F2E-3980-44F8-8CF4-F84696541FF7}) (Version: 1.0.018 - ASUSTek Computer Inc.)
Atom (HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\atom) (Version: 1.18.0 - GitHub Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Aura Kingdom (HKLM-x32\...\Aura Kingdom) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Beat Blades Haruka version 1.2 (HKLM-x32\...\{D3B9DE87-250F-4215-BCD4-B6494EFC8061}_is1) (Version: 1.2 - Mangagamer)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Blade & Soul (HKLM-x32\...\{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Bloons TD Battles (HKLM\...\Steam App 444640) (Version:  - Ninja Kiwi)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\{8A16FF47-A5FC-49A8-96B5-31180D317059}) (Version: 1.0.198 - CANON INC.) Hidden
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 1.0.198.10000 - CANON INC.)
Canon MF Toolbox 4.9.1.1.mf15 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf15 - CANON INC.)
Canon MF3010 (HKLM\...\{A97F4E18-3053-4652-B763-9A40AE2B1EE5}) (Version: 3.9.0.1 - CANON INC.)
Chivalry: Medieval Warfare (HKLM\...\Steam App 219640) (Version:  - Torn Banner Studios)
CloudNine (HKLM-x32\...\CloudNine) (Version: 1.0 - PlayRedFox)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.4.0.0280 - Disc Soft Ltd)
DataNumen CAB Repair v2.0 (HKLM-x32\...\DataNumen CAB Repair v2.0) (Version:  - )
DBO Global version 1.5 (HKLM-x32\...\{B2DB3414-D063-4F42-AE7C-9B9A33BE326E}_is1) (Version: 1.5 - DBO Global, Inc.)
Devilian PTS (HKLM-x32\...\Glyph Devilian PTS) (Version:  - Trion Worlds, Inc.)
DFO (HKLM-x32\...\{C1E5C0FB-527E-42C6-BCA0-0A37A6124AE4}) (Version: 1.01.0000 - Neople)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DiagnosticsHub_CollectionService (HKLM\...\{90A561D7-0C29-464D-94E1-2A7E1C553230}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Divinity - Original Sin (HKLM-x32\...\1207664923_is1) (Version: 2.11.0.21 - GOG.com)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dota 2 Test (HKLM\...\Steam App 205790) (Version:  - )
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
Dragon Saga (HKLM-x32\...\{909E068C-8FD6-4063-A65E-F95F5731A5EE}) (Version: 0.4.43 - Gravity Interactive, Inc)
DragonNest (HKLM-x32\...\{965BBE77-81BF-4067-88B6-ECD4983B13EA}) (Version: 1.00.0000 - EYEDENTITY GAMES)
DragonNest (HKLM-x32\...\DragonNest) (Version:  - )
Dream ACE Client version 4.5.0.76 (HKLM-x32\...\{0313B4DA-4ADD-49E8-930F-63D3A5E1E5B7}_is1) (Version: 4.5.0.76 - Dream ACE)
Dream of Mirror Online (HKLM-x32\...\{305734a7-c0c2-43cb-b1bf-d6e344958038}}_is1) (Version:  - Suba Games)
Dungeon Defenders II (HKLM-x32\...\Steam App 236110) (Version:  - Trendy Entertainment)
Dungeon Fighter Online (HKLM\...\Steam App 495910) (Version:  - Neople)
Echo of Soul (HKLM-x32\...\Echo of Soul) (Version:  - )
Eden Eternal (HKLM-x32\...\Eden Eternal) (Version:  - )
Elsword version v4.0813.5.1 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: v4.0813.5.1 - KOGGAMES)
Entropia Universe (HKLM-x32\...\Entropia Universe) (Version: 15.7.2.132404 - MindArk PE AB)
Eternal Fate (HKLM-x32\...\Steam App 317780) (Version:  - Escalation Studios, Inc)
Eternal Senia (HKLM-x32\...\Steam App 351640) (Version:  - Holy Priest)
EverEmber 2.00 (HKLM-x32\...\EverEmber 2.00) (Version:  - )
f.lux (HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\Flux) (Version:  - )
Falou Online (HKLM-x32\...\{F1938858-CEC4-49DE-A070-DAE6C10F34F7}) (Version: 1.0.0 - Falou Online) Hidden
Famaze (HKLM-x32\...\Steam App 297210) (Version:  - Oryx Design Lab)
FanFictionDownloader version 0.8.9 (HKLM-x32\...\{1D868954-1083-4BBA-8379-C7A9B2705CBA}_is1) (Version: 0.8.9 - Raimond Eisele)
Fiesta Online NA (HKLM-x32\...\Fiesta Online NA) (Version: 1.02.031 - Gamigo games)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
FlagMaker version 2.0 (HKLM-x32\...\{2B6EF3B7-735D-40C9-86B8-3B7BC1AE8150}_is1) (Version: 2.0 - )
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
FoxLv II 1.0.34 (HKLM-x32\...\{D8F37CA6-3DAC-4979-A2B2-DB85AAC83C78}_is1) (Version: 1.0.34 - FoxLv Online Network)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version:  - Subset Games)
Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge)
GameMaker: Player (HKLM-x32\...\GameMakerPlayer) (Version: 1.4.908.40001 - YoYo Games Ltd.)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Genymotion version 2.7.2 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.7.2 - Genymobile)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GodsWar Online (HKLM-x32\...\GodsWar Online_is1) (Version: 2.51.002 - Skyunion(IGG), Joyconnect Studio)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Granado Espada Online (HKLM-x32\...\Granado Espada Online_is1) (Version:  - IMC Games Co., Ltd.)
Grand Fantasia (HKLM-x32\...\Grand Fantasia) (Version:  - )
Grand Fantasia (HKLM-x32\...\Grand Fantasia2.0) (Version: 2.0 - IGNIT Games)
GrandChase is Back version 1.5 (HKLM-x32\...\{5C95E502-A38D-436C-B8F2-018A8453D214}_is1) (Version: 1.5 - grand chase reborn, Inc.)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HTML TADS Player Kit (HKLM-x32\...\htmltads.exe) (Version:  - )
HyperCam 4 (HKLM-x32\...\HyperCam 4 4.0.1511.06) (Version: 4.0.1511.06 - Solveig Multimedia)
icecap_collection_neutral (HKLM-x32\...\{64F3E6FC-68E3-4062-9C2C-ABD93FDFF309}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{0AD162D1-4973-4315-97E9-5DE9A92B4049}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{12C50688-5919-4A7A-8784-B26A7238FCEE}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{400E7885-8851-43F1-849C-5A720CB4F001}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
ILLUSION HoneySelect (HKLM-x32\...\{1F709DAC-507B-47DA-B04F-367EF5AA20B4}) (Version: 1.00.0000 - ILLUSION)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Insurgency (HKLM\...\Steam App 222880) (Version:  - New World Interactive)
IntelliJ IDEA Community Edition 2017.1.1 (HKLM-x32\...\IntelliJ IDEA Community Edition 2017.1.1) (Version: 171.4073.35 - JetBrains s.r.o.)
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{A0007ADE-F6F6-410F-822F-7522B4F0BFDE}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Jade Empire (HKLM-x32\...\{EEAA7AC3-F651-4842-86E0-4C755181388B}) (Version: 1.0.1.1 - Electronic Arts)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java SE Development Kit 8 Update 111 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180111}) (Version: 8.0.1110.14 - Oracle Corporation)
Java SE Development Kit 8 Update 112 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180112}) (Version: 8.0.1120.15 - Oracle Corporation)
JTTW Online Version 1.3.3.12 (HKLM-x32\...\{E881695E-3B18-4B6A-A716-0ED952457AE7}_is1) (Version: 1.3.3.12 - Shanghai Xiaoyou Info Tech Co.,Ltd.)
Julia Language 0.5.1 (HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\Julia 0.5.1) (Version:  - The Julia Project)
Karos Returns (HKLM-x32\...\Karos Returns) (Version: 1.5.0.0 - PlayRedfox)
Kits Configuration Installer (HKLM-x32\...\{0C05DE52-2C77-D6FA-A561-D508CF5FC96E}) (Version: 10.1.15063.137 - Microsoft) Hidden
La Tale (HKLM-x32\...\{08C5815C-2C6E-44f8-8748-0E61BC9AFB06}) (Version:  - )
Lamia Must Die (HKLM-x32\...\Steam App 385260) (Version:  - Tuomo Laine)
LastChaosUSA (HKLM-x32\...\{0AF3FEAE-B651-4421-97EF-4808A588B4E5}) (Version: 1.00.000 - Barunsongames CO., LTD.)
Launcher (HKLM\...\{67135CA7-472F-4EA9-954A-01C2D3E20DB4}) (Version: 1.0.0 - Square Enix Ltd.) Hidden
Launchpad Enhanced (HKLM-x32\...\{BAA11826-70EF-4E44-9E97-8476793E022F}) (Version: 0.05.000 - SWGEmu)
League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
LibreOffice 5.3.1.2 (HKLM\...\{9A2A4317-64E9-4631-997A-F2C4F8A512C7}) (Version: 5.3.1.2 - The Document Foundation)
Lineage II (HKLM-x32\...\{23664DA8-8872-4CF4-A2F2-327CC539823B}) (Version: 4.0.0.2 - NC Interactive, LLC)
Lucent Heart EN (HKLM-x32\...\{3C05F539-3641-4ED1-B88F-DEA9DAD620E3}) (Version: 8.00.0300 - Suba Games)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 SDK (HKLM-x32\...\{39BEF607-44E6-472B-90C1-BD62AA2B7A3F}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 Targeting Pack (HKLM-x32\...\{C07B4BC7-A37D-46A8-B2A3-620CC569D149}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8229.2103 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30640.0 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM-x32\...\{5CBDF0C2-6FD1-4A32-9A0A-143D9AB91CCE}) (Version: 7601 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
MSI Development Tools (HKLM-x32\...\{074120DA-7DA8-E059-BD8E-5750E97C6046}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Mu (HKLM-x32\...\{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}) (Version: 0.68 - )
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.6 - Black Tree Gaming)
Nostale(UK) (HKLM-x32\...\NosTale(UK)_is1) (Version:  - Gameforge 4D GmbH)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher US) (Version: 1.0.0 - OGPlanet, Inc.)
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher) (Version: 1.0.0 - OGPlanet, Inc.)
Onigiri_US (HKLM-x32\...\{E5A8486E-4E03-4F59-A44A-88399E341F41}) (Version: 1.00.0000 - CyberStep, Inc.)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Oracle VM VirtualBox 5.0.4 (HKLM\...\{FC191F32-1A67-4231-91D0-0059A57C99A8}) (Version: 5.0.4 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.11.2.10120 - Electronic Arts, Inc.)
paint.net (HKLM\...\{A1D05314-DC32-4668-A97E-51060EC8BCCE}) (Version: 4.0.12 - dotPDN LLC)
Path of Exile (HKLM-x32\...\{1098f580-12f4-4a6d-8d57-4f422e89e325}) (Version: 2.3.0.58224 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 2.3.0.58224 - Grinding Gear Games) Hidden
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PDFescape Desktop (HKLM-x32\...\PDFescape Desktop) (Version: 1.0.6.28181 - RedSoftware)
PDFescape Desktop Asian Fonts Pack (HKLM\...\{031A1BDD-A9EA-4617-8DA6-335C2A61B193}) (Version: 1.0.20.31528 - Red Software) Hidden
PDFescape Desktop Convert Module (HKLM\...\{91935FD9-E08A-4D2D-BA2F-AADE7FBE0C60}) (Version: 1.0.20.31528 - Red Software) Hidden
PDFescape Desktop Create Module (HKLM\...\{E4353769-84F5-4234-84A3-160C28F2AE8A}) (Version: 1.0.20.31528 - Red Software) Hidden
PDFescape Desktop Edit Module (HKLM\...\{66F29A3B-8941-4852-835A-FDEFE294C587}) (Version: 1.0.20.31528 - Red Software) Hidden
PDFescape Desktop Forms Module (HKLM\...\{EB30AF72-4FE0-4774-82FA-4E387E910327}) (Version: 1.0.20.31528 - Red Software) Hidden
PDFescape Desktop Insert Module (HKLM\...\{066060BD-1B5E-4662-8001-E0C317CA0E07}) (Version: 1.0.20.31528 - Red Software) Hidden
PDFescape Desktop Review Module (HKLM\...\{30E0B65D-ABF8-4984-B9F0-F9B674377EBB}) (Version: 1.0.20.31528 - Red Software) Hidden
PDFescape Desktop Secure Module (HKLM\...\{1B9A4CCB-FC0A-493D-8FDB-79EEE03A849D}) (Version: 1.0.20.31528 - Red Software) Hidden
PDFescape Desktop View Module (HKLM\...\{395D61FC-8793-4E93-806B-F7F85DAE08A0}) (Version: 1.0.20.31528 - Red Software) Hidden
Pirate King Online 1.1.9 (HKLM-x32\...\{D8F37CA6-3BAC-4979-A2B2-DB85AAC83C78}_is1) (Version: 1.1.9 - ServerDev)
PlayOnline Viewer & Tetra Master (HKLM-x32\...\{47004155-7376-403E-89E9-4C9F44AAF0D0}) (Version: 1.18.00 - SQUARE ENIX CO., LTD.) Hidden
PlayOnline Viewer & Tetra Master (HKLM-x32\...\InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}) (Version: 1.18.00 - SQUARE ENIX CO., LTD.)
Playtrickster version 1.1 (HKLM-x32\...\{794AF87D-6B0E-4CE2-900C-A3C9D527F70D}_is1) (Version: 1.1 - Privatia)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.9 - Power Software Ltd)
Presto! PageManager 7.15.38 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.38 - NewSoft Technology Corporation)
Prius Online (HKLM-x32\...\Prius Online) (Version: 1.0.1 - Prius Anima)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 9.0.0.360 - Bitsum)
Quest 5.6.3 (HKLM-x32\...\Quest_is1) (Version: 5.6.3 - Alex Warren)
Ragnarok Online (HKLM-x32\...\{181579B5-0028-4E01-AC27-97ED80352279}) (Version: 14.2.5 - Gravity Interactive, Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.13004.105 - raidcall.com)
RAN Online (HKLM-x32\...\RAN Online) (Version: 1.00 - GameSamba)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Red Stone (HKLM-x32\...\Red Stone for USA) (Version:  - )
RescueTime 2.11.2.1410 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version:  - RescueTime.com)
RGSS-RTP Standard (HKLM-x32\...\RGSS-RTP Standard_is1) (Version: 1.04 - Enterbrain)
RIFT (HKLM-x32\...\Glyph RIFT) (Version:  - Trion Worlds, Inc.)
ROSE Online (HKLM-x32\...\{FE68D630-0051-42DC-98D6-0D8BF5CB13C5}) (Version: 1.0.511.1 - Gravity Interactive, Inc.)
RPG MO (HKLM-x32\...\Steam App 372800) (Version:  - Marxnet)
Runes of Magic (HKLM-x32\...\{F57FBE91-C48B-4A86-91C8-A9C3D744E459}_is1) (Version: 6.3.0.2742 - Gameforge Productions GmbH)
Sakura Clicker (HKLM-x32\...\Steam App 383080) (Version:  - Winged Cloud)
Scrivener (HKLM-x32\...\Scrivener 1970) (Version: 1970 - Literature and Latte)
SealOnline Blades of Destiny (HKLM-x32\...\SealOnlinePlusUSA) (Version:  - )
Secrets of Grindea Demo (HKLM-x32\...\Steam App 372500) (Version:  - Pixel Ferrets)
Shadow Warrior (HKLM\...\Steam App 233130) (Version:  - Flying Wild Hog)
Shaiya (HKLM-x32\...\Shaiya) (Version:  - )
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version:  - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Sublime Text Build 3126 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab Detection (HKLM-x32\...\{F6276F22-4DBA-4C97-8F9C-5D53040A636B}) (Version: 6.1.1.0 - Husdawg, LLC)
Tabletop Simulator (HKLM\...\VGFibGV0b3BTaW11bGF0b3I=_is1) (Version: 1 - )
Tales of Pirates II (HKLM-x32\...\Tales of Pirates II_is1) (Version: 1.0.70 - IGG,Inc.)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A0D70C31-D5CB-4491-A508-5CF2C9F25EE0}) (Version: 1.00.0000 - En Masse Entertainment)
TERA (HKLM-x32\...\Steam App 323370) (Version:  - Bluehole Inc.)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V Skyrim Legendary Edition version 1.9.32.8 (HKLM-x32\...\The Elder Scrolls V Skyrim Legendary Edition_is1) (Version: 1.9.32.8 - Mr DJ)
The Lord of the Rings Online?v1301.0055.0535.4025 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 1301.0055.0535.4025 - Turbine, Inc.)
The Lord of the Rings Online™ (HKLM\...\Steam App 212500) (Version:  - Turbine, Inc.)
The Mighty Quest For Epic Loot version 1.276072 (HKLM-x32\...\The Mighty Quest For Epic Loot_is1) (Version: 1.276072 - )
Torchlight 2 (HKLM-x32\...\{049FF5E4-EB02-4c42-8DB0-226E2F7A9E53}) (Version: 1.1.1.1 - )
TortoiseSVN 1.9.5.27581 (64 bit) (HKLM\...\{1655E9E4-04C9-414E-8581-6D1162DFB802}) (Version: 1.9.27581 - TortoiseSVN)
Tree of Savior (English Ver.) (HKLM\...\Steam App 372000) (Version:  - IMCGAMES Co.,Ltd.)
TriadWars (HKLM-x32\...\{a2f7c596-1199-4606-b68d-125a13d1c929}) (Version: 1.0.0.0 - Square Enix Ltd.)
Twin Saga (HKLM-x32\...\Twin Saga) (Version:  - )
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{ADD45F52-630A-4F45-8879-A8DB80DF921B}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{919D63C5-565C-F1C3-67D9-353FE902EF11}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0AAB833E-034D-430B-D3E4-39C5753B14AC}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{D29934EC-24B6-0F5D-C6BB-E9ECCF220C12}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{2410D879-0C8F-B254-C207-455E119075B6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{485209AE-37CE-2208-59CB-7BB59AA85BE7}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Uplink (HKLM-x32\...\Uplink) (Version:  - )
vcpp_crt.redist.clickonce (HKLM-x32\...\{93FDC294-0726-48EA-989D-50E89C67ABF0}) (Version: 14.10.25008 - Microsoft Corporation) Hidden
Villagers and Heroes (HKLM-x32\...\{48BD847E-18C0-439C-822B-39E544DCEFF0}_is1) (Version: 35289 - Mad Otter Games / Neonga)
Vivaldi (HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\Vivaldi) (Version: 1.10.867.48 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Player (HKLM\...\{B5D82DF0-AC2F-469F-8E97-599653947166}) (Version: 12.5.5 - VMware, Inc.)
VS JIT Debugger (HKLM\...\{2901E697-0E9C-404B-B7D0-6E2D43F64CE5}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{3B64C68E-14E0-4214-A53D-502E9FBD32E7}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{A041943F-C97B-48F6-8F23-C5078F99BB3A}) (Version: 15.0.26323 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{1210EE60-E253-407D-B537-D36898049CF0}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{581E5656-26E2-4A02-9711-48C8E4998310}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{15D591B0-7B40-4957-B6C0-EB7452B5AAB6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{DC296244-0701-4EDE-9696-05B9C1D017B3}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{11230C85-1813-4BC3-9C24-E0B74B59653E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{F3217611-B414-4A3A-81BF-6A3A4DB7E743}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{D4DCEC6A-BC59-43D5-866A-AB057E64F73F}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{9477F337-FD16-4ACA-8217-E2D7A0F92603}) (Version: 15.0.26301 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{497A5ACE-DA03-4412-A110-910B2C450720}) (Version: 15.0.26424 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{A8B77523-13AB-46B9-B54F-5483E09668F9}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{A32A9CF6-E7AA-48B8-A3D3-50C157E69F53}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
WinAppDeploy (HKLM-x32\...\{80859F5A-D13C-AB8E-4659-B630CFE2599D}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Windows Glulxe (HKLM-x32\...\WinGlulxe) (Version:  - )
Windows SDK AddOn (HKLM-x32\...\{30DCCFB4-068F-4C5C-BC10-5ECDCAEE55D4}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.15063.137 (HKLM-x32\...\{a07b4a01-ca27-4e28-9353-f325a308f128}) (Version: 10.1.15063.137 - Microsoft Corporation)
WinRAR 5.50 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.5 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{45B6202F-A716-C68A-199E-43B106B56A7E}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{3E5375A1-0E4C-34E3-6294-C1C8BDA823E4}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{6CE744AE-7E0F-00AF-F1BD-077D9AFCBEC6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{FAD08838-3937-0F6C-8787-FDFDFBF63502}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Wonderland Online (HKLM-x32\...\Wonderland Online_is1) (Version: 6.1.9 - IGG,Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XtremeJade (HKLM-x32\...\D98FB73E-2CB1-4507-A521-C141F16D1ECD_is1) (Version:  - XtremeJade)
Yahoo! Powered (HKLM-x32\...\{BEF75637-EE77-87B7-5FF7-F7378F7724B7}) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2383111392-567966768-2532307980-1009_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\George\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Mark\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-18] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Mark\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-18] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Mark\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-18] ()
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Mark\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-18] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-03-07] ()
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers1: [PDFescapeDesktop_ManagerExt] -> {EB1F5DDB-7107-4831-BA2B-75FC26DB4224} => C:\Program Files\PDFescape Desktop\creator-context-menu.dll [2017-01-17] (Red Software)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers1: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-07-10] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-07-10] (Alexander Roshal)
ContextMenuHandlers2: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2017-03-21] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2017-03-21] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Mark\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-18] ()
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers4: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers6: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-07-10] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-07-10] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08E597B3-091C-4000-A098-55E920E7DB39} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {0AC3CDDE-8CF9-42D5-87C1-EE2DDB57E495} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {0BCB9368-CB5D-45C0-AAC0-CEBEF29748BE} - System32\Tasks\quick_weather_updates_helper_service => C:\Program Files (x86)\Quick Weather Updates\quick_weather_updates_helper_service.exe <==== ATTENTION
Task: {0C98666F-B5BD-4E16-8619-52C81F3A3B7E} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {0F669091-8816-4DA9-85AF-B9D703F1C821} - \Winaphild -> No File <==== ATTENTION
Task: {2D8A019A-F587-4250-A129-5B4E2AA37FDC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-04] ()
Task: {4909BE45-BF1D-4FD1-B17C-D94E69B97CC8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-22] (Microsoft Corporation)
Task: {4D99B17A-84FA-407D-B04B-B95298C9EA18} - System32\Tasks\AdobeAAMUpdater-1.0-Meepo-George => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {56294A7E-E398-4B38-83F5-FD7232234735} - System32\Tasks\05b2e1f6-2431-4ff4-9cc6-b3da4906c824 => C:\Program Files (x86)\CinPl-2.5cV16.09\05b2e1f6-2431-4ff4-9cc6-b3da4906c824.exe <==== ATTENTION
Task: {5C4514B7-E665-43CF-AAED-506D612D4781} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-22] (Microsoft Corporation)
Task: {6108A46D-4695-449A-865F-2689B6AF3F73} - \trivia_games_updating_service -> No File <==== ATTENTION
Task: {6AB66C1E-0E6C-44F4-91B6-3BAE5E32F7F9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-22] (Microsoft Corporation)
Task: {6C68038B-67B5-45A3-AD12-1CA896F07D0A} - System32\Tasks\FNAFN => C:\Users\Mark\AppData\Roaming\FNAFN.exe <==== ATTENTION
Task: {7A74689E-41D1-4007-8F41-D539BD911F82} - \trivia_games_notification_service -> No File <==== ATTENTION
Task: {85FFE989-4150-45B0-A165-DD18DF1828C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {867ECAED-E1FC-4FFF-8CFA-DB656303E360} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [2017-06-19] (Bitsum LLC)
Task: {8E0082F7-5FCB-4DDF-B7DF-2246DDD938E0} - System32\Tasks\{BBF5AD0F-0D7A-42FE-ADEA-35C8A7016948} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\GodsWar Online\unins000.exe"
Task: {93F3FDB6-0B02-4CC8-A7FE-1B1B70135B6E} - System32\Tasks\{9F04B555-020F-43D6-AB02-B28D0E2A6160} => C:\Windows\system32\pcalua.exe -a "C:\the sims 3\01 - The Sims™ 3\Sims3Setup.exe" -d "C:\the sims 3\01 - The Sims™ 3"
Task: {9D534420-38E4-45AA-A2A1-43C705275064} - System32\Tasks\d6256d17-71cf-40f9-bc9c-9a806979253d => C:\Program Files (x86)\CinPl-2.5cV16.09\d6256d17-71cf-40f9-bc9c-9a806979253d.exe <==== ATTENTION
Task: {A72CB426-C765-4860-B2FC-25C4A0D12063} - System32\Tasks\{16F806C2-CDC8-4B15-ACC9-EB7DAACD53E7} => C:\Program Files (x86)\NCSOFT\WildStar\Wildstar (2).exe [2016-10-10] (NCSOFT)
Task: {BD6BA437-597E-406E-8804-812B34AD986D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {C26D7D82-FBDD-4FA6-8F3C-9BB5A7544F26} - System32\Tasks\TWTP => C:\Users\Mark\AppData\Roaming\TWTP.exe <==== ATTENTION
Task: {C589C87C-D30C-415A-BCB8-D96A04228C58} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {C6894A54-ECC4-4E67-99AB-949F43BCF66D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-04] ()
Task: {C6D90521-7D31-4E90-BC0B-FD2710D4BD42} - \{22351821-B10C-D45F-1E7E-344ACE1788EB} -> No File <==== ATTENTION
Task: {C8E1CE08-DA06-46AB-A27D-DDCC92DE9533} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {D2F9BD41-15B0-48E0-B893-B3AD722B3EDB} - System32\Tasks\Process Lasso Management Console (GUI) => C:\Program Files\Process Lasso\processlasso.exe [2017-06-19] (Bitsum LLC)
Task: {E13BE0DA-0132-45CD-9E23-D062352E73D1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\05b2e1f6-2431-4ff4-9cc6-b3da4906c824.job => C:\Program Files (x86)\CinPl-2.5cV16.09\05b2e1f6-2431-4ff4-9cc6-b3da4906c824.exe <==== ATTENTION
Task: C:\Windows\Tasks\d6256d17-71cf-40f9-bc9c-9a806979253d.job => C:\Program Files (x86)\CinPl-2.5cV16.09\d6256d17-71cf-40f9-bc9c-9a806979253d.exeȥ/agentregpath='CinPl-2.5cV16.09' /appid=63441 /srcid='002185' /subid='0' /zdata='0' /bic=A8B41FBDBA734AB0B7EFD8F0A540E638IE /verifier=e6e97f6bd017163d30a20bfb69746532 /installerversion=1_35_09_03 /installationtime=1410902883 /statsdomain=hxxp:/stats.newclientonlinestorage.com /errorsdomain=hxxp:/errors.newclientonlinestorage.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=hxxp:/logs.newclientonlinestorage.com <==== ATTENTION
Task: C:\Windows\Tasks\FNAFN.job => C:\Users\Mark\AppData\Roaming\FNAFN.exe <==== ATTENTION
Task: C:\Windows\Tasks\quick_weather_updates_helper_service.job => C:\Program Files (x86)\Quick Weather Updates\quick_weather_updates_helper_service.exe <==== ATTENTION
Task: C:\Windows\Tasks\TWTP.job => C:\Users\Mark\AppData\Roaming\TWTP.exe <==== ATTENTION
Task: C:\Windows\Tasks\{22351821-B10C-D45F-1E7E-344ACE1788EB}.job => C:\Users\George\AppData\Roaming\UPDATE~1\SyncTask.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\George\Desktop\Download Video and Audio Online.lnk -> hxxp://video-box.org/Content/Images/favicon2.ico
Shortcut: C:\Users\George\Desktop\Играть в Dragon Knight.lnk -> C:\Users\George\Downloads\Играть в Dragon Knight.ico () <==== Cyrillic
Shortcut: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Glulxe\(www) Download Glulx games.lnk -> hxxp://mirror.ifarchive.org/indexes/if-archiveXgamesXglulx.htm

==================== Loaded Modules (Whitelisted) ==============

2009-03-30 02:32 - 2009-03-30 02:32 - 00032768 ____R () C:\Windows\DAODx.exe
2016-11-26 15:48 - 2016-11-26 15:48 - 00095184 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2016-11-21 21:55 - 2016-11-21 21:55 - 00959168 _____ () C:\Users\George\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-11-21 21:47 - 2017-07-04 13:40 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-07 22:42 - 2017-03-07 22:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-05-01 10:13 - 2017-04-18 06:52 - 00592384 _____ () C:\Users\Mark\AppData\Local\MEGAsync\ShellExtX64.dll
2017-07-17 10:38 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\George\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-02-20 22:19 - 2017-02-20 22:19 - 01082880 _____ () \\?\C:\Users\George\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-02-20 22:19 - 2017-02-20 22:19 - 03750400 _____ () \\?\C:\Users\George\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-02-20 22:19 - 2017-02-20 22:19 - 00914432 _____ () \\?\C:\Users\George\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2016-11-21 21:55 - 2016-11-21 21:55 - 00679624 _____ () C:\Users\George\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-11-21 21:46 - 2017-07-04 13:40 - 08931528 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-07-15 01:50 - 2017-07-11 14:26 - 02946680 _____ () C:\Users\George\AppData\Local\Vivaldi\Application\1.10.867.48\libglesv2.dll
2017-07-15 01:50 - 2017-07-11 14:26 - 00087160 _____ () C:\Users\George\AppData\Local\Vivaldi\Application\1.10.867.48\libegl.dll
2017-07-17 10:38 - 2017-01-04 15:28 - 02278912 _____ () C:\Users\George\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-07-17 10:38 - 2017-01-04 15:28 - 00096768 _____ () C:\Users\George\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-07-30 11:39 - 2017-07-30 11:39 - 00148992 _____ () \\?\C:\Users\George\AppData\Local\Temp\C283.tmp.node
2017-02-20 22:19 - 2017-06-12 17:31 - 02658296 _____ () \\?\C:\Users\George\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-02-20 22:20 - 2017-06-12 17:31 - 02665976 _____ () \\?\C:\Users\George\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys [8194]
AlternateDataStreams: C:\Program Files (x86)\XIGNCODE:{4A705BBE-C39C-4059-9658-2F0F8F0A4F12} [24]
AlternateDataStreams: C:\Program Files (x86)\XIGNCODE:{B6B3D3B5-E6DA-4ac3-B20B-7AD145E0AF58} [9830402]
AlternateDataStreams: C:\Users\All Users:gs5sys [8194]
AlternateDataStreams: C:\Users\Mark:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [8194]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [108]
AlternateDataStreams: C:\ProgramData\TEMP:69FD6BF0 [80]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [1792]
AlternateDataStreams: C:\Users\Mark\Application Data:gs5sys [3074]
AlternateDataStreams: C:\Users\Mark\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\Mark\Local Settings:gs5sys [3074]
AlternateDataStreams: C:\Users\Mark\Templates:gs5sys [3074]
AlternateDataStreams: C:\Users\Mark\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Mark\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Mark\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Application Data:gs5sys [3074]
AlternateDataStreams: C:\Users\Mark\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Mark\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [2048]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\localhost -> hxxps://localhost
IE trusted site: HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\sharepoint.com -> hxxps://studentbcsdnyorg-files.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-07-16 22:31 - 00001761 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 plugpackdownload.net
127.0.0.1 dscdn.pw
127.0.0.1 wemsofts.com
127.0.0.1 bongadoom.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 internalcampaigntargets.com
127.0.0.1 bongadoom.com
127.0.0.1 getthefilenow.com
127.0.0.1 bigpicturepop.com
127.0.0.1 wizzcaster.com
127.0.0.1 bestoffersfortoday.com
127.0.0.1 wepcmainsystem.com
127.0.0.1 agent.wizztrakys.com
127.0.0.1 csdimonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 titiaredh.com
127.0.0.1 wepcdisplaysystem.com
127.0.0.1 wepcanalyticsystem.com
127.0.0.1 healthydownload.com
127.0.0.1 leading2download.com
127.0.0.1 dwl0.wizzlabs.com
127.0.0.1 dwl1.wizzlabs.com
127.0.0.1 installpixel.com
127.0.0.1 burningcube.ru
127.0.0.1 mess1.wizzmonetize.com
127.0.0.1 dl.azalee.site
127.0.0.1 dl.smashdl.com
127.0.0.1 downloadmyhost.com
127.0.0.1 lapapahoster.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Control Panel\Desktop\\Wallpaper -> C:\Users\George\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 192.168.116.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Disc Soft Bus Service => 3
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RescueTime.lnk => C:\Windows\pss\RescueTime.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^George^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup
MSCONFIG\startupreg: 4y3x31sobbo => "C:\Users\George\AppData\Roaming\pv2eaegpsej\23nbtr3koou.exe"
MSCONFIG\startupreg: 691AB248E2803C3186ECC7E6F794C48B0BEC7D59._service_run => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: 8Q4THSAHF0FMEKK => "C:\Program Files (x86)\vubi2xnn4xp\B7C4R.exe"
MSCONFIG\startupreg: 8T29X3AO8UJAL9J => "C:\Program Files\ZOUNVACPS9\DV7VUG4TG.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AVBoost => "C:\Program Files (x86)\AVBoost\AVBoost.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: ctfmon.exe => C:\Users\George\AppData\Local\Temp\00001926\conhostx86.exe
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: MyComGames => "C:\Users\Mark\AppData\Local\MyComGames\MyComGames.exe" -autostart
MSCONFIG\startupreg: OFYB28IGEGVHGAR => "C:\Program Files\8SEB33CQB1\LHKQB2IRA.exe"
MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: QQ2009 => "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background
MSCONFIG\startupreg: RaidCall => C:\Program Files (x86)\RaidCall\raidcall.exe
MSCONFIG\startupreg: RFPDGVOATY.exe => C:\Users\George\AppData\Local\Temp\0d-7c15c-3be-4ae97-b15ab36ad09b6\RFPDGVOATY.exe m_1 L_1
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Vivaldi Update Notifier => C:\Users\George\AppData\Local\Vivaldi\Application\update_notifier.exe
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
MSCONFIG\startupreg: w0mswr3l3sy => "C:\Users\George\AppData\Roaming\0ysgxobiaeb\z3anhziwduo.exe"
MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
MSCONFIG\startupreg: WinResSync => C:\Windows\system32\regsvr32.exe /s "C:\Users\George\AppData\Roaming\Microsoft\Protect\2a5cfbdd-886c-43ec-a31e-6366fff953b8.rs"
MSCONFIG\startupreg: WrtMon.exe => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe
MSCONFIG\startupreg: YeaDesktop => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe /autostart

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{DBFFFF9F-D913-4C79-98B6-73B8317D981A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{6AB48545-1632-4A2D-882E-0E465EAF9087}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{6B077510-DA38-4EA8-A656-3C8FE65EDA96}C:\users\george\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\george\appdata\local\vivaldi\application\vivaldi.exe
FirewallRules: [UDP Query User{B8463BDC-EEF1-4529-AD0E-FCD340B3F339}C:\users\george\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\george\appdata\local\vivaldi\application\vivaldi.exe
FirewallRules: [{F167DE4E-FD4D-4DD9-9D65-0CECA670A799}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3A68E4A2-531A-4C5E-93FB-4574A62C8CC6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EEBB3628-E4BB-4E16-9F84-DB920417A362}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9578BDFA-F938-40B1-BE9A-933A850952EC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3979F8E4-F711-4C74-8068-03E30CAFF880}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency_BE.exe
FirewallRules: [{A8ADEA61-AA1B-4CB1-AF11-1E1DD7F0896D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency_BE.exe
FirewallRules: [TCP Query User{353ACDC0-88AD-4B1F-B5EE-8B6FF277D50B}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [UDP Query User{61548C76-0F00-4E04-8A4E-A17D383D6347}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{4E8C7FE3-398A-42B6-88D1-A198ED6D9325}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2AB52732-54C0-4FBF-A067-F3319517339A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{672E8915-667B-4B74-ACF8-6B9B6D23D7D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{FE2CA895-7C78-48F7-801F-A5C715B678C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{00BB07BF-F018-4853-BE1D-13DC1A140AEA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E99AF945-3D70-4BE9-BA9A-B8F86E8867FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{811A2B77-C1F0-47E5-A2BC-F1B5A100F8CE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0A404087-A225-4685-9736-0FD50BFA8659}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{45E83E6D-F18F-4021-9C2E-E702DAC807D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{024A467E-54D2-454D-A2AE-7D1896302FA3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D2E40B7C-2820-4291-A197-7D8617966263}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BAC48493-1929-4641-BA14-E50D490CF327}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{8BF0C646-FB64-4732-88B7-33C2C4CB1374}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{170044BE-A322-4554-8598-7F033BC98D4F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E8C19C5F-66E4-49AA-82A0-51AD80630DDC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5DDB17A2-A0C2-4869-9D41-1A253C0325C3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{4972F480-2254-4525-B191-080B20D58A48}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{09603902-D765-406F-90AA-32D31603907E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B79EFF3F-E3D3-49E6-A29E-EAED9C37C329}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C109B4DD-17DF-4C06-A692-D21DCDC46CF8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{BC124804-BFF4-489E-AF1F-AED0717053C5}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{7E8EC8E9-1B5F-449B-97EE-CDC19FFDD058}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{29EFCD05-CA7A-48B0-86CE-B4DD17595FE1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{F8AFDDD6-DCE4-41D4-A235-03D232E3707D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{0F442A3F-C015-4AE7-AD2D-F0B4583B47DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{D3D2E2F4-FC46-43A6-8C22-0FCA1104746C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{DB35C6CF-916F-4ED5-BD01-A3EE107277A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{3982C43A-3AF7-4BF5-B78B-587CFF7FA6B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{288ADBAF-286B-48EE-B73C-07A6860C4D92}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{65714C5A-8667-428D-8FE3-D5F39C460408}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{75A8F91C-89B3-4A92-A79B-4EFD3E1753B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6B7227DC-490C-4CE5-85AA-13323C540056}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{02929555-9BEF-441D-8ECE-FFD01CC5DF92}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{55794191-6D6B-4751-8F9A-F63706C582C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{54045B5D-3C69-459E-B3E9-330138EEBAFC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8BCF7D3F-DA21-4974-8282-2A33C40A9678}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{BBC820B2-6E40-420C-8071-C5FF239EC4DD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7FCECB37-CFB0-4A25-B1B4-E9B10014A1CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3F7527F9-A337-42AD-AADC-0A362741B748}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F029BF2D-6992-405A-AC35-100E8CC8CAE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A49E887C-141A-4CAD-93F0-163E7F9C1C0C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5BE4C151-C46D-4B41-BF4D-019C1216E324}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F1C7FD67-0E01-46A7-BB76-74B005CA82C1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7D107FA9-F722-492D-AE79-224BCDC9DDD2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{54CF05ED-2177-461F-ABB2-154E21A180C7}] => (Allow) C:\Users\George\AppData\Local\Vivaldi\Application\vivaldi.exe
FirewallRules: [{575A6847-57D5-44D0-BBFA-0B6F5716CB58}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{56F69E8D-01AD-449E-8672-86496BEB73FF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{24CA7B60-C654-45CE-8C15-BB42226739CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0E293409-1BCA-457E-940D-57B1617CD22F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{076FF455-BBF6-45C9-B20B-8ACCD1A5E491}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4B1BB7EA-E455-466B-9246-2E57D017A6C1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{C8C461D4-00D5-42AE-AAF9-98B59909815B}C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{019CD3B6-2797-45EA-B284-456FB2015B94}C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe
FirewallRules: [TCP Query User{12AF3CFE-36B2-4495-BED7-1F53682D7529}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{82AB3AAF-2359-427A-B7B4-3DC1DFAF73AB}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{E3F278D7-C01E-4046-8435-B413909C4AD3}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{CE6DA1DE-9762-44D0-A672-29CE2297B1AC}] => (Allow) C:\Users\George\AppData\Roaming\thdr\download\MiniThunderPlatform.exe
FirewallRules: [{9D1FF64C-D582-4276-B67B-34CA35448874}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{E2DA6BA0-7036-4947-969F-44521470EF58}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{EE068903-883F-4310-8E4D-66B246EC9F18}] => (Allow) %ProgramFiles%\Malwarebytes\Anti-Malware\mbam.exe
FirewallRules: [{4AEF6BA0-F8FB-43B5-BA8F-82DF9C9918AF}] => (Allow) %ProgramFiles%\Malwarebytes\Anti-Malware\MBAMService.exe
FirewallRules: [{CDC6E5CF-5D74-4A74-9BDB-CB3D9706BAD1}] => (Allow) %ProgramFiles%\Malwarebytes\Anti-Malware\assistant.exe
FirewallRules: [{FF0C7E5D-310E-444D-83A4-DA36FC917F06}] => (Allow) %ProgramFiles%\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
FirewallRules: [{67149857-7AF1-428D-81FA-C48205324A67}] => (Allow) %ProgramFiles%\Malwarebytes\Anti-Malware\mbamtray.exe
FirewallRules: [{81AB7C63-E9D6-45D9-80D6-12C1B8FC4CE7}] => (Allow) %ProgramFiles%\Malwarebytes\Anti-Malware\MBAMWsc.exe
FirewallRules: [{D5123572-EB05-4666-B445-4222D2CC386F}] => (Allow) %ProgramFiles%\Malwarebytes\Anti-Malware\unins000.exe
FirewallRules: [{2D84BDA4-C3EF-44C7-B933-6547A4497438}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7F2D9DE0-CFEB-48BA-BC0B-93E4E53F47A5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B9C7559E-C412-4210-94ED-6A95172C4DDC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DE051395-C20A-439A-B007-9E953FE150D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9A48461D-C780-4DB4-ACCD-477EDDE34927}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{498EB7B4-3E13-4DBA-AB29-CBC9648CE91D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{629A6B08-AFB1-47EE-A3DA-58AB3785BBD4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{E326CBCA-C7DD-4EDA-8C6C-EFA1E3C87364}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bloons TD Battles\Battles-Win.exe
FirewallRules: [{A4676806-9ED1-4920-B1D8-4CC5AD37335F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EBC92FF2-6EE8-4939-B2C8-13DB08756057}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3A32EC2C-BA05-40B9-A157-1B8A4B17FC66}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{CC2C7D88-5127-4EDA-B0DE-85D61815275D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{29F8ECB3-41AA-4A50-8304-3BD035D12E71}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E010C661-8EB5-4FBA-A445-E395D8FD2B02}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8F548528-A920-4597-9A8A-D95834E50709}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{538F4A51-FB87-4FAB-B149-DBA0105C0698}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B86CCE9A-0260-4E0E-9308-FB003E05F722}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{60DFF7C9-CC47-470A-BD31-30CC69C3710A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{176A817D-FAE6-4429-BFBF-41E1DB72891B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FE531311-5B55-41DE-9068-23B8406324BF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{48974960-55F1-4118-A440-EEA1FF14B3AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B9EFB1F5-F1B4-403E-8978-50F00904C05C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{97160154-B4A0-4EE2-8465-DDD95769FB53}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{438C6101-81A5-485F-8926-A9E7E55205B5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D542FA89-4363-46AF-98E2-8E51A08BA7D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{18D3429A-89CF-4CBD-835C-BE37ABF0E56D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A68ABF9E-0567-4637-89D2-1B1304FD0C5A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5E0C43D2-8D12-492A-B0F3-B21DA079C331}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{ECF048D8-769F-4E26-A07C-80762E042D7F}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{105A847A-2001-4DB0-B1D1-C37F7B0054AB}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

==================== Restore Points =========================

29-07-2017 00:32:10 Malwarebytes Anti-Rootkit Restore Point
29-07-2017 18:34:56 JRT Pre-Junkware Removal
29-07-2017 21:38:59 Removed VMware Workstation
29-07-2017 21:40:49 Installed VMware Player

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2017 11:38:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/30/2017 11:37:48 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/30/2017 11:32:56 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/30/2017 05:18:52 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/30/2017 04:18:52 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/30/2017 03:18:52 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/30/2017 02:18:52 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/30/2017 01:18:52 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/30/2017 12:18:55 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/29/2017 11:18:55 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

System errors:
=============
Error: (07/30/2017 11:39:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.

Error: (07/30/2017 11:37:53 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.3.
The computer with the IP address 192.168.1.5 did not allow the name to be claimed by
this computer.

Error: (07/29/2017 09:39:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/29/2017 07:18:55 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error:
"5"
Happened while starting this command:
C:\Windows\System32\slui.exe -Embedding

Error: (07/29/2017 06:33:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.

Error: (07/29/2017 06:31:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
TsDefenseBt

Error: (07/29/2017 06:29:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/29/2017 06:28:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.

Error: (07/29/2017 06:28:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/29/2017 06:28:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

CodeIntegrity:
===================================
  Date: 2014-08-24 21:41:07.556
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Bin\64bit\ASUSHWIO.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-24 21:41:07.478
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Bin\64bit\ASUSHWIO.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X3 455 Processor
Percentage of memory in use: 35%
Total physical RAM: 8105.47 MB
Available physical RAM: 5223.29 MB
Total Virtual: 16209.15 MB
Available Virtual: 13295.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:2047.9 GB) (Free:202.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 000E769B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=2047.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

 

 

 

NOTE: I have only relatively recently started using this computer. It used to be used by another person, called Mark. What he did was none of my business, as far as I'm concerned.

Edited July 30, 2017 by ClanOS
More info

[Aura]

Do you still need his userprofile (Mark)? If not, we can delete it.

Malicious Programs Warning!

I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.

• Yahoo" Powered
  

If you have an issue when uninstalling a program, please let me know.

Farbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

• Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
• Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Click on the Fix button;
  
• On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
• Copy and paste its content in your next reply;
  

fixlist.txt

[ClanOS]

35 minutes ago, Aura said:

Do you still need his userprofile (Mark)? If not, we can delete it.

Malicious Programs Warning!

I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.

• Yahoo" Powered

If you have an issue when uninstalling a program, please let me know.

Farbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

• Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
• Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Click on the Fix button;
  
• On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
• Copy and paste its content in your next reply;

 

fixlist.txt

It said my computer had to restart after the fix, so I didn't get a chance to copy-paste any Notepad log.

However, after the restart, I noticed a .txt file called Fixlog on my Desktop. :thinking:

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-07-2017
Ran by George (30-07-2017 13:44:13) Run:1
Running from C:\Users\George\Desktop
Loaded Profiles: George (Available Profiles: Mark & new mark & George)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

DeleteKey: HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\Google\Chrome\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh

GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-08-16]

CHR NewTab: Default ->  Active:"chrome-extension://migpplbcnghglpajipgfaokdiacfpkpj/index.html"

Task: {0BCB9368-CB5D-45C0-AAC0-CEBEF29748BE} - System32\Tasks\quick_weather_updates_helper_service => C:\Program Files (x86)\Quick Weather Updates\quick_weather_updates_helper_service.exe <==== ATTENTION
Task: {0F669091-8816-4DA9-85AF-B9D703F1C821} - \Winaphild -> No File <==== ATTENTION
Task: {56294A7E-E398-4B38-83F5-FD7232234735} - System32\Tasks\05b2e1f6-2431-4ff4-9cc6-b3da4906c824 => C:\Program Files (x86)\CinPl-2.5cV16.09\05b2e1f6-2431-4ff4-9cc6-b3da4906c824.exe <==== ATTENTION
Task: {6108A46D-4695-449A-865F-2689B6AF3F73} - \trivia_games_updating_service -> No File <==== ATTENTION
Task: {6C68038B-67B5-45A3-AD12-1CA896F07D0A} - System32\Tasks\FNAFN => C:\Users\Mark\AppData\Roaming\FNAFN.exe <==== ATTENTION
Task: {7A74689E-41D1-4007-8F41-D539BD911F82} - \trivia_games_notification_service -> No File <==== ATTENTION
Task: {8E0082F7-5FCB-4DDF-B7DF-2246DDD938E0} - System32\Tasks\{BBF5AD0F-0D7A-42FE-ADEA-35C8A7016948} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\GodsWar Online\unins000.exe"
Task: {93F3FDB6-0B02-4CC8-A7FE-1B1B70135B6E} - System32\Tasks\{9F04B555-020F-43D6-AB02-B28D0E2A6160} => C:\Windows\system32\pcalua.exe -a "C:\the sims 3\01 - The Sims™ 3\Sims3Setup.exe" -d "C:\the sims 3\01 - The Sims™ 3"
Task: {9D534420-38E4-45AA-A2A1-43C705275064} - System32\Tasks\d6256d17-71cf-40f9-bc9c-9a806979253d => C:\Program Files (x86)\CinPl-2.5cV16.09\d6256d17-71cf-40f9-bc9c-9a806979253d.exe <==== ATTENTION
Task: {C26D7D82-FBDD-4FA6-8F3C-9BB5A7544F26} - System32\Tasks\TWTP => C:\Users\Mark\AppData\Roaming\TWTP.exe <==== ATTENTION
Task: {C6D90521-7D31-4E90-BC0B-FD2710D4BD42} - \{22351821-B10C-D45F-1E7E-344ACE1788EB} -> No File <==== ATTENTION
Task: C:\Windows\Tasks\05b2e1f6-2431-4ff4-9cc6-b3da4906c824.job => C:\Program Files (x86)\CinPl-2.5cV16.09\05b2e1f6-2431-4ff4-9cc6-b3da4906c824.exe <==== ATTENTION
Task: C:\Windows\Tasks\d6256d17-71cf-40f9-bc9c-9a806979253d.job => C:\Program Files (x86)\CinPl-2.5cV16.09\d6256d17-71cf-40f9-bc9c-9a806979253d.exeȥ/agentregpath='CinPl-2.5cV16.09' /appid=63441 /srcid='002185' /subid='0' /zdata='0' /bic=A8B41FBDBA734AB0B7EFD8F0A540E638IE /verifier=e6e97f6bd017163d30a20bfb69746532 /installerversion=1_35_09_03 /installationtime=1410902883 /statsdomain=hxxp:/stats.newclientonlinestorage.com /errorsdomain=hxxp:/errors.newclientonlinestorage.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=hxxp:/logs.newclientonlinestorage.com <==== ATTENTION
Task: C:\Windows\Tasks\FNAFN.job => C:\Users\Mark\AppData\Roaming\FNAFN.exe <==== ATTENTION
Task: C:\Windows\Tasks\quick_weather_updates_helper_service.job => C:\Program Files (x86)\Quick Weather Updates\quick_weather_updates_helper_service.exe <==== ATTENTION
Task: C:\Windows\Tasks\TWTP.job => C:\Users\Mark\AppData\Roaming\TWTP.exe <==== ATTENTION
Task: C:\Windows\Tasks\{22351821-B10C-D45F-1E7E-344ACE1788EB}.job => C:\Users\George\AppData\Roaming\UPDATE~1\SyncTask.exe <==== ATTENTION

AlternateDataStreams: C:\ProgramData:gs5sys [8194]
AlternateDataStreams: C:\Program Files (x86)\XIGNCODE:{4A705BBE-C39C-4059-9658-2F0F8F0A4F12} [24]
AlternateDataStreams: C:\Program Files (x86)\XIGNCODE:{B6B3D3B5-E6DA-4ac3-B20B-7AD145E0AF58} [9830402]
AlternateDataStreams: C:\Users\All Users:gs5sys [8194]
AlternateDataStreams: C:\Users\Mark:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [8194]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [108]
AlternateDataStreams: C:\ProgramData\TEMP:69FD6BF0 [80]
AlternateDataStreams: C:\ProgramData\Templates:gs5sys [1792]
AlternateDataStreams: C:\Users\Mark\Application Data:gs5sys [3074]
AlternateDataStreams: C:\Users\Mark\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\Mark\Local Settings:gs5sys [3074]
AlternateDataStreams: C:\Users\Mark\Templates:gs5sys [3074]
AlternateDataStreams: C:\Users\Mark\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Mark\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Mark\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Application Data:gs5sys [3074]
AlternateDataStreams: C:\Users\Mark\AppData\Local\History:gs5sys [3074]
AlternateDataStreams: C:\Users\Mark\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [2048]

MSCONFIG\startupreg: 4y3x31sobbo => "C:\Users\George\AppData\Roaming\pv2eaegpsej\23nbtr3koou.exe"
MSCONFIG\startupreg: 691AB248E2803C3186ECC7E6F794C48B0BEC7D59._service_run => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: 8Q4THSAHF0FMEKK => "C:\Program Files (x86)\vubi2xnn4xp\B7C4R.exe"
MSCONFIG\startupreg: 8T29X3AO8UJAL9J => "C:\Program Files\ZOUNVACPS9\DV7VUG4TG.exe"
MSCONFIG\startupreg: AVBoost => "C:\Program Files (x86)\AVBoost\AVBoost.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\Users\George\AppData\Local\Temp\00001926\conhostx86.exe
MSCONFIG\startupreg: OFYB28IGEGVHGAR => "C:\Program Files\8SEB33CQB1\LHKQB2IRA.exe"
MSCONFIG\startupreg: QQ2009 => "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background
MSCONFIG\startupreg: RFPDGVOATY.exe => C:\Users\George\AppData\Local\Temp\0d-7c15c-3be-4ae97-b15ab36ad09b6\RFPDGVOATY.exe m_1 L_1
MSCONFIG\startupreg: w0mswr3l3sy => "C:\Users\George\AppData\Roaming\0ysgxobiaeb\z3anhziwduo.exe"
MSCONFIG\startupreg: WinResSync => C:\Windows\system32\regsvr32.exe /s "C:\Users\George\AppData\Roaming\Microsoft\Protect\2a5cfbdd-886c-43ec-a31e-6366fff953b8.rs"
MSCONFIG\startupreg: YeaDesktop => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe /autostart

FirewallRules: [{CE6DA1DE-9762-44D0-A672-29CE2297B1AC}] => (Allow) C:\Users\George\AppData\Roaming\thdr\download\MiniThunderPlatform.exe

C:\Program Files (x86)\AVBoost
C:\Program Files (x86)\CinPl-2.5cV16.09
C:\Program Files (x86)\Quick Weather Updates
C:\Program Files (x86)\Tencent
C:\Program Files (x86)\vubi2xnn4xp
C:\Program Files (x86)\YeaDesktop
C:\Program Files\8SEB33CQB1
C:\Program Files\ZOUNVACPS9
C:\ProgramData\PCMgrSetup.exe
C:\ProgramData\ntuser.pol
C:\Users\Mark\audacity-win-2-0-6.exe
C:\Users\Mark\main.exe
C:\Users\Mark\AppData\Local\4b74a33042f8b5f7
C:\Users\Mark\AppData\Roaming\FNAFN.exe
C:\Users\Mark\AppData\Roaming\TWTP.exe
C:\Users\George\AppData\Local\360chrome
C:\Users\George\AppData\Local\2ce9cdc060ac46c2
C:\Users\George\AppData\Local\begnowsj
C:\Users\George\AppData\Local\CrashRpt
C:\Users\George\AppData\Local\file__0.localstorage
C:\Users\George\AppData\Roaming\0ysgxobiaeb
C:\Users\George\AppData\Roaming\360se6
C:\Users\George\AppData\Roaming\baidu
C:\Users\George\AppData\Roaming\c
C:\Users\George\AppData\Roaming\pv2eaegpsej
C:\Users\George\AppData\Roaming\UPDATE~1
C:\Users\George\AppData\Roaming\Microsoft\Protect\2a5cfbdd-886c-43ec-a31e-6366fff953b8.rs
C:\Windows\uninstaller.dat

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\Google\Chrome\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => moved successfully
Chrome NewTab => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0BCB9368-CB5D-45C0-AAC0-CEBEF29748BE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BCB9368-CB5D-45C0-AAC0-CEBEF29748BE} => key removed successfully
C:\Windows\System32\Tasks\quick_weather_updates_helper_service => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\quick_weather_updates_helper_service => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{0F669091-8816-4DA9-85AF-B9D703F1C821} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F669091-8816-4DA9-85AF-B9D703F1C821} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Winaphild => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{56294A7E-E398-4B38-83F5-FD7232234735} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56294A7E-E398-4B38-83F5-FD7232234735} => key removed successfully
C:\Windows\System32\Tasks\05b2e1f6-2431-4ff4-9cc6-b3da4906c824 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\05b2e1f6-2431-4ff4-9cc6-b3da4906c824 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6108A46D-4695-449A-865F-2689B6AF3F73} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6108A46D-4695-449A-865F-2689B6AF3F73} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\trivia_games_updating_service => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6C68038B-67B5-45A3-AD12-1CA896F07D0A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C68038B-67B5-45A3-AD12-1CA896F07D0A} => key removed successfully
C:\Windows\System32\Tasks\FNAFN => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FNAFN => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A74689E-41D1-4007-8F41-D539BD911F82} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A74689E-41D1-4007-8F41-D539BD911F82} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\trivia_games_notification_service => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E0082F7-5FCB-4DDF-B7DF-2246DDD938E0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E0082F7-5FCB-4DDF-B7DF-2246DDD938E0} => key removed successfully
C:\Windows\System32\Tasks\{BBF5AD0F-0D7A-42FE-ADEA-35C8A7016948} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BBF5AD0F-0D7A-42FE-ADEA-35C8A7016948} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93F3FDB6-0B02-4CC8-A7FE-1B1B70135B6E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93F3FDB6-0B02-4CC8-A7FE-1B1B70135B6E} => key removed successfully
C:\Windows\System32\Tasks\{9F04B555-020F-43D6-AB02-B28D0E2A6160} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9F04B555-020F-43D6-AB02-B28D0E2A6160} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D534420-38E4-45AA-A2A1-43C705275064} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D534420-38E4-45AA-A2A1-43C705275064} => key removed successfully
C:\Windows\System32\Tasks\d6256d17-71cf-40f9-bc9c-9a806979253d => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d6256d17-71cf-40f9-bc9c-9a806979253d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C26D7D82-FBDD-4FA6-8F3C-9BB5A7544F26} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C26D7D82-FBDD-4FA6-8F3C-9BB5A7544F26} => key removed successfully
C:\Windows\System32\Tasks\TWTP => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TWTP => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6D90521-7D31-4E90-BC0B-FD2710D4BD42} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6D90521-7D31-4E90-BC0B-FD2710D4BD42} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{22351821-B10C-D45F-1E7E-344ACE1788EB} => key removed successfully
C:\Windows\Tasks\05b2e1f6-2431-4ff4-9cc6-b3da4906c824.job => moved successfully
C:\Windows\Tasks\d6256d17-71cf-40f9-bc9c-9a806979253d.job => moved successfully
C:\Windows\Tasks\FNAFN.job => moved successfully
C:\Windows\Tasks\quick_weather_updates_helper_service.job => moved successfully
C:\Windows\Tasks\TWTP.job => moved successfully
C:\Windows\Tasks\{22351821-B10C-D45F-1E7E-344ACE1788EB}.job => moved successfully
C:\ProgramData => ":gs5sys" ADS removed successfully.
C:\Program Files (x86)\XIGNCODE => ":{4A705BBE-C39C-4059-9658-2F0F8F0A4F12}" ADS removed successfully.
C:\Program Files (x86)\XIGNCODE => ":{B6B3D3B5-E6DA-4ac3-B20B-7AD145E0AF58}" ADS removed successfully.
"C:\Users\All Users" => ":gs5sys" ADS not found.
C:\Users\Mark => ":gs5sys" ADS removed successfully.
"C:\ProgramData\Application Data" => ":gs5sys" ADS not found.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":69FD6BF0" ADS removed successfully.
C:\ProgramData\Templates => ":gs5sys" ADS removed successfully.
C:\Users\Mark\Application Data => ":gs5sys" ADS removed successfully.
C:\Users\Mark\Cookies => ":gs5sys" ADS removed successfully.
C:\Users\Mark\Local Settings => ":gs5sys" ADS removed successfully.
C:\Users\Mark\Templates => ":gs5sys" ADS removed successfully.
C:\Users\Mark\Desktop\desktop.ini => ":gs5sys" ADS removed successfully.
"C:\Users\Mark\AppData\Local" => ":gs5sys" ADS not found.
"C:\Users\Mark\AppData\Roaming" => ":gs5sys" ADS not found.
"C:\Users\Mark\AppData\Local\Application Data" => ":gs5sys" ADS not found.
C:\Users\Mark\AppData\Local\History => ":gs5sys" ADS removed successfully.
C:\Users\Mark\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
C:\Users\Public\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\4y3x31sobbo => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\691AB248E2803C3186ECC7E6F794C48B0BEC7D59._service_run => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\8Q4THSAHF0FMEKK => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\8T29X3AO8UJAL9J => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVBoost => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OFYB28IGEGVHGAR => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QQ2009 => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RFPDGVOATY.exe => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\w0mswr3l3sy => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinResSync => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YeaDesktop => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CE6DA1DE-9762-44D0-A672-29CE2297B1AC} => value removed successfully
"C:\Program Files (x86)\AVBoost" => not found.
"C:\Program Files (x86)\CinPl-2.5cV16.09" => not found.
C:\Program Files (x86)\Quick Weather Updates => moved successfully
"C:\Program Files (x86)\Tencent" => not found.
"C:\Program Files (x86)\vubi2xnn4xp" => not found.
"C:\Program Files (x86)\YeaDesktop" => not found.
"C:\Program Files\8SEB33CQB1" => not found.
"C:\Program Files\ZOUNVACPS9" => not found.
C:\ProgramData\PCMgrSetup.exe => moved successfully
C:\ProgramData\ntuser.pol => moved successfully
C:\Users\Mark\audacity-win-2-0-6.exe => moved successfully
C:\Users\Mark\main.exe => moved successfully
C:\Users\Mark\AppData\Local\4b74a33042f8b5f7 => moved successfully
"C:\Users\Mark\AppData\Roaming\FNAFN.exe" => not found.
"C:\Users\Mark\AppData\Roaming\TWTP.exe" => not found.
C:\Users\George\AppData\Local\360chrome => moved successfully
C:\Users\George\AppData\Local\2ce9cdc060ac46c2 => moved successfully
C:\Users\George\AppData\Local\begnowsj => moved successfully
C:\Users\George\AppData\Local\CrashRpt => moved successfully
C:\Users\George\AppData\Local\file__0.localstorage => moved successfully
"C:\Users\George\AppData\Roaming\0ysgxobiaeb" => not found.
C:\Users\George\AppData\Roaming\360se6 => moved successfully
C:\Users\George\AppData\Roaming\baidu => moved successfully
C:\Users\George\AppData\Roaming\c => moved successfully
"C:\Users\George\AppData\Roaming\pv2eaegpsej" => not found.
"C:\Users\George\AppData\Roaming\UPDATE~1" => not found.
"C:\Users\George\AppData\Roaming\Microsoft\Protect\2a5cfbdd-886c-43ec-a31e-6366fff953b8.rs" => not found.
C:\Windows\uninstaller.dat => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 248294204 B
Java, Flash, Steam htmlcache => 69999323 B
Windows/system/drivers => 788320 B
Edge => 0 B
Chrome => 247853742 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile32 => 82338 B
LocalService => 33058 B
NetworkService => 0 B
Mark => 129952988 B
UpdatusUser => 0 B
new mark => 74301 B
George => 95885954 B

RecycleBin => 0 B
EmptyTemp: => 764.3 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 13:56:42 ====

 

 

 

Just wondering, what's the purpose of these lines near the top of fixlist.txt?

ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003

[Aura]

Do you still need his userprofile (Mark)? If not, we can delete it.

Also, you had a proxy set on your system. Basically, it redirected everything towards port 8003, but it isn't needed and is often configured by malware.

[ClanOS]

1 minute ago, Aura said:

Do you still need his userprofile (Mark)? If not, we can delete it.

Also, you had a proxy set on your system. Basically, it redirected everything towards port 8003, but it isn't needed and is often configured by malware.

I don't need the userprofile, but I have this habit where I don't like to delete things, just in case I need them in the future for some reason. Still, probably not, but I'd like to keep it around,

 

Yeah, I've noticed that happens sometimes with my computer. Happened more a few years back - every now and then I'd get a proxy set for no reason. I suppose I know why.

[Aura]

I really doubt you would need anything off his profile. Even less when that profile is infected and he's probably the one who got the system infected before it ended up in your hands

Personally, you should always, always reinstall Windows when you get a refurbished system that someone else owned/used. It makes sure that you start fresh and you don't have to worry about system issues, malware, etc.

[ClanOS]

25 minutes ago, Aura said:

I really doubt you would need anything off his profile. Even less when that profile is infected and he's probably the one who got the system infected before it ended up in your hands

Personally, you should always, always reinstall Windows when you get a refurbished system that someone else owned/used. It makes sure that you start fresh and you don't have to worry about system issues, malware, etc.

I end up in this little mental debate where I figure if I'm formatting I should just install some unix/linux/debian distro but I don't want to deal with the headache of getting that set up and trying to make games work with it so I put it off until I'm better prepared to deal with that mess, and then before I know it I have everything set up on Windows, and I don't want to lose that. The vicious cycle of widespread consumer use, I suppose.

[Aura]

You can always create a bootable Windows 7 installation media and perform a clean install from it. All you have to do afterwards is reinstall your programs, copy back the files you backupped, etc. Way safer in my opinion.

[ClanOS]

It's a bit late for that now, unfortunately, but I'll definitely keep that in mind for the future. I have a bunch of sort of niche programs that I'd forget to reinstall and then regret not having. For example, I use a browser that I'm pretty sure nobody's heard of called Vivaldi. It's nice, by the way. Check it out if you want an alternative to Chrome that you don't have to compile yourself.

[Aura]

I've heard of Vivaldi and I know what it is. Looks nice, but I have yet to find another web browser that will suit my needs as much as Google Chrome

This being said, how's your system behaving now? Are there any other issues to address, or that was it?

[ClanOS]

2 minutes ago, Aura said:

I've heard of Vivaldi and I know what it is. Looks nice, but I have yet to find another web browser that will suit my needs as much as Google Chrome

This being said, how's your system behaving now? Are there any other issues to address, or that was it?

My system's behaving fine - for the moment. I thought it was behaving fine when I was doing incomplete sweeps with Hitmanpro and not catching the rootkit, and it was just a weird system setting that meant things were having connection issues, until a few weeks later my memory started disappearing into the sinkhole called scvmx.exe. On the topic of browsers - Have you tried Chromium? It's essentially the same as Google Chrome, you just compile it yourself and it has none of the tracking stuff Google puts into it (Maybe there's none, and I'm just being paranoid, but free product, you're the product, yadda yadda.)

 

Thanks for all your help so far!

[Aura]

Quote

On the topic of browsers - Have you tried Chromium? It's essentially the same as Google Chrome, you just compile it yourself and it has none of the tracking stuff Google puts into it (Maybe there's none, and I'm just being paranoid, but free product, you're the product, yadda yadda.)

I know of Chromium as well, since Chrome is built on top of it  But like I said, I'm not one who really mind all that stuff. As long as it works and does what I ask, I'm fine with it.

And SmartService is a painful infection to remove when you don't know how, but when you know, it becomes way easier.

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

DelFix
Follow the instructions below to download and execute DelFix.

• Download DelFix and move the executable to your Desktop;
• Right-click on DelFix.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Check the following options :
  
  • Activate UAC;
  • Remove disinfection tools;
  • Create registry backup;
  • Purge system restore;
  • Reset system settings;
    
• Once all the options mentionned above are checked, click on Run;
• After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;
  

Tips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.

• How To Change Windows Update Settings
• How To Check For & Install Windows Updates
  

Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like SecuniaPSI and Heimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

• How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)
  

Anti-Virus

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

• Sophos Home
• Bitdefender Free Antivirus
• Emsisoft Anti-Malware - Free 30 day trial. Once it expires, EAM enters into a freeware mode where it is still considered an Antivirus program, but without real-time protection
• Avira Free Antivirus
• avast! Free Antivirus
  

Anti-Malware, Anti-Exploit and Anti-Ransomware

Having a decent security setup (which also includes an Antivirus) is the most crucial step to protect a system. These programs are additional layers of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Fortunately, the new Malwarebytes 3 bundle all these layers in one, easy to use and efficient product. Malwarebytes 3 offers Malware, Web, Exploit and Ransomware protection modules that works together in order to keep your system protected and stop an infection at multiple level.

• Malwarebytes - Comes with a free trial of the Premium version for 14 days, after which it reverts back to the Free version
  

Note: Please note that only the Premium version of Malwarebytes 3 offers real-time protection (Malware, Web, Exploit and Ransomware). The free version only allows you to scan your system for threats and remove them.

Firewall

Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.

• GlassWire - Has both a free and paid version (with different packages)
• Windows Firewall Control - Gives you more control over your Windows Firewall
• TinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it
  

Web Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits. 

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.

• uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
• HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
• Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
• NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
• uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
• LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)
  

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:

• The Ultimate Guide to Secure your Online Browsing: Chrome, Firefox and Internet Explorer on Heimdal Security
• Seven Useful Habits For A Safer Internet on Kapsersky Blog
• Tips for Secure Web Browsing: Cybersecurity 101 on VeraCode
• Safe browsing habits on Internet Safety Project Wiki
  

As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :

• Answers to common security questions - Best Practices by quietman7
• How Malware Spreads - How did I get infected by quietman7
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams (aka Grinler)
• How to Prevent Malware by miekiemoes
• Tips & Advice on StaySafeOnline.org
  

The End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread?

[ClanOS]

10 minutes ago, Aura said:

I know of Chromium as well, since Chrome is built on top of it  But like I said, I'm not one who really mind all that stuff. As long as it works and does what I ask, I'm fine with it.

And SmartService is a painful infection to remove when you don't know how, but when you know, it becomes way easier.

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

DelFix
Follow the instructions below to download and execute DelFix.

• Download DelFix and move the executable to your Desktop;
• Right-click on DelFix.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
• Check the following options :
  • Activate UAC;
  • Remove disinfection tools;
  • Create registry backup;
  • Purge system restore;
  • Reset system settings;
• Once all the options mentionned above are checked, click on Run;
• After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;

 

Tips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.

• How To Change Windows Update Settings
• How To Check For & Install Windows Updates

 

Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like SecuniaPSI and Heimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

 

• How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)

 

Anti-Virus

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

• Sophos Home
• Bitdefender Free Antivirus
• Emsisoft Anti-Malware - Free 30 day trial. Once it expires, EAM enters into a freeware mode where it is still considered an Antivirus program, but without real-time protection
• Avira Free Antivirus
• avast! Free Antivirus

 

Anti-Malware, Anti-Exploit and Anti-Ransomware

Having a decent security setup (which also includes an Antivirus) is the most crucial step to protect a system. These programs are additional layers of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Fortunately, the new Malwarebytes 3 bundle all these layers in one, easy to use and efficient product. Malwarebytes 3 offers Malware, Web, Exploit and Ransomware protection modules that works together in order to keep your system protected and stop an infection at multiple level.

 

• Malwarebytes - Comes with a free trial of the Premium version for 14 days, after which it reverts back to the Free version

 

Note: Please note that only the Premium version of Malwarebytes 3 offers real-time protection (Malware, Web, Exploit and Ransomware). The free version only allows you to scan your system for threats and remove them.

Firewall

Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.

• GlassWire - Has both a free and paid version (with different packages)
• Windows Firewall Control - Gives you more control over your Windows Firewall
• TinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it

 

Web Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits. 

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.

• uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
• HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
• Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
• NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
• uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
• LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)

 

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:

• The Ultimate Guide to Secure your Online Browsing: Chrome, Firefox and Internet Explorer on Heimdal Security
• Seven Useful Habits For A Safer Internet on Kapsersky Blog
• Tips for Secure Web Browsing: Cybersecurity 101 on VeraCode
• Safe browsing habits on Internet Safety Project Wiki

As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :

• Answers to common security questions - Best Practices by quietman7
• How Malware Spreads - How did I get infected by quietman7
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams (aka Grinler)
• How to Prevent Malware by miekiemoes
• Tips & Advice on StaySafeOnline.org

The End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread?

One last thing - Do you have any recommendations where I could learn about computers from the ground-up? Memory stacks, TCP/IP, et cet. I understand the concepts vaguely, but it would be nice to have a comprehensive lesson that starts from basics. You've been extremely helpful, and I hope you have a nice afternoon.

[Aura]

It's really hard to say since I went to school for that...  I think you might like this website though, there's every kind of tutorials on it:

https://openclassrooms.com/

[Aura]

If you have any other questions, feel free to drop me a PM