ClanOS Posted July 28, 2017 ID:1146795 Share Posted July 28, 2017 Background: I've had MBAM installed on my computer for years. After I got hit with a load (And I mean a LOAD - Stuff from tencent to no publisher to some chinese name) after running a sketchy installer (I know, I know. Don't run untrusted .exe files...) Malwarebytes has stopped working on my computer. Whenever I boot up and whenever I try to run it, I get the message, "Unable to connect to the Service". Relevantly, I also have Discord installed on my computer. Whenever I try to run it (Or it runs on startup) it's unable to connect to the Discord server as well. Both of these have started occuring after I ran the sketchy installer. Additionally, the viruses seem to have invalidated the license of Malwarebytes- I had to clear the viruses using Hitmanpro, f-secure, and SUPERantispyware, and then delete the publisher data before trying to re-installed. Twice, I've run mbam-clean and re-installed Malwarebytes. The error still exists, even after restart. On a related note, today I noticed some more malware. Specifically, vmxclient.exe hogging some ram. I haven't run any .exe s today. Is it possible I'm somehow rootkitted, or is there a different way to make time-delayed activation virus? f-secure didn't catch vmxclient.exe in its Memory scan, worryingly enough. Link to post Share on other sites More sharing options...
Aura Posted July 28, 2017 ID:1146812 Share Posted July 28, 2017 Hi ClanOS My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state. As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens; As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you; The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system; If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!; If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off; Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced; I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules; In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process; I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread; This being said, it's time to clean-up some malware, so let's get started, shall we? Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan. https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/ If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after. Link to post Share on other sites More sharing options...
ClanOS Posted July 29, 2017 Author ID:1147243 Share Posted July 29, 2017 23 hours ago, Aura said: Hi ClanOS My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state. As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens; As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you; The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system; If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!; If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off; Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced; I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules; In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process; I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread; This being said, it's time to clean-up some malware, so let's get started, shall we? Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan. https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/ If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after. Hey. Still running the scan, just wanted to give you a quick update while it runs. Firstly, thanks for helping me out! I really appreciate it and I'll do my best to be as responsive as possible Secondly, my computer's a bit potato, so the scan is taking a while. Thirdly, I don't know if this is normal, but so far it's detected 9642 items. Gulp. Fourthly, again, I don't know if this is normal, or just an artifact of my computer being potato. When I first ran it, it gave me the, "Could not load DDA Driver" prompt. After a manual restart, things seem to be working normally. I've used Process Lasso to bump up mbar's priority as high as it can go, and it still freezes occasionally (Windows "Is not responding" prompt, window gets a white sheen.). Once, I tried killing it after it froze. It didn't seem to want to die, Task Manager or otherwise, so I restarted. I created a dump file first. Are you going to want that? Now it seems to occasionally get stuck scanning a certain file, but leaving it for a while resolves the issue, it seems. Link to post Share on other sites More sharing options...
Aura Posted July 29, 2017 ID:1147246 Share Posted July 29, 2017 Quote Secondly, my computer's a bit potato, so the scan is taking a while. Understandable. I know it'll take a while already since SmartService drops a lot of files on the system. Quote Thirdly, I don't know if this is normal, but so far it's detected 9642 items. Gulp. Normal, hence my comment above Quote Fourthly, again, I don't know if this is normal, or just an artifact of my computer being potato. When I first ran it, it gave me the, "Could not load DDA Driver" prompt. After a manual restart, things seem to be working normally. I've used Process Lasso to bump up mbar's priority as high as it can go, and it still freezes occasionally (Windows "Is not responding" prompt, window gets a white sheen.). Once, I tried killing it after it froze. It didn't seem to want to die, Task Manager or otherwise, so I restarted. I created a dump file first. Are you going to want that? Now it seems to occasionally get stuck scanning a certain file, but leaving it for a while resolves the issue, it seems. MBAR can have a hard time scanning a system infected with SmartService. It really depends on how many files SS dropped, and your computer specs. However, if you close all your other programs, leave the MBAR window open and do not touch the computer till MBAR is done scanning (it can take up to hours on some systems), then I guarantee you that it'll eventually go through. Link to post Share on other sites More sharing options...
ClanOS Posted July 29, 2017 Author ID:1147334 Share Posted July 29, 2017 (edited) 2 hours ago, Aura said: Understandable. I know it'll take a while already since SmartService drops a lot of files on the system. Normal, hence my comment above MBAR can have a hard time scanning a system infected with SmartService. It really depends on how many files SS dropped, and your computer specs. However, if you close all your other programs, leave the MBAR window open and do not touch the computer till MBAR is done scanning (it can take up to hours on some systems), then I guarantee you that it'll eventually go through. Oh, it took hours. Hours and hours. Still, Malwarebytes still displays the "Unable to connect to the Service" error. Log file is attached. EDIT: Curiously, I had discovered scvmx and dataup on my computer, including their precise file locations before running the scan (Mainly due to scvmx eating memory like mad, and dataup being in the same folder) but no scan run on the folders returned any positives, and it seemed impervious to even SUPERdelete file removal included with SUPERantispyware. Do files in the Windows directory get special privileges or something? mbar-log-2017-07-28 (19-11-44).txt Edited July 29, 2017 by ClanOS Additional info Link to post Share on other sites More sharing options...
Aura Posted July 29, 2017 ID:1147425 Share Posted July 29, 2017 Files in the %windir% (C:\Windows) have permissions different from the rest of the files on the system, yes. Now, if Malwarebytes still throws you the "Unable to connect the service" error, uninstall it and reinstall it. It should do the trick. Malwarebytes - Clean Mode Download and install the free version of MalwarebytesNote: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point; Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so; Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan; Let the scan run, the time required to complete the scan depends of your system and computer specs; Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;If it asks you to restart your computer to complete the removal, do so; Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply; Link to post Share on other sites More sharing options...
ClanOS Posted July 29, 2017 Author ID:1147493 Share Posted July 29, 2017 7 hours ago, Aura said: Files in the %windir% (C:\Windows) have permissions different from the rest of the files on the system, yes. Now, if Malwarebytes still throws you the "Unable to connect the service" error, uninstall it and reinstall it. It should do the trick. Malwarebytes - Clean Mode Download and install the free version of MalwarebytesNote: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point; Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so; Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan; Let the scan run, the time required to complete the scan depends of your system and computer specs; Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button; If it asks you to restart your computer to complete the removal, do so; Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply; Once again, thanks for the help: Below is the copy-pasted summary. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/29/17 Scan Time: 3:09 PM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2464 License: Free -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Meepo\George -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 450815 Threats Detected: 2029 Threats Quarantined: 2029 Time Elapsed: 16 min, 2 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 141 PUP.Optional.UCBrowser, HKU\S-1-5-18\SOFTWARE\UCBrowser, Delete-on-Reboot, [1310], [403633],1.0.2464 PUP.Optional.InstallCore, HKU\S-1-5-21-2383111392-567966768-2532307980-1000\SOFTWARE\csastats, Delete-on-Reboot, [2], [260986],1.0.2464 PUP.Optional.UCBrowser, HKU\S-1-5-21-2383111392-567966768-2532307980-1000\SOFTWARE\UCBrowser, Delete-on-Reboot, [1310], [403633],1.0.2464 PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\CONSOLE\TASKENG.EXE, Delete-on-Reboot, [8379], [408199],1.0.2464 PUP.Optional.InstallCore, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\csastats, Delete-on-Reboot, [2], [260986],1.0.2464 PUP.Optional.UCBrowser, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\UCBrowser, Delete-on-Reboot, [1310], [403633],1.0.2464 PUP.Optional.SearchManager, HKU\S-1-5-21-2383111392-567966768-2532307980-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [503], [183362],1.0.2464 PUP.Optional.UCBrowser, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\UCBrowserPID, Delete-on-Reboot, [1310], [403634],1.0.2464 PUP.Optional.YeaDesktop, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\YeaDesktop, Delete-on-Reboot, [1477], [391400],1.0.2464 PUP.Optional.SearchManager, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [503], [183362],1.0.2464 PUP.Optional.WinYahoo, HKU\S-1-5-21-2383111392-567966768-2532307980-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT, Delete-on-Reboot, [71], [262014],1.0.2464 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\UCBrowser.exe, Delete-on-Reboot, [1310], [396224],1.0.2464 PUP.Optional.ProductSetup, HKU\S-1-5-21-2383111392-567966768-2532307980-1000\SOFTWARE\PRODUCTSETUP, Delete-on-Reboot, [13826], [242047],1.0.2464 PUP.Optional.BlockAdsPro, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BlockAdsPro, Delete-on-Reboot, [8593], [419770],1.0.2464 PUP.Optional.Searchy, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}, Delete-on-Reboot, [6947], [415599],1.0.2464 PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [503], [260991],1.0.2464 PUP.Optional.ProductSetup, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\PRODUCTSETUP, Delete-on-Reboot, [13826], [242047],1.0.2464 PUP.Optional.YeaDesktop, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Yeadesktop_RASAPI32, Delete-on-Reboot, [1477], [409418],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09, Delete-on-Reboot, [5444], [406765],1.0.2464 PUP.Optional.UCBrowser, HKU\S-1-5-21-2383111392-567966768-2532307980-1008\SOFTWARE\UCBrowser, Delete-on-Reboot, [1310], [403633],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB, Delete-on-Reboot, [5444], [406766],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884, Delete-on-Reboot, [5444], [406767],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE, Delete-on-Reboot, [5444], [406768],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF, Delete-on-Reboot, [5444], [406769],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF, Delete-on-Reboot, [5444], [406770],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7, Delete-on-Reboot, [5444], [406773],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59, Delete-on-Reboot, [5444], [406774],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\03D22C9C66915D58C88912B64C1F984B8344EF09, Delete-on-Reboot, [5444], [406765],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\0F684EC1163281085C6AF20528878103ACEFCAAB, Delete-on-Reboot, [5444], [406766],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A, Delete-on-Reboot, [5444], [406775],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F, Delete-on-Reboot, [5444], [406778],1.0.2464 PUP.Optional.SpeeDownloader, HKLM\SOFTWARE\Speedownloader0099, Delete-on-Reboot, [7935], [384272],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\1667908C9E22EFBD0590E088715CC74BE4C60884, Delete-on-Reboot, [5444], [406767],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC, Delete-on-Reboot, [5444], [406779],1.0.2464 PUP.Optional.UCBrowser, HKLM\SOFTWARE\UCBrowser, Delete-on-Reboot, [1310], [407411],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159, Delete-on-Reboot, [5444], [406781],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01, Delete-on-Reboot, [5444], [406788],1.0.2464 PUP.Optional.WinYahoo, HKU\S-1-5-21-2383111392-567966768-2532307980-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Delete-on-Reboot, [71], [254683],1.0.2464 PUP.Optional.WinYahoo, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Delete-on-Reboot, [71], [254683],1.0.2464 PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Delete-on-Reboot, [71], [254683],1.0.2464 PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}, Delete-on-Reboot, [71], [254683],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\18DEA4EFA93B06AE997D234411F3FD72A677EECE, Delete-on-Reboot, [5444], [406768],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF, Delete-on-Reboot, [5444], [406787],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF, Delete-on-Reboot, [5444], [406769],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF, Delete-on-Reboot, [5444], [406783],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF, Delete-on-Reboot, [5444], [406770],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C, Delete-on-Reboot, [5444], [406784],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D, Delete-on-Reboot, [5444], [406789],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\331E2046A1CCA7BFEF766724394BE6112B4CA3F7, Delete-on-Reboot, [5444], [406773],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E, Delete-on-Reboot, [5444], [406823],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29, Delete-on-Reboot, [5444], [406822],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3353EA609334A9F23A701B9159E30CB6C22D4C59, Delete-on-Reboot, [5444], [406774],1.0.2464 PUP.Optional.UCBrowser, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\UCBrowser.exe, Delete-on-Reboot, [1310], [396224],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF, Delete-on-Reboot, [5444], [406790],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB, Delete-on-Reboot, [5444], [406791],1.0.2464 PUP.Optional.YeaDesktop, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YeaDesktop, Delete-on-Reboot, [1477], [391399],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A, Delete-on-Reboot, [5444], [406775],1.0.2464 PUP.Optional.WebOptimum, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0187837F-FA61-437D-9647-EE1E86233276}, Delete-on-Reboot, [1460], [253742],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F, Delete-on-Reboot, [5444], [406778],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF, Delete-on-Reboot, [5444], [406792],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\3D496FA682E65FC122351EC29B55AB94F3BB03FC, Delete-on-Reboot, [5444], [406779],1.0.2464 PUP.Optional.WebOptimum, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CBB7A1EB-D3C4-45A9-A5C9-EFB40A22BF7E}, Delete-on-Reboot, [1460], [261889],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E, Delete-on-Reboot, [5444], [406793],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159, Delete-on-Reboot, [5444], [406781],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1, Delete-on-Reboot, [5444], [406821],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01, Delete-on-Reboot, [5444], [406788],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361, Delete-on-Reboot, [5444], [406806],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4420C99742DF11DD0795BC15B7B0ABF090DC84DF, Delete-on-Reboot, [5444], [406787],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5, Delete-on-Reboot, [5444], [406807],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF, Delete-on-Reboot, [5444], [406783],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13, Delete-on-Reboot, [5444], [406812],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5240AB5B05D11B37900AC7712A3C6AE42F377C8C, Delete-on-Reboot, [5444], [406784],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99, Delete-on-Reboot, [5444], [406811],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\5DD3D41810F28B2A13E9A004E6412061E28FA48D, Delete-on-Reboot, [5444], [406789],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309, Delete-on-Reboot, [5444], [406810],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\7457A3793086DBB58B3858D6476889E3311E550E, Delete-on-Reboot, [5444], [406823],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F, Delete-on-Reboot, [5444], [406809],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947, Delete-on-Reboot, [5444], [406804],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\76A9295EF4343E12DFC5FE05DC57227C1AB00D29, Delete-on-Reboot, [5444], [406822],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F, Delete-on-Reboot, [5444], [406805],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\775B373B33B9D15B58BC02B184704332B97C3CAF, Delete-on-Reboot, [5444], [406790],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0, Delete-on-Reboot, [5444], [406803],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8, Delete-on-Reboot, [5444], [406802],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\872CD334B7E7B3C3D1C6114CD6B221026D505EAB, Delete-on-Reboot, [5444], [406791],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598, Delete-on-Reboot, [5444], [406801],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\88AD5DFE24126872B33175D1778687B642323ACF, Delete-on-Reboot, [5444], [406792],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87, Delete-on-Reboot, [5444], [406799],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9132E8B079D080E01D52631690BE18EBC2347C1E, Delete-on-Reboot, [5444], [406793],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA, Delete-on-Reboot, [5444], [406798],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\982D98951CF3C0CA2A02814D474A976CBFF6BDB1, Delete-on-Reboot, [5444], [406821],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00, Delete-on-Reboot, [5444], [406797],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361, Delete-on-Reboot, [5444], [406806],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF, Delete-on-Reboot, [5444], [406796],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9C43F665E690AB4D486D4717B456C5554D4BCEB5, Delete-on-Reboot, [5444], [406807],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13, Delete-on-Reboot, [5444], [406812],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54, Delete-on-Reboot, [5444], [406795],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9, Delete-on-Reboot, [5444], [406786],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99, Delete-on-Reboot, [5444], [406811],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A, Delete-on-Reboot, [5444], [406785],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A5341949ABE1407DD7BF7DFE75460D9608FBC309, Delete-on-Reboot, [5444], [406810],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138, Delete-on-Reboot, [5444], [406777],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\A59CC32724DD07A6FC33F7806945481A2D13CA2F, Delete-on-Reboot, [5444], [406809],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947, Delete-on-Reboot, [5444], [406804],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD4C5429E10F4FF6C01840C20ABA344D7401209F, Delete-on-Reboot, [5444], [406805],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\AD96BB64BA36379D2E354660780C2067B81DA2E0, Delete-on-Reboot, [5444], [406803],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\CDC37C22FE9272D8F2610206AD397A45040326B8, Delete-on-Reboot, [5444], [406802],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598, Delete-on-Reboot, [5444], [406801],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB303C9B61282DE525DC754A535CA2D6A9BD3D87, Delete-on-Reboot, [5444], [406799],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\DB77E5CFEC34459146748B667C97B185619251BA, Delete-on-Reboot, [5444], [406798],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E22240E837B52E691C71DF248F12D27F96441C00, Delete-on-Reboot, [5444], [406797],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF, Delete-on-Reboot, [5444], [406796],1.0.2464 PUP.Optional.UCBrowser, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ucdrv, Delete-on-Reboot, [1310], [380111],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\ED841A61C0F76025598421BC1B00E24189E68D54, Delete-on-Reboot, [5444], [406795],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\F83099622B4A9F72CB5081F742164AD1B8D048C9, Delete-on-Reboot, [5444], [406786],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A, Delete-on-Reboot, [5444], [406785],1.0.2464 PUM.Optional.DisabledAVSecurityCerts, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138, Delete-on-Reboot, [5444], [406777],1.0.2464 PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PC Screenshot Control Builder, Delete-on-Reboot, [7], [308961],1.0.2464 PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SoftUpgrade, Delete-on-Reboot, [990], [260476],1.0.2464 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UCBrowserSecureUpdater, Delete-on-Reboot, [1310], [380116],1.0.2464 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UCBrowserUpdater, Delete-on-Reboot, [1310], [380116],1.0.2464 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\UCBrowserUpdaterCore, Delete-on-Reboot, [1310], [380116],1.0.2464 PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\beb7299b2b0d8a91a58faf055e360ed9, Delete-on-Reboot, [14606], [261569],1.0.2464 PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [503], [260991],1.0.2464 PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{02F1E432-A954-4612-B236-2EEC2F8A9606}, Delete-on-Reboot, [990], [260475],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0390E12E-720C-4838-84E0-40EA24E96AE8}, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0D3701F9-A877-4441-8515-47B6485E9847}, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{17753457-4535-454C-9278-BD52461C15EB}, Delete-on-Reboot, [1310], [380117],1.0.2464 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1B2A6260-2764-40DC-964B-DE6AFCADBBC0}, Delete-on-Reboot, [1310], [380117],1.0.2464 PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{36D012F9-340B-4713-AC4F-8CF6A97441F7}, Delete-on-Reboot, [7], [308958],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3B8EBECA-2008-4EEF-A32A-FA66327C145A}, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3F3167C2-3230-4C87-8D48-52BF9A632285}, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{41CE33B3-5FA8-4AD3-A884-0A4310AF92CE}, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{535B138D-A425-4EB6-9B00-12B13AF019A4}, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{64A2560A-5ECF-4F12-BCDC-7D0F63CC1C3C}, Delete-on-Reboot, [1310], [380117],1.0.2464 PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6A8744AB-90D8-4D7B-BED0-3F53E310833B}, Delete-on-Reboot, [748], [335676],1.0.2464 PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6D06F23E-0014-480A-BD53-0B1CC5F01127}, Delete-on-Reboot, [452], [258705],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{778FEC7D-07AF-4BC2-ADC0-29B8E6230C47}, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8BB2EAFE-0291-4D5E-9B7A-ECB61804F2A3}, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BBF99526-EDF7-46DC-8385-9FCF9B3F342E}, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C9256332-5DE3-4AE5-8BB5-95D6B892DA4B}, Delete-on-Reboot, [748], [335673],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F25B63ED-6785-451D-926A-9206528A5137}, Delete-on-Reboot, [214], [259199],1.0.2464 Registry Value: 32 Adware.Elex.SHHKRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS|{5F51FFFE-7463-4220-B711-E5B9ACB8EDFE}, Delete-on-Reboot, [9], [357968],1.0.2464 PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, Delete-on-Reboot, [8379], [408201],1.0.2464 PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\CONSOLE\TASKENG.EXE|WINDOWPOSITION, Delete-on-Reboot, [8379], [408199],1.0.2464 PUP.Optional.WinYahoo, HKU\S-1-5-21-2383111392-567966768-2532307980-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|TABS, Delete-on-Reboot, [71], [261450],1.0.2464 PUP.Optional.WinYahoo, HKU\S-1-5-21-2383111392-567966768-2532307980-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT|FILENAME, Delete-on-Reboot, [71], [262014],1.0.2464 PUP.Optional.WinYahoo, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|TABS, Delete-on-Reboot, [71], [261450],1.0.2464 PUP.Optional.ProductSetup, HKU\S-1-5-21-2383111392-567966768-2532307980-1000\SOFTWARE\PRODUCTSETUP|TB, Delete-on-Reboot, [13826], [242047],1.0.2464 PUP.Optional.ProductSetup, HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\PRODUCTSETUP|TB, Delete-on-Reboot, [13826], [242047],1.0.2464 PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|CINPL-2.5CV16.09-BG.EXE, Delete-on-Reboot, [962], [260099],1.0.2464 PUP.Optional.YeaDesktop.ClnShrt, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|YEADESKTOP.EXE, Delete-on-Reboot, [1318], [396226],1.0.2464 PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}|URL, Delete-on-Reboot, [71], [254683],1.0.2464 PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\beb7299b2b0d8a91a58faf055e360ed9|DISPLAYNAME, Delete-on-Reboot, [14606], [261569],1.0.2464 PUP.Optional.SoftUpgrade, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{02F1E432-A954-4612-B236-2EEC2F8A9606}|PATH, Delete-on-Reboot, [990], [260475],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0390E12E-720C-4838-84E0-40EA24E96AE8}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0D3701F9-A877-4441-8515-47B6485E9847}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{17753457-4535-454C-9278-BD52461C15EB}|PATH, Delete-on-Reboot, [1310], [380117],1.0.2464 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1B2A6260-2764-40DC-964B-DE6AFCADBBC0}|PATH, Delete-on-Reboot, [1310], [380117],1.0.2464 PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{36D012F9-340B-4713-AC4F-8CF6A97441F7}|PATH, Delete-on-Reboot, [7], [308958],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3B8EBECA-2008-4EEF-A32A-FA66327C145A}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3F3167C2-3230-4C87-8D48-52BF9A632285}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{41CE33B3-5FA8-4AD3-A884-0A4310AF92CE}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{535B138D-A425-4EB6-9B00-12B13AF019A4}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.UCBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{64A2560A-5ECF-4F12-BCDC-7D0F63CC1C3C}|PATH, Delete-on-Reboot, [1310], [380117],1.0.2464 PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6A8744AB-90D8-4D7B-BED0-3F53E310833B}|PATH, Delete-on-Reboot, [748], [335676],1.0.2464 PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6D06F23E-0014-480A-BD53-0B1CC5F01127}|PATH, Delete-on-Reboot, [452], [258705],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{778FEC7D-07AF-4BC2-ADC0-29B8E6230C47}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8BB2EAFE-0291-4D5E-9B7A-ECB61804F2A3}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BBF99526-EDF7-46DC-8385-9FCF9B3F342E}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C9256332-5DE3-4AE5-8BB5-95D6B892DA4B}|PATH, Delete-on-Reboot, [748], [335673],1.0.2464 PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F25B63ED-6785-451D-926A-9206528A5137}|PATH, Delete-on-Reboot, [214], [259199],1.0.2464 PUP.Optional.UCBrowser, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{91805174-6A84-42EC-8E3A-E90311C0D394}, Delete-on-Reboot, [1310], [392932],1.0.2464 PUP.Optional.UCBrowser, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{2C288FB8-ADD3-4C7A-BBA6-16C544CA411D}, Delete-on-Reboot, [1310], [392932],1.0.2464 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 191 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\build, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\css, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\res, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\USERS\GEORGE\APPDATA\LOCAL\2345explorer, Delete-on-Reboot, [7], [308620],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#inread.anyclip.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#inread.anyclip.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#aka.spotxcdn.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#eereader.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#efreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#egreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#efreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#egreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#efreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#eereader.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#egreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#eereader.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\inread.anyclip.com\#com.junkbyte\Console, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\inread.anyclip.com\#com.junkbyte\Console, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\inread.anyclip.com\#com.junkbyte, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\inread.anyclip.com\#com.junkbyte, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\inread.anyclip.com\ac#, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\inread.anyclip.com\ac#, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\cdn.stickyadstv.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\cdn.stickyadstv.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\cdn.stickyadstv.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\inread.anyclip.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\inread.anyclip.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\aka.spotxcdn.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\egreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\efreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\eereader.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\eereader.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\efreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\egreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\eereader.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\efreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\egreader.com, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\PYJS2SBW, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\XVG6J6ZJ, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\QQ3VAAKF, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\https_www.thisisanfield.com_0.indexeddb.leveldb, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\IndexedDB\http_www.investopedia.com_0.indexeddb.leveldb, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\http_ads.avocet.io_0.indexeddb.leveldb, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\000\t\Paths, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\Origins, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\000\t, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\000, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\databases, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\IndexedDB, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\databases, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\IndexedDB, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\databases, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data643, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data644, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data646, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data647, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data648, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data649, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data650, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data652, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data653, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data654, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data655, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data657, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data658, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data659, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data660, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data661, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data662, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data663, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data664, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data665, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data666, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data668, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data669, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data670, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data671, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data672, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data673, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data674, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data675, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data676, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data677, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data678, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data679, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data680, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data681, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data684, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data686, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data688, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data689, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data690, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data604, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data605, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data606, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data608, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data609, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data610, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data611, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data613, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data614, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data615, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data616, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data618, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data619, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data620, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data622, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data623, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data626, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data628, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data629, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data630, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data691, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data631, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data632, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data633, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data634, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data635, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data636, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data638, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data639, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data640, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data641, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data651, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data601, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data603, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data693, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data694, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data698, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data700, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\dump, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\llssoft\winvmx, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\regtool, Delete-on-Reboot, [21], [383807],1.0.2464 Trojan.Clicker, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup, Delete-on-Reboot, [21], [383807],1.0.2464 Trojan.Clicker, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\ntuserlitelist, Delete-on-Reboot, [21], [383807],1.0.2464 PUP.Optional.InternetMonitor, C:\Users\George\AppData\Local\CrashRpt\UnsentCrashReports\BandwidthStat_394\Logs, Delete-on-Reboot, [11913], [182462],1.0.2464 PUP.Optional.InternetMonitor, C:\USERS\GEORGE\APPDATA\LOCAL\CRASHRPT\UNSENTCRASHREPORTS\BandwidthStat_394, Delete-on-Reboot, [11913], [182462],1.0.2464 PUP.Optional.YeaDesktop, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\YEADESKTOP, Delete-on-Reboot, [1477], [391395],1.0.2464 PUP.Optional.Imali, C:\USERS\GEORGE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL EXTENSION SETTINGS\MIGPPLBCNGHGLPAJIPGFAOKDIACFPKPJ, Delete-on-Reboot, [2252], [417846],1.0.2464 PUP.Optional.UCBrowser, C:\USERS\GEORGE\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\UC浏览器, Delete-on-Reboot, [1310], [396223],1.0.2464 File: 1665 PUP.Optional.UCBrowser, C:\USERS\GEORGE\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\UC浏览器.LNK, Delete-on-Reboot, [1310], [380124],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\build\background.js, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\build\constant.js, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\css\popup.css, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\6pm.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\amazon-de.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\amazon-jp.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\amazon.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\Ashford.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\Asos.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\Carters.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\ebay.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\gnc.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\Jomashop.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\letian.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\levi.com.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\NB.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\Nordstorm.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\Oshkosh.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\ralphlauren.com.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\img\Zappos.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\res\default_icon.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\res\icon.gif, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\res\icon_48.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\res\icon_64.png, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\background.html, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\contentscript.js, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\explugin.js, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\manifest.json, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\popup.html, Delete-on-Reboot, [7], [308620],1.0.2464 PUP.Optional.Elex, C:\Users\George\AppData\Local\2345explorer\User Data\Default\Extensions\aeppgfljjlhcnnbddcccndljodpdkpdh\2.4.16_0\popup.js, Delete-on-Reboot, [7], [308620],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data651\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data601\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data601\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data601\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data601\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data601\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data601\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data601\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data601\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data603\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data603\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data603\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data603\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data603\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data603\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data603\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data603\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data604\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data604\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data604\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data604\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data604\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data604\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data604\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data604\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data605\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data605\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data605\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data605\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data605\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data605\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data605\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data605\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data606\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data606\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data606\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data606\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data606\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data606\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data606\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data606\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data608\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data608\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data608\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data608\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data608\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data608\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data608\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data608\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data609\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data609\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data609\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data609\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data609\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data609\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data609\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data609\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data610\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data610\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data610\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data610\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data610\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data610\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data610\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data610\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data611\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data611\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data611\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data611\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data611\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data611\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data611\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data611\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data613\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data613\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data613\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data613\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data613\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data613\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data613\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data613\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data614\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data614\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data614\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data614\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data614\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data614\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data614\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data614\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data615\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data615\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data615\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data615\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data615\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data615\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data615\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data615\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data616\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data616\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data616\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data616\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data616\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data616\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data616\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data616\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\databases\Databases.db, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\databases\Databases.db-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\IndexedDB\http_www.investopedia.com_0.indexeddb.leveldb\000003.log, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\IndexedDB\http_www.investopedia.com_0.indexeddb.leveldb\CURRENT, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\IndexedDB\http_www.investopedia.com_0.indexeddb.leveldb\LOCK, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\IndexedDB\http_www.investopedia.com_0.indexeddb.leveldb\LOG, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\IndexedDB\http_www.investopedia.com_0.indexeddb.leveldb\MANIFEST-000001, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_sb.monetate.net_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_c.betrad.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_c.betrad.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_cdn.krxd.net_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_cdn.krxd.net_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_connexity.net_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_connexity.net_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_gateway.answerscloud.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_gateway.answerscloud.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_sb.monetate.net_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_widgets.outbrain.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_widgets.outbrain.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_www.fitnessmagazine.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\https_www.fitnessmagazine.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_connexity.net_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_connexity.net_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_shop.nordstrom.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_shop.nordstrom.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_www.blessyouboys.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_www.blessyouboys.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_www.businessinsider.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_www.businessinsider.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_www.macworld.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Local Storage\http_www.macworld.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#aka.spotxcdn.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#eereader.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#efreader.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\#egreader.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\BQ94ZFKG\macromedia.com\support\flashplayer\sys\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000001, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000002, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000003, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000004, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000005, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000006, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000007, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000008, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000009, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00000a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00000b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00000c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00000e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00000f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000010, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000011, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000012, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000013, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000014, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000015, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000016, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000017, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000018, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000019, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00001a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00001b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00001c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00001d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00001e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00001f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000020, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000022, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000023, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000024, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000025, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000026, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000027, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000028, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000029, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00002a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00002b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00002c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00002d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00002e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00002f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000030, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000031, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000032, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000033, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000034, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000036, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000037, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000038, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000039, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00003a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00003b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00003c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00003d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00003e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00003f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000040, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000041, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000042, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000043, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000044, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000045, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000046, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000047, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000048, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00004a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00004b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00004c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00004d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00004e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00004f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000050, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000051, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000054, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000055, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000057, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000058, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000059, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00005a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00005b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00005c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00005d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00005e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00005f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000061, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000062, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000064, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000065, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000066, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000067, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000068, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000069, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00006a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00006b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00006c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00006d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00006e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00006f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000070, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000071, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000072, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000073, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000074, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00000d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000021, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000035, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000049, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000060, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000075, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00008a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00009e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c6, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000da, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ee, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000103, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000117, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00012c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000140, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000156, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00016b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00017f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000193, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000076, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000077, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000078, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000079, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00007a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00007b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00007c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00007d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00007e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00007f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000080, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000081, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000082, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000083, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000084, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000085, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000086, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000087, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000089, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00008b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00008c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00008d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00008e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00008f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000090, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000091, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000092, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000093, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000094, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000095, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000096, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000097, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000098, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000099, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00009a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00009b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00009c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00009d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00009f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a4, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a5, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a6, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a7, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a8, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000a9, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000aa, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ab, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ac, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ad, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ae, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000af, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b4, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b5, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b6, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b7, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b8, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000b9, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ba, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000bb, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000bc, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000bd, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000be, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000bf, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c4, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c5, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c7, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c8, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000c9, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ca, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000cb, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000cc, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000cd, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ce, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000cf, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d4, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d5, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d6, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d7, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d8, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000d9, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000db, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000dc, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000dd, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000de, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000df, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e4, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e5, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e6, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e7, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e8, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000e9, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ea, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ec, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ed, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ef, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000f1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000f2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000f3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000f4, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000f5, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000f6, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000f7, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000f8, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000f9, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000fa, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000fb, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000fc, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000fd, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000fe, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0000ff, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000100, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000101, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000102, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000104, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000105, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000106, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000107, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000108, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000109, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00010a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00010b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00010c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00010d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00010e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00010f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000110, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000111, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000112, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000113, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000114, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000115, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000116, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000119, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00011a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00011b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00011c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00011d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00011e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00011f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000120, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000121, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000122, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000123, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000124, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000126, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000127, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000128, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000129, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00012a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00012b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00012d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00012e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00012f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000130, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000131, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000132, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000133, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000134, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000135, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000136, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000137, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000138, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000139, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00013a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00013b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00013c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00013d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00013e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00013f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000141, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000142, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000143, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000144, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000145, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000146, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000147, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000148, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000149, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00014a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00014b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00014e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00014f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000150, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000151, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000152, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000153, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000154, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000155, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000157, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000158, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000159, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00015a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00015b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00015c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00015d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00015f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000160, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000161, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000162, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000163, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000164, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000165, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000166, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000167, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000168, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000169, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00016a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00016c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00016d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00016e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00016f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000170, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000171, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000172, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000173, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000174, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000175, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000176, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000177, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000178, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000179, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00017a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00017b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00017c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00017d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00017e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000180, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000181, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000182, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000183, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000184, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000185, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000186, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000187, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000188, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000189, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00018a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00018b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00018c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00018d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00018e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00018f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000190, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000191, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000192, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000194, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000195, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000196, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000197, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000198, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_000199, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00019a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00019b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00019c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00019d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00019e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_00019f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0001a0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0001a1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0001a2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\f_0001a3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\QuotaManager, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\QuotaManager-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data617\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data618\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data618\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data618\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data618\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data618\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data618\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data618\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data618\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data619\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data619\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data619\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data619\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data619\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data619\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data619\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data619\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data620\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data620\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data620\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data620\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data620\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data620\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data620\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data620\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data622\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data622\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data622\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data622\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data622\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data622\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data622\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data622\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data623\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data623\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data623\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data623\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data623\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data623\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data623\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data623\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data626\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data626\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data626\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data626\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data626\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data626\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data626\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data626\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data628\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data628\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data628\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data628\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data628\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data628\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data628\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data628\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data629\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data629\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data629\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data629\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data629\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data629\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data629\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data629\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data630\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data630\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data630\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data630\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data630\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data630\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data630\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data630\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data631\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data631\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data631\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data631\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data631\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data631\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data631\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data631\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data632\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data632\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data632\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data632\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data632\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data632\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data632\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data632\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data633\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data633\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data633\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data633\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data633\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data633\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data633\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data633\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data634\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data634\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data634\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data634\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data634\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data634\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data634\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data634\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data635\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data635\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data635\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data635\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data635\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data635\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data635\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data635\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data636\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data636\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data636\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data636\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data636\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data636\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data636\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data636\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data638\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data638\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data638\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data638\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data638\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data638\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data638\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data638\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data639\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data639\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data639\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data639\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data639\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data639\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data639\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data639\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data640\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data640\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data640\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data640\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data640\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data640\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data640\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data640\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data641\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\databases\Databases.db, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\databases\Databases.db-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\000003.log, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\CURRENT, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\LOCK, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\LOG, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\IndexedDB\https_lpcdn.lpsnmedia.net_0.indexeddb.leveldb\MANIFEST-000001, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\https_connexity.net_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\https_connexity.net_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\https_www.heatandcool.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\https_www.heatandcool.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\https_www.wildtangent.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\https_www.wildtangent.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\http_connexity.net_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\http_connexity.net_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\http_www.blessyouboys.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Local Storage\http_www.blessyouboys.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\inread.anyclip.com\ac#\_manager_any20170118-163652.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\inread.anyclip.com\analytics.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#eereader.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#efreader.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#egreader.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\#inread.anyclip.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NG3RVBTF\macromedia.com\support\flashplayer\sys\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000001, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000003, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000004, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000005, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000006, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000007, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000008, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000009, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00000a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00000b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00000c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00000e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00000f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000010, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000011, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000012, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000013, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000014, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000015, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000016, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000017, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000018, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000019, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00001a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00001b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00001c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00001d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00001e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000020, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000022, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000023, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000024, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000025, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000026, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000027, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000028, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000029, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00002a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00002b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00002c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00002d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00002e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00002f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000030, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000031, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000032, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000033, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000034, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000036, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000037, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000038, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000039, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00003a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00003b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00003c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00003d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00003e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00003f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000040, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000041, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000042, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000043, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000044, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000045, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000046, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000047, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000048, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00004a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00004b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00004c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00004d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00004e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00004f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000050, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000051, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000052, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000053, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000054, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000055, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000056, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000057, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000058, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000059, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00005a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00005b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00005c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00005e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00005f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000060, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000061, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000062, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000063, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000064, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000065, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000066, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000067, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000068, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000069, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00006a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00006b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00006c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00006d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00006e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00006f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000070, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00000d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000021, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000035, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000049, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00005d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000071, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000085, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00009a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000af, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c5, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000072, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000073, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000074, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000075, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000076, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000077, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000078, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000079, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00007a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00007b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00007c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00007d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00007e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00007f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000080, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000081, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000082, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000083, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000084, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000087, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000088, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000089, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00008a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00008b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00008c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00008d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00008e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00008f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000090, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000091, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000092, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000093, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000094, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000095, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000096, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000097, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000098, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_000099, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00009b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00009c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00009d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00009e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_00009f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000a0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000a1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000a2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000a3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000a5, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000a6, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000a7, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000a8, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000a9, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000aa, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000ab, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000ac, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000ad, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000ae, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000b0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000b1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000b3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000b4, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000b5, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000b6, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000b7, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000b8, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000b9, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000ba, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000bb, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000bd, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000be, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000bf, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c4, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c6, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c7, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c8, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000c9, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000ca, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000cb, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000cd, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000ce, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000cf, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000d0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000d2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000d3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000d4, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000d5, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000d6, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000d7, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000d8, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000d9, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\f_0000da, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\QuotaManager, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\QuotaManager-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data642\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data643\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data643\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data643\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data643\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data643\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data643\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data643\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data643\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data644\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data644\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data644\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data644\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data644\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data644\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data644\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data644\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data646\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data646\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data646\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data646\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data646\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data646\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data646\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data646\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data647\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data647\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data647\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data647\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data647\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data647\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data647\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data647\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data648\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data648\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data648\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data648\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data648\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data648\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data648\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data648\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data649\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data649\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data649\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data649\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data649\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data649\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data649\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data649\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data650\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data650\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data650\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data650\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data650\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data650\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data650\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data650\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data652\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data652\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data652\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data652\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data652\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data652\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data652\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data652\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data653\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data653\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data653\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data653\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data653\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data653\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data653\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data653\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data654\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data654\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data654\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data654\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data654\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data654\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data654\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data654\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data655\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data655\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data655\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data655\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data655\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data655\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data655\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data655\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data657\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data657\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data657\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data657\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data657\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data657\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data657\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data657\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data658\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data658\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data658\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data658\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data658\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data658\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data658\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data658\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data659\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data659\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data659\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data659\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data659\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data659\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data659\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data659\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data660\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data661\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data662\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data662\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data662\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data662\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data662\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data662\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data662\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data662\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data663\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data663\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data663\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data663\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data663\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data663\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data663\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data663\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data664\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data664\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data664\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data664\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data664\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data664\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data664\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data664\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data665\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data665\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data665\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data665\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data665\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data665\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data665\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data665\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data666\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data666\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data666\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data666\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data666\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data666\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data666\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data666\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data668\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data668\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data668\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data668\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data668\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data668\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data668\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data668\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data669\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data669\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data669\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data669\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data669\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data669\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data669\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data669\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data670\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data670\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data670\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data670\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data670\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data670\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data670\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data670\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data671\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data671\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data671\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data671\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data671\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data671\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data671\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data671\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data672\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data672\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data672\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data672\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data672\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data672\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data672\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data672\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data673\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data673\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data673\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data673\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data673\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data673\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data673\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data673\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data674\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data674\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data674\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data674\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data674\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data674\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data674\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data674\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data675\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data675\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data675\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data675\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data675\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data675\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data675\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data675\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data676\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data676\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data676\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data676\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data676\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data676\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data676\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data676\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data677\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data677\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data677\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data677\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data677\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data677\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data677\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data677\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data678\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data678\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data678\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data678\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data678\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data678\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data678\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data678\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data679\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data679\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data679\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data679\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data679\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data679\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data679\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data679\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data680\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data680\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data680\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data680\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data680\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data680\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data680\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data680\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data681\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data681\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data681\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data681\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data681\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data681\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data681\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data681\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data684\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data684\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data684\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data684\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data684\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data684\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data684\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data684\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data686\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data686\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data686\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data686\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data686\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data686\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data686\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data686\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data688\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data688\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data688\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data688\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data688\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data688\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data688\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data688\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data689\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data689\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data689\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data689\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data689\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data689\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data689\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data689\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data690\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data690\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data690\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data690\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data690\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data690\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data690\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data690\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data691\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data691\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data691\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data691\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data691\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data691\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data691\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data691\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\databases\Databases.db, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\databases\Databases.db-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\000\t\Paths\000003.log, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\000\t\Paths\CURRENT, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\000\t\Paths\LOCK, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\000\t\Paths\LOG, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\000\t\Paths\MANIFEST-000001, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\000\t\.usage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\Origins\000003.log, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\Origins\CURRENT, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\Origins\LOCK, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\Origins\LOG, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\File System\Origins\MANIFEST-000001, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\https_www.thisisanfield.com_0.indexeddb.leveldb\000003.log, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\https_www.thisisanfield.com_0.indexeddb.leveldb\CURRENT, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\https_www.thisisanfield.com_0.indexeddb.leveldb\LOCK, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\https_www.thisisanfield.com_0.indexeddb.leveldb\LOG, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\https_www.thisisanfield.com_0.indexeddb.leveldb\MANIFEST-000001, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\http_ads.avocet.io_0.indexeddb.leveldb\000003.log, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\http_ads.avocet.io_0.indexeddb.leveldb\CURRENT, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\http_ads.avocet.io_0.indexeddb.leveldb\LOCK, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\http_ads.avocet.io_0.indexeddb.leveldb\LOG, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\IndexedDB\http_ads.avocet.io_0.indexeddb.leveldb\MANIFEST-000001, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\https_www.thisisanfield.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\https_c.betrad.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\https_c.betrad.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\https_disqus.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\https_disqus.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\https_www.thisisanfield.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\https_www.youtube.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\https_www.youtube.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\http_connexity.net_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\http_connexity.net_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\http_nfl.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\http_nfl.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\http_www.complex.com_0.localstorage, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Local Storage\http_www.complex.com_0.localstorage-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\inread.anyclip.com\ac#\_manager_any20170118-163652.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\inread.anyclip.com\analytics.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#eereader.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#efreader.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#egreader.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\#inread.anyclip.com\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\USMJ8RLP\macromedia.com\support\flashplayer\sys\settings.sol, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000001, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000003, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000004, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000006, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000007, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000008, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000009, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00000a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00000b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00000c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00000e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00000f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000010, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000011, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000012, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000013, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000014, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000015, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000016, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000017, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000018, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000019, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00001a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00001b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00001c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00001d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00001e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00001f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000020, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000022, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000023, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000024, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000025, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000026, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000027, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000028, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000029, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00002a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00002b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00002c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00002d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00002e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00002f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000030, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000031, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000032, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000033, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000034, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000036, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000037, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000038, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000039, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00003a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00003b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00003c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00003d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00003e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00003f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000040, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000041, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000042, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000043, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000044, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000045, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000046, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000047, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000048, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00004a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00004b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00004c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00004d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00004e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00004f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000050, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000051, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000052, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000053, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000054, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000055, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000056, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000057, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000058, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000059, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00005a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00005b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00005c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00005e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00005f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000060, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000061, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000062, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000063, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000064, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000065, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000066, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000067, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000068, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000069, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00006a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00006b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00006c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00006d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00006e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00006f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000070, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00000d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000021, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000035, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000049, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00005d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000071, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000086, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00009c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c4, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d8, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000073, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000074, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000075, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000076, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000077, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000078, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000079, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00007a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00007b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00007c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00007d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00007e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00007f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000080, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000081, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000082, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000083, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000084, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000085, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000087, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000088, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00008a, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00008b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00008c, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00008d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00008e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00008f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000090, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000091, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000093, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000094, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000095, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000096, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000097, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000098, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_000099, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00009b, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00009d, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00009e, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_00009f, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a4, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a5, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a6, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a7, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a8, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000a9, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000aa, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000ab, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000ac, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000ad, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000ae, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000af, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b4, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b5, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b6, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b7, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b8, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000b9, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000ba, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000bb, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000bc, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000bd, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000be, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000bf, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c5, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c6, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c7, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c8, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000c9, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000ca, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000cb, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000cc, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000cd, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000ce, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000cf, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d4, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d5, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d6, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d7, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000d9, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000da, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000db, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000dc, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000dd, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000de, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000df, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e4, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e5, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e6, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e7, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e8, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000e9, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\f_0000ea, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\QuotaManager, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\QuotaManager-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data692\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data693\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data693\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data693\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data693\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data693\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data693\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data693\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data693\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data694\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data694\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data694\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data694\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data694\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data694\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data694\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data694\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data698\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data698\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data698\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data698\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data698\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data698\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data698\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data698\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data700\Cookies, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data700\Cookies-journal, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data700\data_0, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data700\data_1, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data700\data_2, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data700\data_3, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data700\index, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker.D, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\llssoft\winvmx\data700\Visited Links, Delete-on-Reboot, [2507], [364568],1.0.2464 Trojan.Clicker, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.exe, Delete-on-Reboot, [21], [383807],1.0.2464 Trojan.Clicker, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.ini, Delete-on-Reboot, [21], [383807],1.0.2464 Trojan.Clicker, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\help_dll.dll, Delete-on-Reboot, [21], [383807],1.0.2464 Trojan.Clicker, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\dataup\NTSVC.ocx, Delete-on-Reboot, [21], [383807],1.0.2464 Trojan.Clicker, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ntuserlitelist\regtool\regtool.exe, Delete-on-Reboot, [21], [383807],1.0.2464 PUP.Optional.YeaDesktop, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop\YeaDesktop.lnk, Delete-on-Reboot, [1477], [391395],1.0.2464 PUP.Optional.Imali, C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\migpplbcnghglpajipgfaokdiacfpkpj\000003.log, Delete-on-Reboot, [2252], [417846],1.0.2464 PUP.Optional.Imali, C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\migpplbcnghglpajipgfaokdiacfpkpj\CURRENT, Delete-on-Reboot, [2252], [417846],1.0.2464 PUP.Optional.Imali, C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\migpplbcnghglpajipgfaokdiacfpkpj\LOCK, Delete-on-Reboot, [2252], [417846],1.0.2464 PUP.Optional.Imali, C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\migpplbcnghglpajipgfaokdiacfpkpj\LOG, Delete-on-Reboot, [2252], [417846],1.0.2464 PUP.Optional.Imali, C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\migpplbcnghglpajipgfaokdiacfpkpj\LOG.old, Delete-on-Reboot, [2252], [417846],1.0.2464 PUP.Optional.Imali, C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\migpplbcnghglpajipgfaokdiacfpkpj\MANIFEST-000001, Delete-on-Reboot, [2252], [417846],1.0.2464 PUP.Optional.UCBrowser, C:\WINDOWS\TASKS\UCBROWSERUPDATERCORE.JOB, Delete-on-Reboot, [1310], [380114],1.0.2464 PUP.Optional.UCBrowser, C:\WINDOWS\TASKS\UCBROWSERUPDATER.JOB, Delete-on-Reboot, [1310], [380114],1.0.2464 PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\DRIVERS:X64, Delete-on-Reboot, [1310], [380119],1.0.2464 PUP.Optional.FullTab, C:\USERS\GEORGE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fulltab.com_0.localstorage, Delete-on-Reboot, [1981], [376100],1.0.2464 PUP.Optional.FullTab, C:\USERS\GEORGE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fulltab.com_0.localstorage-journal, Delete-on-Reboot, [1981], [376100],1.0.2464 PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\DRIVERS:UCDRV-X64.SYS, Delete-on-Reboot, [1310], [380118],1.0.2464 PUP.Optional.Imali, C:\USERS\GEORGE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_migpplbcnghglpajipgfaokdiacfpkpj_0.localstorage, Delete-on-Reboot, [2252], [417847],1.0.2464 PUP.Optional.Imali, C:\USERS\GEORGE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_migpplbcnghglpajipgfaokdiacfpkpj_0.localstorage-journal, Delete-on-Reboot, [2252], [417847],1.0.2464 PUP.Optional.FullTab, C:\USERS\GEORGE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.fulltabsearch.com_0.localstorage, Delete-on-Reboot, [1981], [376101],1.0.2464 PUP.Optional.FullTab, C:\USERS\GEORGE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.fulltabsearch.com_0.localstorage-journal, Delete-on-Reboot, [1981], [376101],1.0.2464 PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\TASKS\UCBrowserSecureUpdater, Delete-on-Reboot, [1310], [380115],1.0.2464 PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\TASKS\UCBrowserUpdater, Delete-on-Reboot, [1310], [380115],1.0.2464 PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\TASKS\UCBrowserUpdaterCore, Delete-on-Reboot, [1310], [380115],1.0.2464 PUP.Optional.UCBrowser, C:\WINDOWS\SYSTEM32\DRIVERS:X86, Delete-on-Reboot, [1310], [380120],1.0.2464 PUP.Optional.OneSystemCare, C:\WINDOWS\SYSTEM32\TASKS\One System Care Task, Delete-on-Reboot, [452], [241381],1.0.2464 PUP.Optional.UCBrowser, C:\USERS\GEORGE\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\UC浏览器\卸载UC浏览器.lnk, Delete-on-Reboot, [1310], [396223],1.0.2464 Physical Sector: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Aura Posted July 29, 2017 ID:1147494 Share Posted July 29, 2017 Good Now let's do a sweep with AdwCleaner and JRT. AdwCleaner - Fix Mode Download AdwCleaner and move it to your Desktop; Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Accept the EULA (I accept), then click on Scan; Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes; Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it; After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply; Junkware Removal Tool (JRT) Download Junkware Removal Tool (JRT) and move it to your Desktop; Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Press on any key to launch the scan and let it complete;Credits : BleepingComputer.com Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply; Your next reply(ies) should therefore contain: Copy/pasted AdwCleaner clean log; Copy/pasted JRT log; Link to post Share on other sites More sharing options...
ClanOS Posted July 29, 2017 Author ID:1147500 Share Posted July 29, 2017 (edited) 28 minutes ago, Aura said: Good Now let's do a sweep with AdwCleaner and JRT. AdwCleaner - Fix Mode Download AdwCleaner and move it to your Desktop; Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Accept the EULA (I accept), then click on Scan; Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes; Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it; After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply; Junkware Removal Tool (JRT) Download Junkware Removal Tool (JRT) and move it to your Desktop; Right-click on JRT.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Press on any key to launch the scan and let it complete;Credits : BleepingComputer.com Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply; Your next reply(ies) should therefore contain: Copy/pasted AdwCleaner clean log; Copy/pasted JRT log; ADWCleaner Log: # AdwCleaner 7.0.0.0 - Logfile created on Sat Jul 29 22:29:18 2017 # Updated on 2017/17/07 by Malwarebytes # Running on Windows 7 Ultimate (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\Tencent Deleted: C:\Users\Mark\AppData\Roaming\Tencent Deleted: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent Deleted: C:\Users\Mark\AppData\Local\VirtualStore\Program Files (x86)\Tencent Deleted: C:\Program Files (x86)\Common Files\freemake shared Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件 Deleted: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯游戏 Deleted: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯游戏 Deleted: C:/Users\George\AppData\Roaming\\UpdateTask Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\llssoft Deleted: C:\Users\George\AppData\Local\llssoft Deleted: C:\Users\Mark\AppData\Roaming\RHEng Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\LavasoftTcpService Deleted: C:\Users\Mark\AppData\Roaming\Search Protection ***** [ Files ] ***** Deleted: C:/\user.js Deleted: C:\Windows\System32\drivers\TS888x64.sys Deleted: C:\Windows\SysNative\drivers\TFsFltX64.sys Deleted: C:\Windows\System32\lavasofttcpservice.dll Deleted: C:\Windows\System32\LavasoftTcpServiceOff.ini Deleted: C:\Windows\SysNative\LavasoftTcpServiceOff.ini Deleted: C:\Windows\SysNative\LavasoftTcpService64.dll Deleted: C:\ProgramData\pclunst.exe Deleted: C:\ProgramData\Application Data\pclunst.exe Deleted: C:\Users\All Users\pclunst.exe Deleted: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\cfhwemi6.default\searchplugins\yahoo! powered.xml Deleted: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\cfhwemi6.default\SEARCHPLUGINS\YAHOO! POWERED.XML ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: QQBrowser Udpater Task(Core) Deleted: QQBrowser Udpater Task Deleted: Microsoft\Windows\Windows Error Reporting\ErrorReporting ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\InstalledBrowserExtensions Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154} Deleted: [Key] - HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154} Deleted: [Key] - HKCU\Software\Microsoft\{94ebd7b5-82ae-449t-b679-3d04078ed154} Deleted: [Key] - HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2} Deleted: [Key] - HKCU\Software\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winsearch Deleted: [Key] - HKLM\SOFTWARE\Speedownloader0099 Deleted: [Key] - HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Software\Speedownloader0099 Deleted: [Key] - HKCU\Software\Speedownloader0099 Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{86F4A33C-E46F-4F98-8AAC-0A7F0D697C5E} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{CE30957B-3180-41F0-838C-2F3E64BA24BA} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{F77EC82F-0B3A-4E59-8B7C-0C132DDB60C0} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{754DF2CE-51E8-4895-B53C-6381418B84AE} Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{754DF2CE-51E8-4895-B53C-6381418B84AE} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{4C097DF1-0716-4FA1-84A9-025BC1E7B03F} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{88260EA6-BC91-42DF-ABEF-4A683E8A3C23} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{EC0FA563-E0F2-406F-8659-1E728458A91E} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{6E1533F0-E0B5-465A-9F16-98FF0C76D493} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{8519F1E4-E25B-42B1-B361-0C643F45CF11} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|AndroidServer.exe Deleted: [Key] - HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@qq.com/npqscall Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@qq.com/npchrome Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe Deleted: [Value] - HKCU\SOFTWARE\Classes\.crx\OpenWithProgids|UCHTML.AssocFile.CRX Deleted: [Value] - HKCU\SOFTWARE\Classes\.htm\OpenWithProgids|UCHTML.AssocFile.HTM Deleted: [Value] - HKCU\SOFTWARE\Classes\.html\OpenWithProgids|UCHTML.AssocFile.HTML Deleted: [Value] - HKCU\SOFTWARE\Classes\.mht\OpenWithProgids|UCHTML.AssocFile.MHT Deleted: [Value] - HKCU\SOFTWARE\Classes\.shtm\OpenWithProgids|UCHTML.AssocFile.SHTM Deleted: [Value] - HKCU\SOFTWARE\Classes\.shtml\OpenWithProgids|UCHTML.AssocFile.SHTML Deleted: [Value] - HKCU\SOFTWARE\Classes\.webp\OpenWithProgids|UCHTML.AssocFile.WEBP Deleted: [Value] - HKCU\SOFTWARE\Classes\.xht\OpenWithProgids|UCHTML.AssocFile.XHT Deleted: [Value] - HKCU\SOFTWARE\Classes\.xhtml\OpenWithProgids|UCHTML.AssocFile.XHTML Deleted: [Value] - HKLM\SOFTWARE\Classes\.crx\OpenWithProgids|UCHTML.AssocFile.CRX Deleted: [Value] - HKLM\SOFTWARE\Classes\.htm\OpenWithProgids|UCHTML.AssocFile.HTM Deleted: [Value] - HKLM\SOFTWARE\Classes\.html\OpenWithProgids|UCHTML.AssocFile.HTML Deleted: [Value] - HKLM\SOFTWARE\Classes\.mht\OpenWithProgids|UCHTML.AssocFile.MHT Deleted: [Value] - HKLM\SOFTWARE\Classes\.shtm\OpenWithProgids|UCHTML.AssocFile.SHTM Deleted: [Value] - HKLM\SOFTWARE\Classes\.shtml\OpenWithProgids|UCHTML.AssocFile.SHTML Deleted: [Value] - HKLM\SOFTWARE\Classes\.webp\OpenWithProgids|UCHTML.AssocFile.WEBP Deleted: [Value] - HKLM\SOFTWARE\Classes\.xht\OpenWithProgids|UCHTML.AssocFile.XHT Deleted: [Value] - HKLM\SOFTWARE\Classes\.xhtml\OpenWithProgids|UCHTML.AssocFile.XHTML Deleted: [Key] - HKLM\SOFTWARE\betterads Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MeOptimum_x86 Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Software\Installer Deleted: [Key] - HKCU\Software\Installer Deleted: [Key] - HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Software\msaver Deleted: [Key] - HKCU\Software\msaver Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} Deleted: [Key] - HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} Deleted: [Key] - HKCU\Software\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb} Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services Deleted: [Key] - HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Software\Hotspot Deleted: [Key] - HKCU\Software\Hotspot Deleted: [Key] - HKLM\SOFTWARE\betterads Deleted: [Key] - HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Software\Amigo Deleted: [Key] - HKCU\Software\Amigo Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** SearchProvider deleted: AOL - aol.com SearchProvider deleted: AOL - aol.com SearchProvider deleted: AOL - aol.com SearchProvider deleted: Ask - ask.com SearchProvider deleted: Ask - ask.com SearchProvider deleted: Ask - ask.com ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [12633 B] - [2017/7/29 22:15:5] C:/AdwCleaner/AdwCleaner[S1].txt - [12246 B] - [2017/7/29 22:21:36] C:/AdwCleaner/AdwCleaner[S2].txt - [12315 B] - [2017/7/29 22:27:43] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## (END OF ADWCLEANER LOG) JRT Log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 7 Ultimate x64 Ran by George (Administrator) on 29/07/2017 at 18:34:49.55 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 12 Successfully deleted: C:\ProgramData\DP0004.dat (File) Successfully deleted: C:\ProgramData\DT0001.dat (File) Successfully deleted: C:\ProgramData\DT0006.dat (File) Successfully deleted: C:\ProgramData\mntemp (File) Successfully deleted: C:\ProgramData\pc1data (Folder) Successfully deleted: C:\Users\Public\thunder network (Folder) Successfully deleted: C:\Windows\system32\newsoft (File) Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B13UC901 (Temporary Internet Files Folder) Successfully deleted: C:\Users\George\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1PO8V6M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B13UC901 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1PO8V6M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\SysWOW64\REND95D.tmp (File) Registry: 6 Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\QMUdisk (Registry Key) Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\TS888x64 (Registry Key) Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\TsDefenseBt (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5F815EE-1391-4A6C-A0DD-488E9A6EC0F2} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5F815EE-1391-4A6C-A0DD-488E9A6EC0F2} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{BB94CCC5-F838-412D-9760-28A307E376B5} (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 29/07/2017 at 18:38:11.73 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If I wanted to learn more about malware and IT Security on my own, where would you recommend I start? Edited July 29, 2017 by ClanOS Adding JRT Log Link to post Share on other sites More sharing options...
Aura Posted July 30, 2017 ID:1147669 Share Posted July 30, 2017 Quote If I wanted to learn more about malware and IT Security on my own, where would you recommend I start? I'll give you some helpful resources at the end of the clean-up. If you ever need more, you are free to PM me afterwards Now, let's run a scan with FRST to see if there's anything left to remove. Farbar Recovery Scan Tool (FRST) - Scan mode Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply. Download the right version of FRST for your system: FRST 64-bit Move the executable (FRST.exe or FRST64.exe) on your Desktop; Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds; Make sure the Addition.txt box is checked; Click on the Scan button; On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files; Copy and paste the content of both FRST.txt and Addition.txt in your next reply; Link to post Share on other sites More sharing options...
ClanOS Posted July 30, 2017 Author ID:1147694 Share Posted July 30, 2017 (edited) 1 hour ago, Aura said: I'll give you some helpful resources at the end of the clean-up. If you ever need more, you are free to PM me afterwards Now, let's run a scan with FRST to see if there's anything left to remove. Farbar Recovery Scan Tool (FRST) - Scan mode Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply. Download the right version of FRST for your system: FRST 64-bit Move the executable (FRST.exe or FRST64.exe) on your Desktop; Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds; Make sure the Addition.txt box is checked; Click on the Scan button; On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files; Copy and paste the content of both FRST.txt and Addition.txt in your next reply; FTST.txt : Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-07-2017 Ran by George (administrator) on MEEPO (30-07-2017 11:41:07) Running from C:\Users\George\Desktop Loaded Profiles: George (Available Profiles: Mark & new mark & George) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: "C:\Users\George\AppData\Local\Vivaldi\Application\vivaldi.exe" -- "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Red Software) C:\Program Files\PDFescape Desktop\creator-ws.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe () C:\Windows\DAODx.exe (Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe (Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Hammer & Chisel, Inc.) C:\Users\George\AppData\Local\Discord\app-0.0.297\Discord.exe (Flux Software LLC) C:\Users\George\AppData\Local\FluxSoftware\Flux\flux.exe (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (Vivaldi Technologies AS) C:\Users\George\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS) C:\Users\George\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS) C:\Users\George\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS) C:\Users\George\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS) C:\Users\George\AppData\Local\Vivaldi\Application\vivaldi.exe (Hammer & Chisel, Inc.) C:\Users\George\AppData\Local\Discord\app-0.0.297\Discord.exe (Vivaldi Technologies AS) C:\Users\George\AppData\Local\Vivaldi\Application\vivaldi.exe (Hammer & Chisel, Inc.) C:\Users\George\AppData\Local\Discord\app-0.0.297\Discord.exe (Vivaldi Technologies AS) C:\Users\George\AppData\Local\Vivaldi\Application\vivaldi.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\Run: [Discord] => C:\Users\George\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\Run: [f.lux] => C:\Users\George\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC) HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\MountPoints2: E - E:\INSTALL\SETUP.EXE GroupPolicy: Restriction <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-19] => Proxy is enabled. ProxyServer: [S-1-5-19] => 127.0.0.1:8003 ProxyEnable: [S-1-5-20] => Proxy is enabled. ProxyServer: [S-1-5-20] => 127.0.0.1:8003 Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{CC775005-5A3A-4864-AC20-BB298AFF5B34}: [DhcpNameServer] 192.168.142.2 Tcpip\..\Interfaces\{D0A875C5-B33F-4450-9BFD-010AFF816B80}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{F90945C9-1384-4CA5-AD99-D05B561498B4}: [DhcpNameServer] 192.168.116.1 Internet Explorer: ================== HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKLM-x32 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKU\S-1-5-21-2383111392-567966768-2532307980-1009 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-04] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-04-02] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-07-04] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-16] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-02] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-16] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-02] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-07-04] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-16] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-02] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.) Toolbar: HKU\S-1-5-21-2383111392-567966768-2532307980-1009 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-04] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-04] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-04] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-04] (Microsoft Corporation) FireFox: ======== FF HKLM\...\Firefox\Extensions: [pdfescape_desktop_conv@pdfescape.com] - C:\Program Files\PDFescape Desktop\resources\pdfescapedesktopfirefoxextension FF Extension: (PDFescape Desktop Creator) - C:\Program Files\PDFescape Desktop\resources\pdfescapedesktopfirefoxextension [2017-01-23] [not signed] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2015-08-16] FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-02] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-11-24] (Unity Technologies ApS) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] () FF Plugin-x32: @gentek.com/thinclient -> C:\Users\Mark\AppData\Roaming\gentek\npthinclient.dll [No File] FF Plugin-x32: @haitao.com/npHaitaoPlugin -> C:\Users\George\AppData\Local\htyh\application\htwebHelper.dll [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-02] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-02] (Oracle Corporation) FF Plugin-x32: @kingsfot.com/npkws -> C:\Program Files (x86)\Kingsoft\kingsoft antivirus\npkws.dll [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-26] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2016-09-14] (Nexon) FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: PDFescape Desktop -> C:\Program Files (x86)\PDFescape Desktop\np-previewer.dll [2017-01-17] (Red Software) StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: Default -> hxxp://www.bcsdny.org CHR NewTab: Default -> Active:"chrome-extension://migpplbcnghglpajipgfaokdiacfpkpj/index.html" CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&atb=v50-3_d CHR DefaultSearchKeyword: Default -> duckduckgo.com_ CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list CHR Profile: C:\Users\George\AppData\Local\Google\Chrome\User Data\Default [2017-07-29] CHR Extension: (Google Slides) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-06] CHR Extension: (Google Docs) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-06] CHR Extension: (Google Drive) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-06] CHR Extension: (DuckDuckGo Search) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-05-07] CHR Extension: (uBlock Origin) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-06-21] CHR Extension: (Google Sheets) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-06] CHR Extension: (Google Docs Offline) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-06] CHR Extension: (Grammarly for Chrome) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-11] CHR Extension: (Gmail) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-06] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found> CHR HKU\S-1-5-21-2383111392-567966768-2532307980-1009\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aeppgfljjlhcnnbddcccndljodpdkpdh] - <not found> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com) R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed] S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1494024 2017-06-27] () R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation) S4 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [887056 2014-07-10] (Disc Soft Ltd) S3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-08-05] (Electronic Arts) S3 PDFescape Desktop; C:\Program Files\PDFescape Desktop\ws.exe [2142184 2017-01-17] (Red Software) S3 PDFescape Desktop CrashHandler; C:\Program Files\PDFescape Desktop\crash-handler-ws.exe [926184 2017-01-17] (Red Software) R2 PDFescape Desktop Creator; C:\Program Files\PDFescape Desktop\creator-ws.exe [733672 2017-01-17] (Red Software) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2017-02-08] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] S2 IpOverUsbSvc; "C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-24] (Disc Soft Ltd) R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-09-16] (Disc Soft Ltd) S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security) R3 GMLXD16Fltr; C:\Windows\System32\drivers\GMLXDFltr01.sys [19488 2016-05-27] (LXD Development, Inc.) R2 hcmon; C:\Windows\System32\DRIVERS\hcmon.sys [83008 2017-02-20] () [File not signed] S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-07-28] () R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-07-30] (Malwarebytes) S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 sjcst; C:\Windows\system32\sjcsu64.sys [86352 2015-11-25] () S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments) R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-09-08] (Oracle Corporation) R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [66520 2017-03-21] () [File not signed] R2 VMnetUserif; C:\Windows\System32\DRIVERS\vmnetuserif.sys [43992 2017-03-21] () [File not signed] R2 vmx86; C:\Windows\System32\DRIVERS\vmx86.sys [88128 2017-03-21] () [File not signed] R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [93248 2016-09-30] () [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-30 11:41 - 2017-07-30 11:41 - 00018399 _____ C:\Users\George\Desktop\FRST.txt 2017-07-30 11:40 - 2017-07-30 11:41 - 00000000 ____D C:\FRST 2017-07-30 11:40 - 2017-07-30 11:40 - 02381312 _____ (Farbar) C:\Users\George\Desktop\FRST64.exe 2017-07-29 21:42 - 2017-03-21 19:13 - 00088128 _____ C:\Windows\system32\Drivers\vmx86.sys 2017-07-29 21:42 - 2016-09-30 01:11 - 00093248 _____ C:\Windows\system32\Drivers\vsock.sys 2017-07-29 21:42 - 2016-09-30 01:11 - 00069104 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll 2017-07-29 21:42 - 2016-09-30 01:11 - 00065008 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll 2017-07-29 21:41 - 2017-07-29 21:41 - 00001188 _____ C:\Users\Public\Desktop\VMware Workstation 12 Player.lnk 2017-07-29 21:41 - 2017-07-29 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware 2017-07-29 21:41 - 2017-07-29 21:41 - 00000000 ____D C:\Program Files\Common Files\VMware 2017-07-29 21:41 - 2017-03-21 19:18 - 01149416 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll 2017-07-29 21:41 - 2017-03-21 19:18 - 00400872 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe 2017-07-29 21:41 - 2017-03-21 19:18 - 00366568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe 2017-07-29 21:41 - 2017-03-21 19:01 - 00066520 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll 2017-07-29 21:41 - 2017-03-21 19:01 - 00046032 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys 2017-07-29 21:41 - 2017-03-21 19:01 - 00043992 _____ C:\Windows\system32\Drivers\vmnetuserif.sys 2017-07-29 21:41 - 2017-02-20 08:02 - 00083008 _____ C:\Windows\system32\Drivers\hcmon.sys 2017-07-29 21:37 - 2017-07-29 21:37 - 69902808 _____ C:\Users\George\Downloads\VMwarePlayer12.5.5.zip 2017-07-29 21:37 - 2017-07-29 21:37 - 00000000 ____D C:\Users\George\Downloads\VMwarePlayer12.5.5 2017-07-29 21:25 - 2017-07-29 21:32 - 2091008000 _____ C:\Users\George\Downloads\wt7-elite-1315.04.182016.iso 2017-07-29 18:38 - 2017-07-29 18:38 - 00002407 _____ C:\Users\George\Desktop\JRT.txt 2017-07-29 18:33 - 2017-07-29 18:33 - 01790024 _____ (Malwarebytes) C:\Users\George\Desktop\JRT.exe 2017-07-29 18:13 - 2017-07-29 18:29 - 00000000 ____D C:\AdwCleaner 2017-07-29 18:13 - 2017-07-29 18:13 - 08162248 _____ (Malwarebytes) C:\Users\George\Desktop\AdwCleaner.exe 2017-07-29 15:08 - 2017-07-30 11:37 - 00253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-07-29 15:08 - 2017-07-29 15:08 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-07-29 15:08 - 2017-07-29 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-07-29 15:08 - 2017-07-29 15:08 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-07-29 15:08 - 2017-06-27 12:06 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-07-29 15:01 - 2017-07-29 15:01 - 65033984 _____ (Malwarebytes ) C:\Users\George\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (2).exe 2017-07-28 17:41 - 2017-07-29 14:56 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-07-28 17:37 - 2017-07-28 17:37 - 00055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2017-07-28 17:34 - 2017-07-29 00:46 - 00000000 ____D C:\Users\George\Desktop\mbar 2017-07-28 17:34 - 2017-07-28 17:34 - 16564750 _____ (Malwarebytes Corp.) C:\Users\George\Downloads\mbar-1.09.4.1001.exe 2017-07-27 21:24 - 2017-07-27 21:25 - 65033984 _____ (Malwarebytes ) C:\Users\George\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251 (1).exe 2017-07-27 21:24 - 2017-07-27 21:24 - 00566128 _____ (Malwarebytes) C:\Users\George\Downloads\mbam-clean-2.3.0.1001.exe 2017-07-26 22:46 - 2017-07-26 22:46 - 00000222 _____ C:\Users\George\Desktop\Shadow Warrior.url 2017-07-26 20:43 - 2017-07-26 20:43 - 00496896 _____ C:\Users\George\Downloads\flux-setup.exe 2017-07-26 20:43 - 2017-07-26 20:43 - 00002046 _____ C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk 2017-07-26 20:43 - 2017-07-26 20:43 - 00000000 ____D C:\Users\George\AppData\Local\FluxSoftware 2017-07-23 21:16 - 2017-07-23 21:16 - 00000000 ____D C:\Users\George\Documents\Unnamed FantaSci Novel.scriv 2017-07-23 20:01 - 2017-07-23 20:01 - 00000000 ____D C:\Users\George\Downloads\ccl-1.11-windows 2017-07-23 20:00 - 2017-07-23 20:00 - 43050039 _____ C:\Users\George\Downloads\ccl-1.11-windows.zip 2017-07-22 23:08 - 2017-07-22 23:08 - 00003640 _____ C:\Users\George\Documents\betterantigua v3.svg 2017-07-22 23:06 - 2017-07-22 23:06 - 00003572 _____ C:\Users\George\Documents\betterantigua v2.svg 2017-07-21 01:39 - 2017-07-21 01:58 - 00017342 _____ C:\Users\George\Documents\Discussion Questions (Essay).odt 2017-07-20 21:44 - 2017-07-20 21:44 - 00000000 ____D C:\Users\George\Downloads\Beginning Ethical Hacking with Python - True PDF - 4446 [ECLiPSE] 2017-07-20 18:48 - 2017-07-20 18:48 - 00000000 ____D C:\Users\new mark\AppData\Roaming\ProcessLasso 2017-07-20 18:48 - 2017-07-20 18:48 - 00000000 ____D C:\Users\new mark\AppData\Roaming\Adobe 2017-07-20 18:48 - 2017-07-20 18:48 - 00000000 ____D C:\Users\new mark\AppData\Local\TSVNCache 2017-07-20 18:47 - 2017-07-20 18:47 - 00000000 ____D C:\Users\Mark\AppData\Roaming\ProcessLasso 2017-07-20 03:52 - 2017-07-20 04:21 - 00024419 _____ C:\Users\George\Documents\We Need To Talk..odt 2017-07-17 12:07 - 2017-07-28 14:30 - 00000000 ____D C:\Users\George\AppData\Local\FSDART 2017-07-17 12:07 - 2017-07-27 23:36 - 00000000 ____D C:\ProgramData\F-Secure 2017-07-17 12:07 - 2017-07-17 12:07 - 00524248 _____ (F-Secure Corporation) C:\Users\George\Downloads\F-SecureOnlineScanner.exe 2017-07-17 12:07 - 2017-07-17 12:07 - 00000000 ____D C:\Users\George\AppData\Local\F-Secure 2017-07-17 11:45 - 2017-07-28 15:13 - 00003952 _____ C:\Windows\system32\.crusader 2017-07-17 10:39 - 2017-07-17 10:39 - 00021352 _____ C:\Users\George\Desktop\mb-check-results.zip 2017-07-17 10:37 - 2017-07-17 10:38 - 00000000 ____D C:\Users\George\AppData\Local\Discord 2017-07-17 10:37 - 2017-07-17 10:37 - 52553728 _____ (Hammer & Chisel, Inc.) C:\Users\George\Downloads\DiscordSetup.exe 2017-07-17 09:36 - 2017-07-17 11:45 - 00000000 ____D C:\ProgramData\HitmanPro 2017-07-17 09:35 - 2017-07-17 09:36 - 11584088 _____ (SurfRight B.V.) C:\Users\George\Downloads\HitmanPro_x64.exe 2017-07-17 09:04 - 2017-07-29 15:07 - 00028859 _____ C:\Users\George\Desktop\mb-clean-results.txt 2017-07-17 09:03 - 2017-07-17 09:03 - 65033984 _____ (Malwarebytes ) C:\Users\George\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe 2017-07-17 08:58 - 2017-07-17 08:58 - 00841160 _____ (Malwarebytes) C:\Users\George\Downloads\mb-clean-3.1.0.1014.exe 2017-07-17 08:56 - 2017-07-17 08:57 - 02322896 _____ (Malwarebytes Corporation) C:\Users\George\Downloads\mb-check-3.1.5.1001.exe 2017-07-17 08:01 - 2017-07-17 08:01 - 00000000 ____D C:\Users\George\AppData\Local\ElevatedDiagnostics 2017-07-17 01:38 - 2017-07-17 01:38 - 00000000 ____D C:\Users\George\AppData\Local\Apps\2.0 2017-07-16 22:22 - 2017-07-17 07:50 - 00000000 ____D C:\SUPERDelete 2017-07-16 22:17 - 2017-07-16 22:17 - 00000000 ____D C:\extensions 2017-07-16 22:17 - 2017-07-16 22:17 - 00000000 ____D C:\chrome 2017-07-16 22:16 - 2017-07-16 23:23 - 00000000 ____D C:\ProgramData\WindowsErrorReporting 2017-07-16 22:16 - 2017-07-16 22:16 - 00001114 _____ C:\Users\George\Desktop\Играть в Dragon Knight.lnk 2017-07-16 22:16 - 2017-07-16 22:16 - 00001110 _____ C:\Users\George\Desktop\Play World Of Warships.lnk 2017-07-16 22:16 - 2017-07-16 22:16 - 00001102 _____ C:\Users\George\Desktop\Play Dragon Blood.lnk 2017-07-16 22:16 - 2017-07-16 22:16 - 00001098 _____ C:\Users\George\Desktop\Play Imperia Online.lnk 2017-07-16 22:16 - 2017-07-16 22:16 - 00001094 _____ C:\Users\George\Desktop\Play World Of Tanks.lnk 2017-07-16 22:16 - 2017-07-16 22:16 - 00001088 _____ C:\Users\George\Desktop\Play Warframe.lnk 2017-07-16 22:16 - 2017-07-16 22:16 - 00001088 _____ C:\Users\George\Desktop\Play Crossout.lnk 2017-07-16 22:16 - 2017-07-16 22:16 - 00001084 _____ C:\Users\George\Desktop\Play Warface.lnk 2017-07-16 22:16 - 2017-06-21 08:55 - 00000332 _____ C:\Users\George\Desktop\Download Video and Audio Online.lnk 2017-07-16 22:15 - 2017-07-16 22:15 - 00001082 _____ C:\Users\George\Desktop\Play WarThunder.lnk 2017-07-16 22:15 - 2017-07-16 22:15 - 00000000 ____D C:\Users\George\AppData\Local\CrashRpt 2017-07-16 22:13 - 2017-07-16 22:13 - 00000000 ____D C:\Users\George\AppData\Roaming\c 2017-07-16 22:13 - 2017-07-16 22:13 - 00000000 ____D C:\Users\George\AppData\Local\begnowsj 2017-07-14 00:00 - 2017-07-14 00:00 - 00051630 _____ C:\Windows\uninstaller.dat 2017-07-13 17:18 - 2017-07-17 08:27 - 00000000 ____D C:\Users\George\Heaven 2017-07-13 17:18 - 2017-07-13 17:18 - 00728064 _____ C:\Users\George\AppData\Local\file__0.localstorage 2017-07-13 17:05 - 2017-07-13 17:13 - 258728440 _____ (Unigine Corp. ) C:\Users\George\Downloads\Unigine_Heaven-4.0.exe 2017-07-11 20:09 - 2017-07-11 20:09 - 00750680 _____ C:\Users\George\Downloads\flux-setup4.exe 2017-07-10 22:39 - 2017-07-10 22:39 - 00000000 ____D C:\Windows\system32\data 2017-07-10 22:39 - 2017-07-10 22:39 - 00000000 ____D C:\Users\George\AppData\Roaming\com.base.main.Main 2017-07-10 22:33 - 2017-07-10 22:33 - 00000981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk 2017-07-10 22:33 - 2017-07-10 22:33 - 00000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-07-10 22:28 - 2017-07-10 22:28 - 02216944 _____ C:\Users\George\Downloads\winrar-x64-55b5.exe 2017-07-09 21:29 - 2017-07-20 03:52 - 00000000 ____D C:\Users\George\.atom 2017-07-09 21:29 - 2017-07-09 21:30 - 00000000 ____D C:\Users\George\AppData\Roaming\Atom 2017-07-09 21:29 - 2017-07-09 21:29 - 00002135 _____ C:\Users\George\Desktop\Atom.lnk 2017-07-09 21:29 - 2017-07-09 21:29 - 00000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2017-07-09 21:27 - 2017-07-09 21:30 - 00000000 ____D C:\Users\George\AppData\Local\atom 2017-07-09 21:23 - 2017-07-09 21:24 - 181252128 _____ (GitHub Inc.) C:\Users\George\Downloads\AtomSetup-x64.exe 2017-07-08 10:35 - 2017-07-08 10:35 - 41715320 _____ (Vivaldi Technologies AS) C:\Users\George\Downloads\Vivaldi.1.10.867.46.exe 2017-07-06 22:46 - 2017-07-06 22:46 - 00000220 _____ C:\Users\George\Desktop\Garry's Mod.url 2017-07-06 20:10 - 2017-07-06 20:10 - 00000219 _____ C:\Users\George\Desktop\Left 4 Dead 2.url 2017-07-06 20:08 - 2017-07-06 20:08 - 00000222 _____ C:\Users\George\Desktop\FTL Faster Than Light.url 2017-07-01 22:17 - 2017-07-01 22:17 - 00000000 ____D C:\Users\George\AppData\Roaming\baidu 2017-07-01 22:17 - 2017-07-01 22:17 - 00000000 ____D C:\Users\George\AppData\Roaming\360se6 2017-07-01 22:17 - 2017-07-01 22:17 - 00000000 ____D C:\Users\George\AppData\Local\360chrome ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-30 11:38 - 2016-12-23 17:41 - 00000000 ____D C:\Users\George\AppData\Local\TSVNCache 2017-07-30 11:37 - 2017-06-23 14:11 - 00000000 ____D C:\ProgramData\VMware 2017-07-30 11:37 - 2016-07-14 14:54 - 00000278 _____ C:\Windows\Tasks\{22351821-B10C-D45F-1E7E-344ACE1788EB}.job 2017-07-30 11:37 - 2015-05-27 17:34 - 00000566 _____ C:\Windows\Tasks\quick_weather_updates_helper_service.job 2017-07-30 11:37 - 2014-09-16 17:29 - 00001460 _____ C:\Windows\Tasks\d6256d17-71cf-40f9-bc9c-9a806979253d.job 2017-07-30 11:37 - 2014-09-16 17:29 - 00001330 _____ C:\Windows\Tasks\TWTP.job 2017-07-30 11:37 - 2014-09-16 17:28 - 00001332 _____ C:\Windows\Tasks\FNAFN.job 2017-07-30 11:37 - 2014-09-16 17:28 - 00000626 _____ C:\Windows\Tasks\05b2e1f6-2431-4ff4-9cc6-b3da4906c824.job 2017-07-30 11:37 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-07-30 11:36 - 2014-09-05 22:58 - 00000000 ____D C:\Program Files (x86)\Steam 2017-07-30 11:36 - 2009-07-14 00:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-07-30 11:36 - 2009-07-14 00:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-07-30 02:00 - 2016-11-16 20:48 - 00000000 ____D C:\Users\George\AppData\Local\Adobe 2017-07-29 22:56 - 2017-06-23 14:15 - 00000000 ____D C:\Users\George\AppData\Local\VMware 2017-07-29 21:44 - 2017-06-23 14:28 - 00000000 ____D C:\Users\George\Documents\Virtual Machines 2017-07-29 21:44 - 2017-06-23 14:15 - 00000000 ____D C:\Users\George\AppData\Roaming\VMware 2017-07-29 21:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2017-07-29 21:41 - 2017-06-23 14:11 - 00000000 ____D C:\Program Files (x86)\VMware 2017-07-29 21:41 - 2014-08-24 22:01 - 00809244 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2017-07-29 19:53 - 2014-08-27 19:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-07-29 18:29 - 2015-06-24 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2017-07-29 18:26 - 2016-12-04 07:07 - 00000000 ____D C:\Users\George\AppData\Local\CrashDumps 2017-07-29 18:15 - 2015-01-16 17:57 - 00000000 ____D C:\Users\UpdatusUser 2017-07-29 18:02 - 2016-11-12 23:11 - 00000000 ____D C:\Users\George\AppData\Roaming\vlc 2017-07-29 15:12 - 2009-07-14 01:13 - 00804702 _____ C:\Windows\system32\PerfStringBackup.INI 2017-07-29 15:08 - 2017-01-28 22:19 - 00000000 ____D C:\Program Files\Malwarebytes 2017-07-28 19:27 - 2017-02-20 22:19 - 00000000 ____D C:\Users\George\AppData\Roaming\discord 2017-07-28 17:27 - 2017-06-16 05:10 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2017-07-28 17:15 - 2016-11-07 20:24 - 00000000 ____D C:\Users\George\AppData\Roaming\qBittorrent 2017-07-27 20:10 - 2016-11-26 07:44 - 00000000 ___HD C:\Users\George\AppData\Local\2ce9cdc060ac46c2 2017-07-27 20:10 - 2016-11-06 17:31 - 00001042 _____ C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-07-27 20:10 - 2016-07-29 00:54 - 00000000 ___HD C:\Users\Mark\AppData\Local\4b74a33042f8b5f7 2017-07-27 20:10 - 2015-12-05 16:15 - 00001042 _____ C:\Users\new mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-07-27 20:10 - 2014-08-24 21:17 - 00001042 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-07-26 22:46 - 2016-12-11 18:11 - 00000000 ____D C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-07-23 05:33 - 2015-01-14 00:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-07-22 14:12 - 2016-11-21 21:45 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-07-20 21:54 - 2015-08-14 09:56 - 00000000 ____D C:\Windows\System32\Tasks\Remediation 2017-07-17 11:46 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\PC Screenshot Control Builder 2017-07-17 11:45 - 2016-09-13 16:48 - 00000000 ____D C:\Users\Mark\Desktop\maplestory private server 2017-07-17 11:45 - 2016-01-25 16:47 - 00000000 ____D C:\Users\Mark\Documents\MEGAsync Downloads 2017-07-17 11:45 - 2014-09-12 20:24 - 00000000 ____D C:\Users\Mark\AppData\Roaming\BitTorrent 2017-07-17 11:45 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Winaphild 2017-07-17 10:39 - 2017-02-20 22:19 - 00000000 ____D C:\Users\George\AppData\Local\SquirrelTemp 2017-07-17 10:38 - 2017-02-20 22:19 - 00002127 _____ C:\Users\George\Desktop\Discord.lnk 2017-07-17 09:25 - 2016-07-14 14:53 - 00000344 __RSH C:\ProgramData\ntuser.pol 2017-07-17 09:10 - 2015-12-26 11:38 - 00000000 ____D C:\Windows\pss 2017-07-17 08:25 - 2014-08-29 21:32 - 00000000 ____D C:\Users\Mark\AppData\Local\Akamai 2017-07-17 08:22 - 2015-11-20 22:18 - 00000000 ____D C:\Users\Mark\AppData\Local\MyComGames 2017-07-17 08:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF 2017-07-17 08:01 - 2015-04-26 12:50 - 00000000 ____D C:\Users\Mark\AppData\Roaming\gentek 2017-07-16 23:02 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2017-07-16 22:59 - 2015-04-12 12:06 - 00000000 ____D C:\Suba Games 2017-07-16 22:58 - 2016-01-06 20:26 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suba Games 2017-07-16 22:29 - 2014-08-26 10:35 - 00000000 ____D C:\Windows\Minidump 2017-07-16 22:10 - 2014-08-24 21:52 - 00000000 ____D C:\Program Files (x86)\Google 2017-07-15 23:31 - 2016-11-07 21:58 - 00000000 ____D C:\Users\George\Documents\My Games 2017-07-15 01:50 - 2017-06-25 06:43 - 00002220 _____ C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk 2017-07-15 01:50 - 2017-06-25 06:43 - 00002212 _____ C:\Users\George\Desktop\Vivaldi.lnk 2017-07-15 01:50 - 2017-06-25 06:42 - 00000000 ____D C:\Users\George\AppData\Local\Vivaldi 2017-07-13 17:18 - 2016-11-06 17:31 - 00000000 ____D C:\Users\George 2017-07-11 21:18 - 2016-10-13 14:19 - 00004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-07-11 21:18 - 2014-09-15 21:17 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-07-11 21:18 - 2014-09-15 21:17 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-07-11 21:18 - 2014-09-15 21:17 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-07-11 21:18 - 2014-09-15 21:17 - 00000000 ____D C:\Windows\system32\Macromed 2017-07-10 22:33 - 2014-09-16 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR ==================== Files in the root of some directories ======= 2016-11-12 13:29 - 2017-05-12 16:01 - 0000387 _____ () C:\Users\George\AppData\Roaming\WB.CFG 2017-07-13 17:18 - 2017-07-13 17:18 - 0728064 _____ () C:\Users\George\AppData\Local\file__0.localstorage 2017-03-02 22:07 - 2017-03-02 22:07 - 0000848 _____ () C:\Users\George\AppData\Local\recently-used.xbel 2017-05-17 11:32 - 2017-05-17 11:32 - 0125952 _____ () C:\Users\George\AppData\Local\report 2016-02-07 19:43 - 2014-11-05 08:51 - 1654869 _____ (Dynu Systems Inc.) C:\ProgramData\DynuEncrypt.dll 2016-11-27 22:12 - 2016-11-27 22:12 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2015-05-28 14:31 - 2015-05-28 14:35 - 45447520 _____ () C:\ProgramData\PCMgrSetup.exe 2017-06-18 18:30 - 2017-06-18 18:30 - 0010255 _____ () C:\ProgramData\regid.2011-06.com.youtubebyclick_3C521B99-9ACE-47EA-AC9F-26075467D03B.swidtag Files to move or delete: ==================== C:\ProgramData\DynuEncrypt.dll C:\ProgramData\PCMgrSetup.exe C:\Users\Mark\audacity-win-2-0-6.exe C:\Users\Mark\main.exe C:\Windows\Tasks\{22351821-B10C-D45F-1E7E-344ACE1788EB}.job Some files in TEMP: ==================== 2012-08-27 06:06 - 2012-08-27 06:06 - 0460160 ____R (Macrovision Corporation) C:\Users\Mark\AppData\Local\Temp\_is7B6.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-07-22 12:38 ==================== End of FRST.txt ============================ Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-07-2017 Ran by George (30-07-2017 11:42:38) Running from C:\Users\George\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2014-08-25 01:16:26) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2383111392-567966768-2532307980-500 - Administrator - Disabled) ASPNET (S-1-5-21-2383111392-567966768-2532307980-1007 - Limited - Enabled) George (S-1-5-21-2383111392-567966768-2532307980-1009 - Administrator - Enabled) => C:\Users\George Guest (S-1-5-21-2383111392-567966768-2532307980-501 - Limited - Disabled) Mark (S-1-5-21-2383111392-567966768-2532307980-1000 - Administrator - Enabled) => C:\Users\Mark new mark (S-1-5-21-2383111392-567966768-2532307980-1008 - Administrator - Enabled) => C:\Users\new mark ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated) Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated) Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.) AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Application Profiles (HKLM-x32\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.) Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.) AruaROSE version 940 (HKLM-x32\...\{8BF09025-5FD9-4026-9F7D-6B56791C7099}_is1) (Version: 940 - AruaROSE) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology) ASUS Product Register Program (HKLM-x32\...\{C0B16F2E-3980-44F8-8CF4-F84696541FF7}) (Version: 1.0.018 - ASUSTek Computer Inc.) Atom (HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\atom) (Version: 1.18.0 - GitHub Inc.) Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team) Aura Kingdom (HKLM-x32\...\Aura Kingdom) (Version: - ) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Beat Blades Haruka version 1.2 (HKLM-x32\...\{D3B9DE87-250F-4215-BCD4-B6494EFC8061}_is1) (Version: 1.2 - Mangagamer) Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - ) Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation) BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC) Blade & Soul (HKLM-x32\...\{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC) Hidden Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC) Bloons TD Battles (HKLM\...\Steam App 444640) (Version: - Ninja Kiwi) Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games) Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\{8A16FF47-A5FC-49A8-96B5-31180D317059}) (Version: 1.0.198 - CANON INC.) Hidden Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 1.0.198.10000 - CANON INC.) Canon MF Toolbox 4.9.1.1.mf15 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf15 - CANON INC.) Canon MF3010 (HKLM\...\{A97F4E18-3053-4652-B763-9A40AE2B1EE5}) (Version: 3.9.0.1 - CANON INC.) Chivalry: Medieval Warfare (HKLM\...\Steam App 219640) (Version: - Torn Banner Studios) CloudNine (HKLM-x32\...\CloudNine) (Version: 1.0 - PlayRedFox) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd) DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.4.0.0280 - Disc Soft Ltd) DataNumen CAB Repair v2.0 (HKLM-x32\...\DataNumen CAB Repair v2.0) (Version: - ) DBO Global version 1.5 (HKLM-x32\...\{B2DB3414-D063-4F42-AE7C-9B9A33BE326E}_is1) (Version: 1.5 - DBO Global, Inc.) Devilian PTS (HKLM-x32\...\Glyph Devilian PTS) (Version: - Trion Worlds, Inc.) DFO (HKLM-x32\...\{C1E5C0FB-527E-42C6-BCA0-0A37A6124AE4}) (Version: 1.01.0000 - Neople) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) DiagnosticsHub_CollectionService (HKLM\...\{90A561D7-0C29-464D-94E1-2A7E1C553230}) (Version: 15.0.26208 - Microsoft Corporation) Hidden Discord (HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) Divinity - Original Sin (HKLM-x32\...\1207664923_is1) (Version: 2.11.0.21 - GOG.com) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Dota 2 Test (HKLM\...\Steam App 205790) (Version: - ) Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.) Dragon Saga (HKLM-x32\...\{909E068C-8FD6-4063-A65E-F95F5731A5EE}) (Version: 0.4.43 - Gravity Interactive, Inc) DragonNest (HKLM-x32\...\{965BBE77-81BF-4067-88B6-ECD4983B13EA}) (Version: 1.00.0000 - EYEDENTITY GAMES) DragonNest (HKLM-x32\...\DragonNest) (Version: - ) Dream ACE Client version 4.5.0.76 (HKLM-x32\...\{0313B4DA-4ADD-49E8-930F-63D3A5E1E5B7}_is1) (Version: 4.5.0.76 - Dream ACE) Dream of Mirror Online (HKLM-x32\...\{305734a7-c0c2-43cb-b1bf-d6e344958038}}_is1) (Version: - Suba Games) Dungeon Defenders II (HKLM-x32\...\Steam App 236110) (Version: - Trendy Entertainment) Dungeon Fighter Online (HKLM\...\Steam App 495910) (Version: - Neople) Echo of Soul (HKLM-x32\...\Echo of Soul) (Version: - ) Eden Eternal (HKLM-x32\...\Eden Eternal) (Version: - ) Elsword version v4.0813.5.1 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: v4.0813.5.1 - KOGGAMES) Entropia Universe (HKLM-x32\...\Entropia Universe) (Version: 15.7.2.132404 - MindArk PE AB) Eternal Fate (HKLM-x32\...\Steam App 317780) (Version: - Escalation Studios, Inc) Eternal Senia (HKLM-x32\...\Steam App 351640) (Version: - Holy Priest) EverEmber 2.00 (HKLM-x32\...\EverEmber 2.00) (Version: - ) f.lux (HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\Flux) (Version: - ) Falou Online (HKLM-x32\...\{F1938858-CEC4-49DE-A070-DAE6C10F34F7}) (Version: 1.0.0 - Falou Online) Hidden Famaze (HKLM-x32\...\Steam App 297210) (Version: - Oryx Design Lab) FanFictionDownloader version 0.8.9 (HKLM-x32\...\{1D868954-1083-4BBA-8379-C7A9B2705CBA}_is1) (Version: 0.8.9 - Raimond Eisele) Fiesta Online NA (HKLM-x32\...\Fiesta Online NA) (Version: 1.02.031 - Gamigo games) FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.) FlagMaker version 2.0 (HKLM-x32\...\{2B6EF3B7-735D-40C9-86B8-3B7BC1AE8150}_is1) (Version: 2.0 - ) Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation) FoxLv II 1.0.34 (HKLM-x32\...\{D8F37CA6-3DAC-4979-A2B2-DB85AAC83C78}_is1) (Version: 1.0.34 - FoxLv Online Network) Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation) FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version: - Subset Games) Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge) GameMaker: Player (HKLM-x32\...\GameMakerPlayer) (Version: 1.4.908.40001 - YoYo Games Ltd.) Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios) Genymotion version 2.7.2 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.7.2 - Genymobile) GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) GodsWar Online (HKLM-x32\...\GodsWar Online_is1) (Version: 2.51.002 - Skyunion(IGG), Joyconnect Studio) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Granado Espada Online (HKLM-x32\...\Granado Espada Online_is1) (Version: - IMC Games Co., Ltd.) Grand Fantasia (HKLM-x32\...\Grand Fantasia) (Version: - ) Grand Fantasia (HKLM-x32\...\Grand Fantasia2.0) (Version: 2.0 - IGNIT Games) GrandChase is Back version 1.5 (HKLM-x32\...\{5C95E502-A38D-436C-B8F2-018A8453D214}_is1) (Version: 1.5 - grand chase reborn, Inc.) Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) HTML TADS Player Kit (HKLM-x32\...\htmltads.exe) (Version: - ) HyperCam 4 (HKLM-x32\...\HyperCam 4 4.0.1511.06) (Version: 4.0.1511.06 - Solveig Multimedia) icecap_collection_neutral (HKLM-x32\...\{64F3E6FC-68E3-4062-9C2C-ABD93FDFF309}) (Version: 15.0.26208 - Microsoft Corporation) Hidden icecap_collection_x64 (HKLM\...\{0AD162D1-4973-4315-97E9-5DE9A92B4049}) (Version: 15.0.26208 - Microsoft Corporation) Hidden icecap_collectionresources (HKLM-x32\...\{12C50688-5919-4A7A-8784-B26A7238FCEE}) (Version: 15.0.26208 - Microsoft Corporation) Hidden icecap_collectionresourcesx64 (HKLM-x32\...\{400E7885-8851-43F1-849C-5A720CB4F001}) (Version: 15.0.26208 - Microsoft Corporation) Hidden ILLUSION HoneySelect (HKLM-x32\...\{1F709DAC-507B-47DA-B04F-367EF5AA20B4}) (Version: 1.00.0000 - ILLUSION) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Insurgency (HKLM\...\Steam App 222880) (Version: - New World Interactive) IntelliJ IDEA Community Edition 2017.1.1 (HKLM-x32\...\IntelliJ IDEA Community Edition 2017.1.1) (Version: 171.4073.35 - JetBrains s.r.o.) Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{A0007ADE-F6F6-410F-822F-7522B4F0BFDE}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Jade Empire (HKLM-x32\...\{EEAA7AC3-F651-4842-86E0-4C755181388B}) (Version: 1.0.1.1 - Electronic Arts) Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Java SE Development Kit 8 Update 111 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180111}) (Version: 8.0.1110.14 - Oracle Corporation) Java SE Development Kit 8 Update 112 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180112}) (Version: 8.0.1120.15 - Oracle Corporation) JTTW Online Version 1.3.3.12 (HKLM-x32\...\{E881695E-3B18-4B6A-A716-0ED952457AE7}_is1) (Version: 1.3.3.12 - Shanghai Xiaoyou Info Tech Co.,Ltd.) Julia Language 0.5.1 (HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\Julia 0.5.1) (Version: - The Julia Project) Karos Returns (HKLM-x32\...\Karos Returns) (Version: 1.5.0.0 - PlayRedfox) Kits Configuration Installer (HKLM-x32\...\{0C05DE52-2C77-D6FA-A561-D508CF5FC96E}) (Version: 10.1.15063.137 - Microsoft) Hidden La Tale (HKLM-x32\...\{08C5815C-2C6E-44f8-8748-0E61BC9AFB06}) (Version: - ) Lamia Must Die (HKLM-x32\...\Steam App 385260) (Version: - Tuomo Laine) LastChaosUSA (HKLM-x32\...\{0AF3FEAE-B651-4421-97EF-4808A588B4E5}) (Version: 1.00.000 - Barunsongames CO., LTD.) Launcher (HKLM\...\{67135CA7-472F-4EA9-954A-01C2D3E20DB4}) (Version: 1.0.0 - Square Enix Ltd.) Hidden Launchpad Enhanced (HKLM-x32\...\{BAA11826-70EF-4E44-9E97-8476793E022F}) (Version: 0.05.000 - SWGEmu) League of Legends (HKLM-x32\...\{E80C09B5-A296-47E9-BD4B-BCCF2FDCA13E}) (Version: 4.1.2 - Riot Games) Hidden League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games) Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve) LibreOffice 5.3.1.2 (HKLM\...\{9A2A4317-64E9-4631-997A-F2C4F8A512C7}) (Version: 5.3.1.2 - The Document Foundation) Lineage II (HKLM-x32\...\{23664DA8-8872-4CF4-A2F2-327CC539823B}) (Version: 4.0.0.2 - NC Interactive, LLC) Lucent Heart EN (HKLM-x32\...\{3C05F539-3641-4ED1-B88F-DEA9DAD620E3}) (Version: 8.00.0300 - Suba Games) Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - ) Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.2 SDK (HKLM-x32\...\{39BEF607-44E6-472B-90C1-BD62AA2B7A3F}) (Version: 4.6.01586 - Microsoft Corporation) Microsoft .NET Framework 4.6.2 Targeting Pack (HKLM-x32\...\{C07B4BC7-A37D-46A8-B2A3-620CC569D149}) (Version: 4.6.01586 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8229.2103 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation) Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation) Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30640.0 - Microsoft Corporation) Microsoft Windows Debugging Symbols (HKLM-x32\...\{5CBDF0C2-6FD1-4A32-9A0A-143D9AB91CCE}) (Version: 7601 - Microsoft) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla) MSI Development Tools (HKLM-x32\...\{074120DA-7DA8-E059-BD8E-5750E97C6046}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Mu (HKLM-x32\...\{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}) (Version: 0.68 - ) Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig) NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT) Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - ) Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.6 - Black Tree Gaming) Nostale(UK) (HKLM-x32\...\NosTale(UK)_is1) (Version: - Gameforge 4D GmbH) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team) NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher US) (Version: 1.0.0 - OGPlanet, Inc.) OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher) (Version: 1.0.0 - OGPlanet, Inc.) Onigiri_US (HKLM-x32\...\{E5A8486E-4E03-4F59-A44A-88399E341F41}) (Version: 1.00.0000 - CyberStep, Inc.) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) Oracle VM VirtualBox 5.0.4 (HKLM\...\{FC191F32-1A67-4231-91D0-0059A57C99A8}) (Version: 5.0.4 - Oracle Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.11.2.10120 - Electronic Arts, Inc.) paint.net (HKLM\...\{A1D05314-DC32-4668-A97E-51060EC8BCCE}) (Version: 4.0.12 - dotPDN LLC) Path of Exile (HKLM-x32\...\{1098f580-12f4-4a6d-8d57-4f422e89e325}) (Version: 2.3.0.58224 - Grinding Gear Games) Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 2.3.0.58224 - Grinding Gear Games) Hidden Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games) PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - ) PDFescape Desktop (HKLM-x32\...\PDFescape Desktop) (Version: 1.0.6.28181 - RedSoftware) PDFescape Desktop Asian Fonts Pack (HKLM\...\{031A1BDD-A9EA-4617-8DA6-335C2A61B193}) (Version: 1.0.20.31528 - Red Software) Hidden PDFescape Desktop Convert Module (HKLM\...\{91935FD9-E08A-4D2D-BA2F-AADE7FBE0C60}) (Version: 1.0.20.31528 - Red Software) Hidden PDFescape Desktop Create Module (HKLM\...\{E4353769-84F5-4234-84A3-160C28F2AE8A}) (Version: 1.0.20.31528 - Red Software) Hidden PDFescape Desktop Edit Module (HKLM\...\{66F29A3B-8941-4852-835A-FDEFE294C587}) (Version: 1.0.20.31528 - Red Software) Hidden PDFescape Desktop Forms Module (HKLM\...\{EB30AF72-4FE0-4774-82FA-4E387E910327}) (Version: 1.0.20.31528 - Red Software) Hidden PDFescape Desktop Insert Module (HKLM\...\{066060BD-1B5E-4662-8001-E0C317CA0E07}) (Version: 1.0.20.31528 - Red Software) Hidden PDFescape Desktop Review Module (HKLM\...\{30E0B65D-ABF8-4984-B9F0-F9B674377EBB}) (Version: 1.0.20.31528 - Red Software) Hidden PDFescape Desktop Secure Module (HKLM\...\{1B9A4CCB-FC0A-493D-8FDB-79EEE03A849D}) (Version: 1.0.20.31528 - Red Software) Hidden PDFescape Desktop View Module (HKLM\...\{395D61FC-8793-4E93-806B-F7F85DAE08A0}) (Version: 1.0.20.31528 - Red Software) Hidden Pirate King Online 1.1.9 (HKLM-x32\...\{D8F37CA6-3BAC-4979-A2B2-DB85AAC83C78}_is1) (Version: 1.1.9 - ServerDev) PlayOnline Viewer & Tetra Master (HKLM-x32\...\{47004155-7376-403E-89E9-4C9F44AAF0D0}) (Version: 1.18.00 - SQUARE ENIX CO., LTD.) Hidden PlayOnline Viewer & Tetra Master (HKLM-x32\...\InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}) (Version: 1.18.00 - SQUARE ENIX CO., LTD.) Playtrickster version 1.1 (HKLM-x32\...\{794AF87D-6B0E-4CE2-900C-A3C9D527F70D}_is1) (Version: 1.1 - Privatia) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.9 - Power Software Ltd) Presto! PageManager 7.15.38 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.38 - NewSoft Technology Corporation) Prius Online (HKLM-x32\...\Prius Online) (Version: 1.0.1 - Prius Anima) Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 9.0.0.360 - Bitsum) Quest 5.6.3 (HKLM-x32\...\Quest_is1) (Version: 5.6.3 - Alex Warren) Ragnarok Online (HKLM-x32\...\{181579B5-0028-4E01-AC27-97ED80352279}) (Version: 14.2.5 - Gravity Interactive, Inc.) RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.13004.105 - raidcall.com) RAN Online (HKLM-x32\...\RAN Online) (Version: 1.00 - GameSamba) Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek) Red Stone (HKLM-x32\...\Red Stone for USA) (Version: - ) RescueTime 2.11.2.1410 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version: - RescueTime.com) RGSS-RTP Standard (HKLM-x32\...\RGSS-RTP Standard_is1) (Version: 1.04 - Enterbrain) RIFT (HKLM-x32\...\Glyph RIFT) (Version: - Trion Worlds, Inc.) ROSE Online (HKLM-x32\...\{FE68D630-0051-42DC-98D6-0D8BF5CB13C5}) (Version: 1.0.511.1 - Gravity Interactive, Inc.) RPG MO (HKLM-x32\...\Steam App 372800) (Version: - Marxnet) Runes of Magic (HKLM-x32\...\{F57FBE91-C48B-4A86-91C8-A9C3D744E459}_is1) (Version: 6.3.0.2742 - Gameforge Productions GmbH) Sakura Clicker (HKLM-x32\...\Steam App 383080) (Version: - Winged Cloud) Scrivener (HKLM-x32\...\Scrivener 1970) (Version: 1970 - Literature and Latte) SealOnline Blades of Destiny (HKLM-x32\...\SealOnlinePlusUSA) (Version: - ) Secrets of Grindea Demo (HKLM-x32\...\Steam App 372500) (Version: - Pixel Ferrets) Shadow Warrior (HKLM\...\Steam App 233130) (Version: - Flying Wild Hog) Shaiya (HKLM-x32\...\Shaiya) (Version: - ) Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.) Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: - Bioware/EA) Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Sublime Text Build 3126 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab Detection (HKLM-x32\...\{F6276F22-4DBA-4C97-8F9C-5D53040A636B}) (Version: 6.1.1.0 - Husdawg, LLC) Tabletop Simulator (HKLM\...\VGFibGV0b3BTaW11bGF0b3I=_is1) (Version: 1 - ) Tales of Pirates II (HKLM-x32\...\Tales of Pirates II_is1) (Version: 1.0.70 - IGG,Inc.) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TERA (HKLM-x32\...\{A0D70C31-D5CB-4491-A508-5CF2C9F25EE0}) (Version: 1.00.0000 - En Masse Entertainment) TERA (HKLM-x32\...\Steam App 323370) (Version: - Bluehole Inc.) Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic) The Elder Scrolls V Skyrim Legendary Edition version 1.9.32.8 (HKLM-x32\...\The Elder Scrolls V Skyrim Legendary Edition_is1) (Version: 1.9.32.8 - Mr DJ) The Lord of the Rings Online?v1301.0055.0535.4025 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 1301.0055.0535.4025 - Turbine, Inc.) The Lord of the Rings Online™ (HKLM\...\Steam App 212500) (Version: - Turbine, Inc.) The Mighty Quest For Epic Loot version 1.276072 (HKLM-x32\...\The Mighty Quest For Epic Loot_is1) (Version: 1.276072 - ) Torchlight 2 (HKLM-x32\...\{049FF5E4-EB02-4c42-8DB0-226E2F7A9E53}) (Version: 1.1.1.1 - ) TortoiseSVN 1.9.5.27581 (64 bit) (HKLM\...\{1655E9E4-04C9-414E-8581-6D1162DFB802}) (Version: 1.9.27581 - TortoiseSVN) Tree of Savior (English Ver.) (HKLM\...\Steam App 372000) (Version: - IMCGAMES Co.,Ltd.) TriadWars (HKLM-x32\...\{a2f7c596-1199-4606-b68d-125a13d1c929}) (Version: 1.0.0.0 - Square Enix Ltd.) Twin Saga (HKLM-x32\...\Twin Saga) (Version: - ) Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS) Universal CRT Extension SDK (HKLM-x32\...\{ADD45F52-630A-4F45-8879-A8DB80DF921B}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (HKLM-x32\...\{919D63C5-565C-F1C3-67D9-353FE902EF11}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Universal CRT Redistributable (HKLM-x32\...\{0AAB833E-034D-430B-D3E4-39C5753B14AC}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Universal CRT Tools x64 (HKLM\...\{D29934EC-24B6-0F5D-C6BB-E9ECCF220C12}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Universal CRT Tools x86 (HKLM-x32\...\{2410D879-0C8F-B254-C207-455E119075B6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland) Universal General MIDI DLS Extension SDK (HKLM-x32\...\{485209AE-37CE-2208-59CB-7BB59AA85BE7}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Uplink (HKLM-x32\...\Uplink) (Version: - ) vcpp_crt.redist.clickonce (HKLM-x32\...\{93FDC294-0726-48EA-989D-50E89C67ABF0}) (Version: 14.10.25008 - Microsoft Corporation) Hidden Villagers and Heroes (HKLM-x32\...\{48BD847E-18C0-439C-822B-39E544DCEFF0}_is1) (Version: 35289 - Mad Otter Games / Neonga) Vivaldi (HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\Vivaldi) (Version: 1.10.867.48 - Vivaldi) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) VMware Player (HKLM\...\{B5D82DF0-AC2F-469F-8E97-599653947166}) (Version: 12.5.5 - VMware, Inc.) VS JIT Debugger (HKLM\...\{2901E697-0E9C-404B-B7D0-6E2D43F64CE5}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden VS Script Debugging Common (HKLM\...\{3B64C68E-14E0-4214-A53D-502E9FBD32E7}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{A041943F-C97B-48F6-8F23-C5078F99BB3A}) (Version: 15.0.26323 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{1210EE60-E253-407D-B537-D36898049CF0}) (Version: 15.0.26228 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{581E5656-26E2-4A02-9711-48C8E4998310}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{15D591B0-7B40-4957-B6C0-EB7452B5AAB6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{DC296244-0701-4EDE-9696-05B9C1D017B3}) (Version: 15.0.26228 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{11230C85-1813-4BC3-9C24-E0B74B59653E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_Graphics_Singletonx64 (HKLM\...\{F3217611-B414-4A3A-81BF-6A3A4DB7E743}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_Graphics_Singletonx86 (HKLM-x32\...\{D4DCEC6A-BC59-43D5-866A-AB057E64F73F}) (Version: 15.0.26208 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{9477F337-FD16-4ACA-8217-E2D7A0F92603}) (Version: 15.0.26301 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{497A5ACE-DA03-4412-A110-910B2C450720}) (Version: 15.0.26424 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{A8B77523-13AB-46B9-B54F-5483E09668F9}) (Version: 15.0.26228 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{A32A9CF6-E7AA-48B8-A3D3-50C157E69F53}) (Version: 15.0.26208 - Microsoft Corporation) Hidden WildStar (HKLM-x32\...\WildStar) (Version: - NCSOFT) WinAppDeploy (HKLM-x32\...\{80859F5A-D13C-AB8E-4659-B630CFE2599D}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Windows Glulxe (HKLM-x32\...\WinGlulxe) (Version: - ) Windows SDK AddOn (HKLM-x32\...\{30DCCFB4-068F-4C5C-BC10-5ECDCAEE55D4}) (Version: 10.1.0.0 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.15063.137 (HKLM-x32\...\{a07b4a01-ca27-4e28-9353-f325a308f128}) (Version: 10.1.15063.137 - Microsoft Corporation) WinRAR 5.50 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.5 - win.rar GmbH) WinRT Intellisense Desktop - en-us (HKLM-x32\...\{45B6202F-A716-C68A-199E-43B106B56A7E}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (HKLM-x32\...\{3E5375A1-0E4C-34E3-6294-C1C8BDA823E4}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (HKLM-x32\...\{6CE744AE-7E0F-00AF-F1BD-077D9AFCBEC6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (HKLM-x32\...\{FAD08838-3937-0F6C-8787-FDFDFBF63502}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.) Wonderland Online (HKLM-x32\...\Wonderland Online_is1) (Version: 6.1.9 - IGG,Inc.) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org) XtremeJade (HKLM-x32\...\D98FB73E-2CB1-4507-A521-C141F16D1ECD_is1) (Version: - XtremeJade) Yahoo! Powered (HKLM-x32\...\{BEF75637-EE77-87B7-5FF7-F7378F7724B7}) (Version: - ) <==== ATTENTION ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2383111392-567966768-2532307980-1009_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\George\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll () ShellIconOverlayIdentifiers: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Mark\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-18] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Mark\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-18] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Mark\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-18] () ShellIconOverlayIdentifiers-x32: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Mark\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-18] () ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-03-07] () ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) ContextMenuHandlers1: [PDFescapeDesktop_ManagerExt] -> {EB1F5DDB-7107-4831-BA2B-75FC26DB4224} => C:\Program Files\PDFescape Desktop\creator-context-menu.dll [2017-01-17] (Red Software) ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd) ContextMenuHandlers1: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-07-10] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-07-10] (Alexander Roshal) ContextMenuHandlers2: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net) ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2017-03-21] (VMware, Inc.) ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2017-03-21] (VMware, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Mark\AppData\Local\MEGAsync\ShellExtX64.dll [2017-04-18] () ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd) ContextMenuHandlers4: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.) ContextMenuHandlers5: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net) ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd) ContextMenuHandlers6: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-07-10] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-07-10] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08E597B3-091C-4000-A098-55E920E7DB39} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {0AC3CDDE-8CF9-42D5-87C1-EE2DDB57E495} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-11] (Adobe Systems Incorporated) Task: {0BCB9368-CB5D-45C0-AAC0-CEBEF29748BE} - System32\Tasks\quick_weather_updates_helper_service => C:\Program Files (x86)\Quick Weather Updates\quick_weather_updates_helper_service.exe <==== ATTENTION Task: {0C98666F-B5BD-4E16-8619-52C81F3A3B7E} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] () Task: {0F669091-8816-4DA9-85AF-B9D703F1C821} - \Winaphild -> No File <==== ATTENTION Task: {2D8A019A-F587-4250-A129-5B4E2AA37FDC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-04] () Task: {4909BE45-BF1D-4FD1-B17C-D94E69B97CC8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-22] (Microsoft Corporation) Task: {4D99B17A-84FA-407D-B04B-B95298C9EA18} - System32\Tasks\AdobeAAMUpdater-1.0-Meepo-George => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated) Task: {56294A7E-E398-4B38-83F5-FD7232234735} - System32\Tasks\05b2e1f6-2431-4ff4-9cc6-b3da4906c824 => C:\Program Files (x86)\CinPl-2.5cV16.09\05b2e1f6-2431-4ff4-9cc6-b3da4906c824.exe <==== ATTENTION Task: {5C4514B7-E665-43CF-AAED-506D612D4781} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-22] (Microsoft Corporation) Task: {6108A46D-4695-449A-865F-2689B6AF3F73} - \trivia_games_updating_service -> No File <==== ATTENTION Task: {6AB66C1E-0E6C-44F4-91B6-3BAE5E32F7F9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-22] (Microsoft Corporation) Task: {6C68038B-67B5-45A3-AD12-1CA896F07D0A} - System32\Tasks\FNAFN => C:\Users\Mark\AppData\Roaming\FNAFN.exe <==== ATTENTION Task: {7A74689E-41D1-4007-8F41-D539BD911F82} - \trivia_games_notification_service -> No File <==== ATTENTION Task: {85FFE989-4150-45B0-A165-DD18DF1828C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {867ECAED-E1FC-4FFF-8CFA-DB656303E360} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [2017-06-19] (Bitsum LLC) Task: {8E0082F7-5FCB-4DDF-B7DF-2246DDD938E0} - System32\Tasks\{BBF5AD0F-0D7A-42FE-ADEA-35C8A7016948} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\GodsWar Online\unins000.exe" Task: {93F3FDB6-0B02-4CC8-A7FE-1B1B70135B6E} - System32\Tasks\{9F04B555-020F-43D6-AB02-B28D0E2A6160} => C:\Windows\system32\pcalua.exe -a "C:\the sims 3\01 - The Sims™ 3\Sims3Setup.exe" -d "C:\the sims 3\01 - The Sims™ 3" Task: {9D534420-38E4-45AA-A2A1-43C705275064} - System32\Tasks\d6256d17-71cf-40f9-bc9c-9a806979253d => C:\Program Files (x86)\CinPl-2.5cV16.09\d6256d17-71cf-40f9-bc9c-9a806979253d.exe <==== ATTENTION Task: {A72CB426-C765-4860-B2FC-25C4A0D12063} - System32\Tasks\{16F806C2-CDC8-4B15-ACC9-EB7DAACD53E7} => C:\Program Files (x86)\NCSOFT\WildStar\Wildstar (2).exe [2016-10-10] (NCSOFT) Task: {BD6BA437-597E-406E-8804-812B34AD986D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation) Task: {C26D7D82-FBDD-4FA6-8F3C-9BB5A7544F26} - System32\Tasks\TWTP => C:\Users\Mark\AppData\Roaming\TWTP.exe <==== ATTENTION Task: {C589C87C-D30C-415A-BCB8-D96A04228C58} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated) Task: {C6894A54-ECC4-4E67-99AB-949F43BCF66D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-04] () Task: {C6D90521-7D31-4E90-BC0B-FD2710D4BD42} - \{22351821-B10C-D45F-1E7E-344ACE1788EB} -> No File <==== ATTENTION Task: {C8E1CE08-DA06-46AB-A27D-DDCC92DE9533} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) Task: {D2F9BD41-15B0-48E0-B893-B3AD722B3EDB} - System32\Tasks\Process Lasso Management Console (GUI) => C:\Program Files\Process Lasso\processlasso.exe [2017-06-19] (Bitsum LLC) Task: {E13BE0DA-0132-45CD-9E23-D062352E73D1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\05b2e1f6-2431-4ff4-9cc6-b3da4906c824.job => C:\Program Files (x86)\CinPl-2.5cV16.09\05b2e1f6-2431-4ff4-9cc6-b3da4906c824.exe <==== ATTENTION Task: C:\Windows\Tasks\d6256d17-71cf-40f9-bc9c-9a806979253d.job => C:\Program Files (x86)\CinPl-2.5cV16.09\d6256d17-71cf-40f9-bc9c-9a806979253d.exeȥ/agentregpath='CinPl-2.5cV16.09' /appid=63441 /srcid='002185' /subid='0' /zdata='0' /bic=A8B41FBDBA734AB0B7EFD8F0A540E638IE /verifier=e6e97f6bd017163d30a20bfb69746532 /installerversion=1_35_09_03 /installationtime=1410902883 /statsdomain=hxxp:/stats.newclientonlinestorage.com /errorsdomain=hxxp:/errors.newclientonlinestorage.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=hxxp:/logs.newclientonlinestorage.com <==== ATTENTION Task: C:\Windows\Tasks\FNAFN.job => C:\Users\Mark\AppData\Roaming\FNAFN.exe <==== ATTENTION Task: C:\Windows\Tasks\quick_weather_updates_helper_service.job => C:\Program Files (x86)\Quick Weather Updates\quick_weather_updates_helper_service.exe <==== ATTENTION Task: C:\Windows\Tasks\TWTP.job => C:\Users\Mark\AppData\Roaming\TWTP.exe <==== ATTENTION Task: C:\Windows\Tasks\{22351821-B10C-D45F-1E7E-344ACE1788EB}.job => C:\Users\George\AppData\Roaming\UPDATE~1\SyncTask.exe <==== ATTENTION ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\George\Desktop\Download Video and Audio Online.lnk -> hxxp://video-box.org/Content/Images/favicon2.ico Shortcut: C:\Users\George\Desktop\Играть в Dragon Knight.lnk -> C:\Users\George\Downloads\Играть в Dragon Knight.ico () <==== Cyrillic Shortcut: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Glulxe\(www) Download Glulx games.lnk -> hxxp://mirror.ifarchive.org/indexes/if-archiveXgamesXglulx.htm ==================== Loaded Modules (Whitelisted) ============== 2009-03-30 02:32 - 2009-03-30 02:32 - 00032768 ____R () C:\Windows\DAODx.exe 2016-11-26 15:48 - 2016-11-26 15:48 - 00095184 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll 2016-11-21 21:55 - 2016-11-21 21:55 - 00959168 _____ () C:\Users\George\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-11-21 21:47 - 2017-07-04 13:40 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2017-03-07 22:42 - 2017-03-07 22:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2014-05-01 10:13 - 2017-04-18 06:52 - 00592384 _____ () C:\Users\Mark\AppData\Local\MEGAsync\ShellExtX64.dll 2017-07-17 10:38 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\George\AppData\Local\Discord\app-0.0.297\ffmpeg.dll 2017-02-20 22:19 - 2017-02-20 22:19 - 01082880 _____ () \\?\C:\Users\George\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node 2017-02-20 22:19 - 2017-02-20 22:19 - 03750400 _____ () \\?\C:\Users\George\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll 2017-02-20 22:19 - 2017-02-20 22:19 - 00914432 _____ () \\?\C:\Users\George\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node 2016-11-21 21:55 - 2016-11-21 21:55 - 00679624 _____ () C:\Users\George\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2016-11-21 21:46 - 2017-07-04 13:40 - 08931528 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll 2017-07-15 01:50 - 2017-07-11 14:26 - 02946680 _____ () C:\Users\George\AppData\Local\Vivaldi\Application\1.10.867.48\libglesv2.dll 2017-07-15 01:50 - 2017-07-11 14:26 - 00087160 _____ () C:\Users\George\AppData\Local\Vivaldi\Application\1.10.867.48\libegl.dll 2017-07-17 10:38 - 2017-01-04 15:28 - 02278912 _____ () C:\Users\George\AppData\Local\Discord\app-0.0.297\libglesv2.dll 2017-07-17 10:38 - 2017-01-04 15:28 - 00096768 _____ () C:\Users\George\AppData\Local\Discord\app-0.0.297\libegl.dll 2017-07-30 11:39 - 2017-07-30 11:39 - 00148992 _____ () \\?\C:\Users\George\AppData\Local\Temp\C283.tmp.node 2017-02-20 22:19 - 2017-06-12 17:31 - 02658296 _____ () \\?\C:\Users\George\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node 2017-02-20 22:20 - 2017-06-12 17:31 - 02665976 _____ () \\?\C:\Users\George\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData:gs5sys [8194] AlternateDataStreams: C:\Program Files (x86)\XIGNCODE:{4A705BBE-C39C-4059-9658-2F0F8F0A4F12} [24] AlternateDataStreams: C:\Program Files (x86)\XIGNCODE:{B6B3D3B5-E6DA-4ac3-B20B-7AD145E0AF58} [9830402] AlternateDataStreams: C:\Users\All Users:gs5sys [8194] AlternateDataStreams: C:\Users\Mark:gs5sys [3074] AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [8194] AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [108] AlternateDataStreams: C:\ProgramData\TEMP:69FD6BF0 [80] AlternateDataStreams: C:\ProgramData\Templates:gs5sys [1792] AlternateDataStreams: C:\Users\Mark\Application Data:gs5sys [3074] AlternateDataStreams: C:\Users\Mark\Cookies:gs5sys [3074] AlternateDataStreams: C:\Users\Mark\Local Settings:gs5sys [3074] AlternateDataStreams: C:\Users\Mark\Templates:gs5sys [3074] AlternateDataStreams: C:\Users\Mark\Desktop\desktop.ini:gs5sys [3074] AlternateDataStreams: C:\Users\Mark\AppData\Local:gs5sys [3074] AlternateDataStreams: C:\Users\Mark\AppData\Roaming:gs5sys [3074] AlternateDataStreams: C:\Users\Mark\AppData\Local\Application Data:gs5sys [3074] AlternateDataStreams: C:\Users\Mark\AppData\Local\History:gs5sys [3074] AlternateDataStreams: C:\Users\Mark\Documents\desktop.ini:gs5sys [3074] AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [2048] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com IE trusted site: HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\localhost -> hxxps://localhost IE trusted site: HKU\S-1-5-21-2383111392-567966768-2532307980-1009\...\sharepoint.com -> hxxps://studentbcsdnyorg-files.sharepoint.com ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2017-07-16 22:31 - 00001761 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 plugpackdownload.net 127.0.0.1 dscdn.pw 127.0.0.1 wemsofts.com 127.0.0.1 bongadoom.com 127.0.0.1 wepcmainsystem.com 127.0.0.1 internalcampaigntargets.com 127.0.0.1 bongadoom.com 127.0.0.1 getthefilenow.com 127.0.0.1 bigpicturepop.com 127.0.0.1 wizzcaster.com 127.0.0.1 bestoffersfortoday.com 127.0.0.1 wepcmainsystem.com 127.0.0.1 agent.wizztrakys.com 127.0.0.1 csdimonetize.com 127.0.0.1 dl.azalee.site 127.0.0.1 titiaredh.com 127.0.0.1 wepcdisplaysystem.com 127.0.0.1 wepcanalyticsystem.com 127.0.0.1 healthydownload.com 127.0.0.1 leading2download.com 127.0.0.1 dwl0.wizzlabs.com 127.0.0.1 dwl1.wizzlabs.com 127.0.0.1 installpixel.com 127.0.0.1 burningcube.ru 127.0.0.1 mess1.wizzmonetize.com 127.0.0.1 dl.azalee.site 127.0.0.1 dl.smashdl.com 127.0.0.1 downloadmyhost.com 127.0.0.1 lapapahoster.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2383111392-567966768-2532307980-1009\Control Panel\Desktop\\Wallpaper -> C:\Users\George\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 - 192.168.116.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: Disc Soft Bus Service => 3 MSCONFIG\Services: Disc Soft Lite Bus Service => 3 MSCONFIG\Services: SessionEnv => 3 MSCONFIG\Services: WbioSrvc => 3 MSCONFIG\Services: WdiServiceHost => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RescueTime.lnk => C:\Windows\pss\RescueTime.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^George^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup MSCONFIG\startupfolder: C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup MSCONFIG\startupreg: 4y3x31sobbo => "C:\Users\George\AppData\Roaming\pv2eaegpsej\23nbtr3koou.exe" MSCONFIG\startupreg: 691AB248E2803C3186ECC7E6F794C48B0BEC7D59._service_run => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service MSCONFIG\startupreg: 8Q4THSAHF0FMEKK => "C:\Program Files (x86)\vubi2xnn4xp\B7C4R.exe" MSCONFIG\startupreg: 8T29X3AO8UJAL9J => "C:\Program Files\ZOUNVACPS9\DV7VUG4TG.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AVBoost => "C:\Program Files (x86)\AVBoost\AVBoost.exe" MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe MSCONFIG\startupreg: ctfmon.exe => C:\Users\George\AppData\Local\Temp\00001926\conhostx86.exe MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: MyComGames => "C:\Users\Mark\AppData\Local\MyComGames\MyComGames.exe" -autostart MSCONFIG\startupreg: OFYB28IGEGVHGAR => "C:\Program Files\8SEB33CQB1\LHKQB2IRA.exe" MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup MSCONFIG\startupreg: QQ2009 => "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background MSCONFIG\startupreg: RaidCall => C:\Program Files (x86)\RaidCall\raidcall.exe MSCONFIG\startupreg: RFPDGVOATY.exe => C:\Users\George\AppData\Local\Temp\0d-7c15c-3be-4ae97-b15ab36ad09b6\RFPDGVOATY.exe m_1 L_1 MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: Vivaldi Update Notifier => C:\Users\George\AppData\Local\Vivaldi\Application\update_notifier.exe MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" MSCONFIG\startupreg: w0mswr3l3sy => "C:\Users\George\AppData\Roaming\0ysgxobiaeb\z3anhziwduo.exe" MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize MSCONFIG\startupreg: WinResSync => C:\Windows\system32\regsvr32.exe /s "C:\Users\George\AppData\Roaming\Microsoft\Protect\2a5cfbdd-886c-43ec-a31e-6366fff953b8.rs" MSCONFIG\startupreg: WrtMon.exe => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe MSCONFIG\startupreg: YeaDesktop => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe /autostart ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{DBFFFF9F-D913-4C79-98B6-73B8317D981A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{6AB48545-1632-4A2D-882E-0E465EAF9087}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [TCP Query User{6B077510-DA38-4EA8-A656-3C8FE65EDA96}C:\users\george\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\george\appdata\local\vivaldi\application\vivaldi.exe FirewallRules: [UDP Query User{B8463BDC-EEF1-4529-AD0E-FCD340B3F339}C:\users\george\appdata\local\vivaldi\application\vivaldi.exe] => (Allow) C:\users\george\appdata\local\vivaldi\application\vivaldi.exe FirewallRules: [{F167DE4E-FD4D-4DD9-9D65-0CECA670A799}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{3A68E4A2-531A-4C5E-93FB-4574A62C8CC6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{EEBB3628-E4BB-4E16-9F84-DB920417A362}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{9578BDFA-F938-40B1-BE9A-933A850952EC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{3979F8E4-F711-4C74-8068-03E30CAFF880}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency_BE.exe FirewallRules: [{A8ADEA61-AA1B-4CB1-AF11-1E1DD7F0896D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\insurgency2\insurgency_BE.exe FirewallRules: [TCP Query User{353ACDC0-88AD-4B1F-B5EE-8B6FF277D50B}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe FirewallRules: [UDP Query User{61548C76-0F00-4E04-8A4E-A17D383D6347}C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\insurgency2\insurgency.exe FirewallRules: [{4E8C7FE3-398A-42B6-88D1-A198ED6D9325}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{2AB52732-54C0-4FBF-A067-F3319517339A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{672E8915-667B-4B74-ACF8-6B9B6D23D7D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{FE2CA895-7C78-48F7-801F-A5C715B678C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{00BB07BF-F018-4853-BE1D-13DC1A140AEA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{E99AF945-3D70-4BE9-BA9A-B8F86E8867FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{811A2B77-C1F0-47E5-A2BC-F1B5A100F8CE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{0A404087-A225-4685-9736-0FD50BFA8659}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{45E83E6D-F18F-4021-9C2E-E702DAC807D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{024A467E-54D2-454D-A2AE-7D1896302FA3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D2E40B7C-2820-4291-A197-7D8617966263}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{BAC48493-1929-4641-BA14-E50D490CF327}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{8BF0C646-FB64-4732-88B7-33C2C4CB1374}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{170044BE-A322-4554-8598-7F033BC98D4F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{E8C19C5F-66E4-49AA-82A0-51AD80630DDC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{5DDB17A2-A0C2-4869-9D41-1A253C0325C3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{4972F480-2254-4525-B191-080B20D58A48}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{09603902-D765-406F-90AA-32D31603907E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B79EFF3F-E3D3-49E6-A29E-EAED9C37C329}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{C109B4DD-17DF-4C06-A692-D21DCDC46CF8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [TCP Query User{BC124804-BFF4-489E-AF1F-AED0717053C5}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe FirewallRules: [UDP Query User{7E8EC8E9-1B5F-449B-97EE-CDC19FFDD058}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe FirewallRules: [{29EFCD05-CA7A-48B0-86CE-B4DD17595FE1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe FirewallRules: [{F8AFDDD6-DCE4-41D4-A235-03D232E3707D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe FirewallRules: [{0F442A3F-C015-4AE7-AD2D-F0B4583B47DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{D3D2E2F4-FC46-43A6-8C22-0FCA1104746C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{DB35C6CF-916F-4ED5-BD01-A3EE107277A6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe FirewallRules: [{3982C43A-3AF7-4BF5-B78B-587CFF7FA6B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe FirewallRules: [{288ADBAF-286B-48EE-B73C-07A6860C4D92}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{65714C5A-8667-428D-8FE3-D5F39C460408}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{75A8F91C-89B3-4A92-A79B-4EFD3E1753B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{6B7227DC-490C-4CE5-85AA-13323C540056}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{02929555-9BEF-441D-8ECE-FFD01CC5DF92}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{55794191-6D6B-4751-8F9A-F63706C582C4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{54045B5D-3C69-459E-B3E9-330138EEBAFC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{8BCF7D3F-DA21-4974-8282-2A33C40A9678}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{BBC820B2-6E40-420C-8071-C5FF239EC4DD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{7FCECB37-CFB0-4A25-B1B4-E9B10014A1CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{3F7527F9-A337-42AD-AADC-0A362741B748}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F029BF2D-6992-405A-AC35-100E8CC8CAE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{A49E887C-141A-4CAD-93F0-163E7F9C1C0C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{5BE4C151-C46D-4B41-BF4D-019C1216E324}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{F1C7FD67-0E01-46A7-BB76-74B005CA82C1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{7D107FA9-F722-492D-AE79-224BCDC9DDD2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{54CF05ED-2177-461F-ABB2-154E21A180C7}] => (Allow) C:\Users\George\AppData\Local\Vivaldi\Application\vivaldi.exe FirewallRules: [{575A6847-57D5-44D0-BBFA-0B6F5716CB58}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe FirewallRules: [{56F69E8D-01AD-449E-8672-86496BEB73FF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe FirewallRules: [{24CA7B60-C654-45CE-8C15-BB42226739CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{0E293409-1BCA-457E-940D-57B1617CD22F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{076FF455-BBF6-45C9-B20B-8ACCD1A5E491}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{4B1BB7EA-E455-466B-9246-2E57D017A6C1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [TCP Query User{C8C461D4-00D5-42AE-AAF9-98B59909815B}C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe FirewallRules: [UDP Query User{019CD3B6-2797-45EA-B284-456FB2015B94}C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe FirewallRules: [TCP Query User{12AF3CFE-36B2-4495-BED7-1F53682D7529}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe FirewallRules: [UDP Query User{82AB3AAF-2359-427A-B7B4-3DC1DFAF73AB}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe FirewallRules: [{E3F278D7-C01E-4046-8435-B413909C4AD3}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{CE6DA1DE-9762-44D0-A672-29CE2297B1AC}] => (Allow) C:\Users\George\AppData\Roaming\thdr\download\MiniThunderPlatform.exe FirewallRules: [{9D1FF64C-D582-4276-B67B-34CA35448874}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{E2DA6BA0-7036-4947-969F-44521470EF58}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{EE068903-883F-4310-8E4D-66B246EC9F18}] => (Allow) %ProgramFiles%\Malwarebytes\Anti-Malware\mbam.exe FirewallRules: [{4AEF6BA0-F8FB-43B5-BA8F-82DF9C9918AF}] => (Allow) %ProgramFiles%\Malwarebytes\Anti-Malware\MBAMService.exe FirewallRules: [{CDC6E5CF-5D74-4A74-9BDB-CB3D9706BAD1}] => (Allow) %ProgramFiles%\Malwarebytes\Anti-Malware\assistant.exe FirewallRules: [{FF0C7E5D-310E-444D-83A4-DA36FC917F06}] => (Allow) %ProgramFiles%\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe FirewallRules: [{67149857-7AF1-428D-81FA-C48205324A67}] => (Allow) %ProgramFiles%\Malwarebytes\Anti-Malware\mbamtray.exe FirewallRules: [{81AB7C63-E9D6-45D9-80D6-12C1B8FC4CE7}] => (Allow) %ProgramFiles%\Malwarebytes\Anti-Malware\MBAMWsc.exe FirewallRules: [{D5123572-EB05-4666-B445-4222D2CC386F}] => (Allow) %ProgramFiles%\Malwarebytes\Anti-Malware\unins000.exe FirewallRules: [{2D84BDA4-C3EF-44C7-B933-6547A4497438}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{7F2D9DE0-CFEB-48BA-BC0B-93E4E53F47A5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B9C7559E-C412-4210-94ED-6A95172C4DDC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{DE051395-C20A-439A-B007-9E953FE150D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{9A48461D-C780-4DB4-ACCD-477EDDE34927}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{498EB7B4-3E13-4DBA-AB29-CBC9648CE91D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{629A6B08-AFB1-47EE-A3DA-58AB3785BBD4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bloons TD Battles\Battles-Win.exe FirewallRules: [{E326CBCA-C7DD-4EDA-8C6C-EFA1E3C87364}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bloons TD Battles\Battles-Win.exe FirewallRules: [{A4676806-9ED1-4920-B1D8-4CC5AD37335F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{EBC92FF2-6EE8-4939-B2C8-13DB08756057}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{3A32EC2C-BA05-40B9-A157-1B8A4B17FC66}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{CC2C7D88-5127-4EDA-B0DE-85D61815275D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{29F8ECB3-41AA-4A50-8304-3BD035D12E71}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{E010C661-8EB5-4FBA-A445-E395D8FD2B02}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{8F548528-A920-4597-9A8A-D95834E50709}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{538F4A51-FB87-4FAB-B149-DBA0105C0698}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B86CCE9A-0260-4E0E-9308-FB003E05F722}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{60DFF7C9-CC47-470A-BD31-30CC69C3710A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{176A817D-FAE6-4429-BFBF-41E1DB72891B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{FE531311-5B55-41DE-9068-23B8406324BF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{48974960-55F1-4118-A440-EEA1FF14B3AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{B9EFB1F5-F1B4-403E-8978-50F00904C05C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{97160154-B4A0-4EE2-8465-DDD95769FB53}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{438C6101-81A5-485F-8926-A9E7E55205B5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{D542FA89-4363-46AF-98E2-8E51A08BA7D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{18D3429A-89CF-4CBD-835C-BE37ABF0E56D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{A68ABF9E-0567-4637-89D2-1B1304FD0C5A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{5E0C43D2-8D12-492A-B0F3-B21DA079C331}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{ECF048D8-769F-4E26-A07C-80762E042D7F}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{105A847A-2001-4DB0-B1D1-C37F7B0054AB}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe ==================== Restore Points ========================= 29-07-2017 00:32:10 Malwarebytes Anti-Rootkit Restore Point 29-07-2017 18:34:56 JRT Pre-Junkware Removal 29-07-2017 21:38:59 Removed VMware Workstation 29-07-2017 21:40:49 Installed VMware Player ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/30/2017 11:38:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (07/30/2017 11:37:48 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. Error: (07/30/2017 11:32:56 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005 Error: (07/30/2017 05:18:52 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005 Error: (07/30/2017 04:18:52 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005 Error: (07/30/2017 03:18:52 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005 Error: (07/30/2017 02:18:52 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005 Error: (07/30/2017 01:18:52 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005 Error: (07/30/2017 12:18:55 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005 Error: (07/29/2017 11:18:55 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: ) Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code: 0x80070005 System errors: ============= Error: (07/30/2017 11:39:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. Error: (07/30/2017 11:37:53 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.3. The computer with the IP address 192.168.1.5 did not allow the name to be claimed by this computer. Error: (07/29/2017 09:39:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (07/29/2017 07:18:55 PM) (Source: DCOM) (EventID: 10001) (User: ) Description: Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding Error: (07/29/2017 06:33:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. Error: (07/29/2017 06:31:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: TsDefenseBt Error: (07/29/2017 06:29:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The VMware Workstation Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (07/29/2017 06:28:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. Error: (07/29/2017 06:28:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (07/29/2017 06:28:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2014-08-24 21:41:07.556 Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Bin\64bit\ASUSHWIO.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-24 21:41:07.478 Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Bin\64bit\ASUSHWIO.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X3 455 Processor Percentage of memory in use: 35% Total physical RAM: 8105.47 MB Available physical RAM: 5223.29 MB Total Virtual: 16209.15 MB Available Virtual: 13295.89 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:2047.9 GB) (Free:202.56 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 000E769B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=2047.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ NOTE: I have only relatively recently started using this computer. It used to be used by another person, called Mark. What he did was none of my business, as far as I'm concerned. Edited July 30, 2017 by ClanOS More info Link to post Share on other sites
Recommended Posts