Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected "Requested Resource is in Use"


  • This topic is locked This topic is locked
18 replies to this topic

#1 andwong91

andwong91

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 18 April 2017 - 08:34 PM

I ran a shady executable file and now I suspect that I've been heavily compromised. After I ran the program it restarted my computer and now I can't run any antivirus programs and I get many "resource is in use" errors. I managed to run the system restore at some point which was completed successfully but it didn't solve the problem. I'm thinking that this is a Trojan but I could be wrong. I would appreciate any advice that you can give me. 

 

I didn't see the option to attach like in the tutorial so I uploaded it for your viewing. Are links okay? You can view the FRST files here. https://files.fm/u/nprnnv6q

 

 

Mod Edit.

Moved from Am i infected to MRL at Auras request.

NickAu


Edited by NickAu, 18 April 2017 - 09:59 PM.
Mod Edit


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 18 April 2017 - 08:48 PM

Hi andwong91 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below, and provide me the content of the "mbar-log-TODAY'S-date.txt" log after running the scan and deleting the threats it detected (the log will be located in the MBAR folder).

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 andwong91

andwong91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 18 April 2017 - 08:51 PM

I get the "resource in use" error when I try to run the mbar.exe. Is there something else I can do here?

 

To be specific, it says "Error during execution ""D:\Desktop\mbar\mbar.cmd" "D:\Desktop\mbar"". The requested resource is in use."

 

Scratch that, it's working now. Will post the scan soon.

 

EDIT: For future reference, I ran the program multiple times until it let me through.


Edited by andwong91, 18 April 2017 - 09:59 PM.


#4 andwong91

andwong91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 18 April 2017 - 09:23 PM

Ran mbar and restarted my computer. Here is the contents of the .txt file you requested.

 

Malwarebytes Anti-Rootkit BETA 1.9.4.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.04.18.08
  rootkit: v2017.04.02.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18638
andwong88 :: LETHALORANGE [administrator]
 
4/18/2017 6:56:47 PM
mbar-log-2017-04-18 (18-56-47).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 317881
Time elapsed: 18 minute(s), 5 second(s)
 
Memory Processes Detected: 2
c:\windows\system32\tprdpw32.exe (Rootkit.Agent.PUA) -> 2312 -> Delete on reboot. [93fdda18d7d1ea4c102b93109170d22e]
C:\ProgramData\Qvofax\Qvofax.exe (Trojan.Agent) -> 356 -> Delete on reboot. [d5bba0521c8c0c2a994e1e5129d84bb5]
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 25
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup (Adware.Yelloader) -> Delete on reboot. [7e1221d17d2bf93d57e4d23ba55c946c]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\windowsmanagementservice (Trojan.Clicker.Generic) -> Delete on reboot. [2e6214dea20640f646915a529d64ae52]
HKU\S-1-5-21-2970249747-3589578324-968742033-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090} (Adware.Hicosmea) -> Delete on reboot. [226eda185652cd69048d8f1f33cef50b]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090} (Adware.Hicosmea) -> Delete on reboot. [226eda185652cd69048d8f1f33cef50b]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090} (Adware.Hicosmea) -> Delete on reboot. [226eda185652cd69048d8f1f33cef50b]
HKCU\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090} (Adware.Hicosmea) -> Delete on reboot. [335d1dd5eabe81b5b153408b8979867a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6526FC00-9F71-42E8-77C8-E5B749A45A7A} (Adware.Hicosmea) -> Delete on reboot. [a5eb26cc2e7af145f39afab4a75ab44c]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [f799b9391c8c082ea518b68861a0f30d]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup (Trojan.Clicker) -> Delete on reboot. [2f611fd38e1a54e24d682be568996997]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETTRANS (Adware.Linkury) -> Delete on reboot. [117fca28ecbc76c0bb9638f62ed37987]
HKU\S-1-5-21-2970249747-3589578324-968742033-1000\SOFTWARE\rycamar (Adware.Hicosmea) -> Delete on reboot. [523e8d65c3e5e84e5d124568748d12ee]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
HKLM\SOFTWARE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
 
Registry Values Detected: 7
HKU\S-1-5-21-2970249747-3589578324-968742033-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NYPRZZUXIW8RGCR (Adware.Tuto4PC) -> Data: "C:\Program Files\G3VWEN3NKU\G3VWEN3NK.exe" -> Delete on reboot. [b1dfbc364464df575c9feea97f81936d]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cpx (Trojan.Clicker) -> Data: "C:\Users\andwong88\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup -> Delete on reboot. [2e6208ea238535014106c5e7f908ed13]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|svcvmx (Trojan.Clicker) -> Data: "C:\Users\andwong88\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup -> Delete on reboot. [860a9161d4d4b58106e8197eae52a15f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6526fc00-9f71-42e8-77c8-e5b749a45a7a}|DisplayName (Adware.Hicosmea) -> Data: encemuis -> Delete on reboot. [a5eb26cc2e7af145f39afab4a75ab44c]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath (Trojan.Clicker) -> Data: C:\PROGRA~2\NTUSER~1\dataup\dataup.exe -> Delete on reboot. [eea25f93beea93a35b0931e0cd34f010]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETTRANS|ImagePath (Adware.Linkury) -> Data: C:\ProgramData\PrefsSecure\Nettrans.exe -> Delete on reboot. [117fca28ecbc76c0bb9638f62ed37987]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSMANAGEMENTSERVICE|ImagePath (Trojan.Clicker) -> Data: "C:\Users\andwong88\AppData\Local\feikee\ct.exe" /svc -> Delete on reboot. [c8c872809e0a79bdb0df535836cbb54b]
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 44
C:\Users\andwong88\AppData\Roaming\encemuis (Adware.Hicosmea) -> Delete on reboot. [226eda185652cd69048d8f1f33cef50b]
C:\Users\andwong88\AppData\Local\llssoft\winvmx (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\databases (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\File System (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\File System\Origins (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\File System\Origins\lost (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\IndexedDB (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_nordic.businessinsider.com_0.indexeddb.leveldb (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_www.businessinsider.com_0.indexeddb.leveldb (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\6PPZAUF5 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\cdn.dashbid.io (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\cdn.dashbid.io\prod (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\cdn.dashbid.io\prod\r1test1.swf (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\eereader.com (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\efreader.com (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\egreader.com (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\macromedia.com (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\macromedia.com\support (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\macromedia.com\support\flashplayer (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\macromedia.com\support\flashplayer\sys (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\macromedia.com\support\flashplayer\sys\#cdn.dashbid.io (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\macromedia.com\support\flashplayer\sys\#eereader.com (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\macromedia.com\support\flashplayer\sys\#efreader.com (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\macromedia.com\support\flashplayer\sys\#egreader.com (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\dump (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\ProgramData\PrefsSecure (Adware.Linkury) -> Delete on reboot. [5c345a986a3ee1554fb3cc6207fac739]
C:\Users\andwong88\AppData\Local\ntuserlitelist (Trojan.Clicker) -> Delete on reboot. [622e559d2c7ce2547783118c6d949e62]
C:\Users\andwong88\AppData\Local\ntuserlitelist\regtool (Trojan.Clicker) -> Delete on reboot. [622e559d2c7ce2547783118c6d949e62]
C:\Program Files (x86)\ntuserlitelist (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\dataup (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\locales (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\winscr (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files\G3VWEN3NKU (Adware.Tuto4PC.Generic) -> Delete on reboot. [0987767c9c0c1a1c90caaa023fc2d927]
 
Files Detected: 824
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [06010fff408a9d867ca7b51afc3d0c5e]
C:\Program Files (x86)\ntuserlitelist\dataup\dataup.exe (Adware.Yelloader) -> Delete on reboot. [7e1221d17d2bf93d57e4d23ba55c946c]
c:\windows\system32\tprdpw32.exe (Rootkit.Agent.PUA) -> Delete on reboot. [93fdda18d7d1ea4c102b93109170d22e]
C:\ProgramData\Qvofax\Qvofax.exe (Trojan.Agent) -> Delete on reboot. [d5bba0521c8c0c2a994e1e5129d84bb5]
C:\Program Files\G3VWEN3NKU\G3VWEN3NK.exe (Adware.Tuto4PC) -> Delete on reboot. [b1dfbc364464df575c9feea97f81936d]
C:\Program Files\G3VWEN3NKU\uninstaller.exe (Adware.Tuto4PC) -> Delete on reboot. [018f05ed53550135a655bbdc50b047b9]
C:\Users\andwong88\AppData\Local\Temp\linker.exe (Trojan.Agent) -> Delete on reboot. [365a02f01395c274d80f96d97c8529d7]
C:\Users\andwong88\AppData\Local\Temp\NuvisionDataRemarketer2.exe (Adware.Hicosmea) -> Delete on reboot. [d0c0b33fa602171f3620ecc2639efb05]
C:\Users\andwong88\AppData\Local\Temp\1492562245\s5-20170325.exe (Trojan.Clicker) -> Delete on reboot. [c4ccd61c426677bfd9bfded338c919e7]
C:\Users\andwong88\AppData\Local\Temp\1492562245\s5m_install_325.exe (Trojan.Clicker) -> Delete on reboot. [345c5c960f9946f0f56aa70a61a0ce32]
C:\Users\andwong88\AppData\Local\rctuni\qdcomsvc.exe (Adware.Yelloader) -> Delete on reboot. [5a36a949208858deca2a0ea300018a76]
C:\Users\andwong88\AppData\Roaming\LabDom.exe (Trojan.Agent) -> Delete on reboot. [ddb3ec062d7b6ec8895e4c23b05105fb]
C:\Windows\chromebrowser.exe (Trojan.Addrop) -> Delete on reboot. [444cad454e5aaf8761684fba16ea2dd3]
C:\Users\andwong88\AppData\Local\feikee\ct.exe (Trojan.Clicker.Generic) -> Delete on reboot. [2e6214dea20640f646915a529d64ae52]
C:\Users\andwong88\AppData\Roaming\encemuis\unperlo.dll (Adware.Hicosmea) -> Delete on reboot. [226eda185652cd69048d8f1f33cef50b]
C:\Users\andwong88\AppData\Roaming\encemuis\lyvercov.dll (Adware.Hicosmea) -> Delete on reboot. [226eda185652cd69048d8f1f33cef50b]
C:\ProgramData\PrefsSecure\Nettrans.exe (Adware.Linkury) -> Delete on reboot. [117fca28ecbc76c0bb9638f62ed37987]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Cookies (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\data_0 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\data_1 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\data_2 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\data_3 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000001 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000003 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000004 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000005 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000006 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000007 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000008 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000009 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00000a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00000b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00000c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00000e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00000f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000010 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000011 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000012 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000013 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000014 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000015 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000016 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000017 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000018 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000019 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00001a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00001b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00001c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00001d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00001e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00001f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000020 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000022 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000023 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000024 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000025 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000026 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000027 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000028 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000029 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00002a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00002b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00002c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00002d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00002e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00002f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000030 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000031 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000032 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000033 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000034 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000036 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000037 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000038 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000039 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00003a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00003b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00003c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00003d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00003e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00003f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000040 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000041 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000042 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000043 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000044 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000045 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000046 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000047 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000048 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00004a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00004b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00004c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00004d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00004e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00004f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000050 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000051 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000052 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000053 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000054 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000055 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000056 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000057 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000058 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000059 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00005a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00005b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00005c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00005e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00005f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000061 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000062 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000063 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000064 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000065 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000066 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000067 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000068 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000069 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00006a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00006b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00006c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00006d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00006e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00006f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000070 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00000d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000021 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000035 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000049 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00005d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000071 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000085 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00009a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000ae (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000c2 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000d6 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000ea (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000ff (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000113 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000127 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00013b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00014f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000164 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000179 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00018d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001a1 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001b5 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001c9 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001dd (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001f1 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000205 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000219 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00022d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000241 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000255 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000269 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00027d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000291 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002a5 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002b9 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000072 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000073 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000074 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000075 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000076 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000077 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000078 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000079 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00007a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00007b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00007c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00007d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00007e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00007f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000080 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000081 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000082 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000083 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000084 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000086 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000087 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000088 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000089 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00008a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00008b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00008c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00008d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00008e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00008f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000090 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000091 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000092 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000094 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000095 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000096 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000097 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000098 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000099 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00009b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00009c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00009d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00009e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00009f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000a0 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000a1 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000a2 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000a3 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000a4 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000a5 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000a6 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000a7 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000a8 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000a9 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000aa (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000ab (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000ac (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000ad (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000af (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000b0 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000b1 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000b2 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000b3 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000b4 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000b5 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000b6 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000b7 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000b8 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000b9 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000ba (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000bb (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000bc (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000bd (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000be (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000bf (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000c0 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000c1 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000c3 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000c4 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000c5 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000c6 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000c7 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000c8 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000c9 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000ca (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000cb (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000cc (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000cd (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000ce (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000cf (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000d0 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000d1 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000d2 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000d3 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000d4 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000d5 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000d7 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000d8 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000d9 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000da (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000db (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000dc (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000dd (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000de (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000df (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000e0 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000e1 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000e2 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000e3 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000e4 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000e5 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000e6 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000e7 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000e8 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000e9 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000eb (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000ec (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000ed (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000ee (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000ef (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000f0 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000f1 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000f2 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000f3 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000f4 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000f5 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000f6 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000f8 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000f9 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000fa (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000fb (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000fc (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000fd (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0000fe (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000100 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000101 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000102 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000103 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000104 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000105 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000106 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000107 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000108 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000109 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00010a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00010b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00010c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00010d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00010e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00010f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000110 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000111 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000112 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000114 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000115 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000116 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000117 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000118 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000119 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00011a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00011b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00011c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00011d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00011e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00011f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000120 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000121 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000122 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000123 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000124 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000125 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000126 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000128 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000129 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00012a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00012b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00012c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00012d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00012e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00012f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000130 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000131 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000132 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000133 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000134 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000135 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000136 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000137 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000138 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000139 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00013a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00013c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00013d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00013e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00013f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000140 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000141 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000142 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000143 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000144 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000145 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000146 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000147 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000148 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000149 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00014a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00014b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00014c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00014d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00014e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000150 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000151 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000153 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000155 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000156 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000157 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000158 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000159 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00015a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00015b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00015c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00015d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00015e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00015f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000160 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000161 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000162 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000163 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000166 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000167 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000168 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000169 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00016a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00016b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00016c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00016d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00016e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00016f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000170 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000171 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000172 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000173 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000174 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000175 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000176 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000177 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000178 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00017a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00017b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00017c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00017d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00017e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00017f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000180 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000181 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000182 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000183 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000184 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000185 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000186 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000187 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000188 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000189 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00018a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00018b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00018c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00018e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00018f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000190 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000191 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000192 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000193 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000194 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000195 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000196 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000197 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000198 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000199 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00019a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00019b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00019c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00019d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00019e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00019f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001a0 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001a2 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001a4 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001a5 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001a6 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001a7 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001a8 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001a9 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001aa (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001ab (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001ac (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001ad (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001ae (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001af (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001b0 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001b1 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001b2 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001b3 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001b4 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001b6 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001b7 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001b8 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001b9 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001ba (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001bb (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001bc (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001bd (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001be (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001bf (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001c0 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001c1 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001c2 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001c3 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001c4 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001c5 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001c6 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001c7 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001c8 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001ca (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001cb (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001cc (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001cd (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001ce (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001cf (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001d0 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001d1 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001d3 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001d4 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001d5 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001d6 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001d7 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001d8 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001d9 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001da (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001db (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001dc (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001de (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001df (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001e0 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001e1 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001e2 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001e3 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001e4 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001e5 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001e6 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001e7 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001e8 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001e9 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001ea (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001eb (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001ec (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001ed (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001ee (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001ef (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001f0 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001f2 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001f3 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001f4 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001f5 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001f6 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001f7 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001f8 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001f9 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001fa (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001fb (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001fc (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001fd (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001fe (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0001ff (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000200 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000201 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000202 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000203 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000204 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000206 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000207 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000208 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000209 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00020a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00020b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00020c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00020d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00020e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00020f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000210 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000211 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000212 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000213 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000214 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000215 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000216 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000217 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000218 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00021a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00021b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00021c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00021d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00021e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00021f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000220 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000221 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000222 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000223 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000224 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000225 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000226 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000227 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000228 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000229 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00022a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00022b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00022c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00022e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00022f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000230 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000231 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000232 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000233 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000234 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000235 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000236 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000237 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000238 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000239 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00023a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00023b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00023c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00023d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00023e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00023f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000240 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000242 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000243 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000244 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000245 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000246 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000247 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000248 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000249 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00024a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00024b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00024c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00024d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00024e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00024f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000250 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000251 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000252 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000253 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000254 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000256 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000257 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000258 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000259 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00025a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00025b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00025c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00025d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00025e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00025f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000260 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000261 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000262 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000263 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000264 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000265 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000266 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000267 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000268 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00026a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00026b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00026c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00026d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00026e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00026f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000270 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000271 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000272 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000273 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000274 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000275 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000276 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000277 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000278 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000279 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00027a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00027b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00027c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00027e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00027f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000280 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000281 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000282 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000283 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000284 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000285 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000286 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000287 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000288 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000289 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00028a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00028b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00028c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00028d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00028e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00028f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000290 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000292 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000293 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000294 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000295 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000296 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000297 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000298 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_000299 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00029a (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00029b (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00029c (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00029d (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00029e (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_00029f (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002a0 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002a1 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002a2 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002a3 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002a4 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002a6 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002a7 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002a8 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002a9 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002aa (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002ab (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002ac (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002ad (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002ae (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002af (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002b0 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002b1 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002b2 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002b3 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002b4 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002b5 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002b6 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002b7 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002b8 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002ba (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002bb (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002bc (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002bd (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002be (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002bf (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002c0 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002c1 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002c2 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002c3 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002c4 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002c5 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002c6 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002c7 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002c8 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002c9 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002ca (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002cb (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002cc (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002cd (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002ce (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002cf (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\f_0002d0 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\index (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\QuotaManager (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\QuotaManager-journal (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\databases\Databases.db (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\databases\Databases.db-journal (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\File System\Origins\000003.log (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\File System\Origins\000004.ldb (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\File System\Origins\000005.ldb (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\File System\Origins\000006.ldb (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\File System\Origins\000007.ldb (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\File System\Origins\CURRENT (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\File System\Origins\LOCK (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\File System\Origins\LOG (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\File System\Origins\MANIFEST-000001 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_nordic.businessinsider.com_0.indexeddb.leveldb\000003.log (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_nordic.businessinsider.com_0.indexeddb.leveldb\CURRENT (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_nordic.businessinsider.com_0.indexeddb.leveldb\LOCK (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_nordic.businessinsider.com_0.indexeddb.leveldb\LOG (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_nordic.businessinsider.com_0.indexeddb.leveldb\MANIFEST-000001 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_www.businessinsider.com_0.indexeddb.leveldb\000003.log (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_www.businessinsider.com_0.indexeddb.leveldb\CURRENT (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_www.businessinsider.com_0.indexeddb.leveldb\LOCK (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_www.businessinsider.com_0.indexeddb.leveldb\LOG (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_www.businessinsider.com_0.indexeddb.leveldb\MANIFEST-000001 (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\http_connexity.net_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\https_assets.bounceexchange.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\https_assets.bounceexchange.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\https_c.betrad.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\https_c.betrad.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\https_connexity.net_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\https_connexity.net_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\https_www.hayneedle.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\https_www.hayneedle.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\http_connexity.net_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\http_nordic.businessinsider.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\http_nordic.businessinsider.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\http_widgets.outbrain.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\http_widgets.outbrain.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\http_www.bhg.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\http_www.bhg.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\http_www.businessinsider.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\http_www.businessinsider.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\http_www.cbssports.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\http_www.cbssports.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\http_www.shape.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Local Storage\http_www.shape.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\cdn.dashbid.io\prod\r1test1.swf\dbStore.sol (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\egreader.com\analytics.sol (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\macromedia.com\support\flashplayer\sys\settings.sol (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\macromedia.com\support\flashplayer\sys\#cdn.dashbid.io\settings.sol (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\macromedia.com\support\flashplayer\sys\#eereader.com\settings.sol (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\macromedia.com\support\flashplayer\sys\#efreader.com\settings.sol (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\Users\andwong88\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\VBXTV9C8\macromedia.com\support\flashplayer\sys\#egreader.com\settings.sol (Trojan.Clicker.D) -> Delete on reboot. [246c3cb6eabe40f6e543f8ada55bb749]
C:\ProgramData\PrefsSecure\Nettrans.exe.config (Adware.Linkury) -> Delete on reboot. [5c345a986a3ee1554fb3cc6207fac739]
C:\ProgramData\PrefsSecure\prefs.xml (Adware.Linkury) -> Delete on reboot. [5c345a986a3ee1554fb3cc6207fac739]
C:\Users\andwong88\AppData\Local\ntuserlitelist\regtool\regtool.exe (Trojan.Clicker) -> Delete on reboot. [622e559d2c7ce2547783118c6d949e62]
C:\Program Files (x86)\ntuserlitelist\dataup\dataup.ini (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\dataup\help_dll.dll (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\dataup\NTSVC.ocx (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\cef.pak (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\cef_100_percent.pak (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\cef_200_percent.pak (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\cef_extensions.pak (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\d3dcompiler_47.dll (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\dbghelp.dll (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\debug.log (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\icudtl.dat (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\libcef.dll (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\libEGL.dll (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\libGLESv2.dll (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\natives_blob.bin (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\pepflashplayer.dll (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\snapshot_blob.bin (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\svcvmx.exe (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\svcvmx.log (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\vmxclient.exe (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\widevinecdm.dll (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\widevinecdmadapter.dll (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\locales\en-US.pak (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\svcvmx\locales\zh-CN.pak (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files (x86)\ntuserlitelist\winscr\winscr.exe (Trojan.Clicker) -> Delete on reboot. [444c539f5f4945f1c1845f4de21f52ae]
C:\Program Files\G3VWEN3NKU\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [0987767c9c0c1a1c90caaa023fc2d927]
C:\Program Files\G3VWEN3NKU\G3VWEN3NK.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [0987767c9c0c1a1c90caaa023fc2d927]
C:\Program Files\G3VWEN3NKU\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [0987767c9c0c1a1c90caaa023fc2d927]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 18 April 2017 - 09:25 PM

Awesome :) Now you should be able to download and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 andwong91

andwong91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 18 April 2017 - 09:30 PM

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/18/17
Scan Time: 7:26 PM
Logfile: 
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1757
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: LethalOrange\andwong88
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364750
Time Elapsed: 2 min, 20 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 8
PUP.Optional.S5Mark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\s5m, Delete-on-Reboot, [945], [383706],1.0.1757
PUP.Optional.Linkury, HKU\S-1-5-21-2970249747-3589578324-968742033-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}, Delete-on-Reboot, [299], [259313],1.0.1757
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch, Delete-on-Reboot, [98], [259989],1.0.1757
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\SlimWare Utilities, Inc.\DriverApp, Delete-on-Reboot, [882], [341522],1.0.1757
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, Delete-on-Reboot, [98], [259928],1.0.1757
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\mtApService, Delete-on-Reboot, [98], [259827],1.0.1757
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2970249747-3589578324-968742033-1000\SOFTWARE\mtApService, Delete-on-Reboot, [98], [259536],1.0.1757
PUP.Optional.Hicosmea, HKU\S-1-5-21-2970249747-3589578324-968742033-1000_Classes\WOW6432NODE\CLSID\{62BE5D10-60EB-11d0-BD3B-00A0C911CE86}, Delete-on-Reboot, [946], [341170],1.0.1757
 
Registry Value: 11
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Delete-on-Reboot, [98], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Delete-on-Reboot, [98], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2970249747-3589578324-968742033-1000\ENVIRONMENT|SNF, Delete-on-Reboot, [98], [-1],0.0.0
PUP.Optional.Linkury, HKU\S-1-5-21-2970249747-3589578324-968742033-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DISPLAYNAME, Delete-on-Reboot, [299], [259313],1.0.1757
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, Delete-on-Reboot, [98], [259989],1.0.1757
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2970249747-3589578324-968742033-1000\ENVIRONMENT|SNP, Delete-on-Reboot, [98], [259518],1.0.1757
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2970249747-3589578324-968742033-1000\ENVIRONMENT|SNF, Delete-on-Reboot, [98], [259517],1.0.1757
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2970249747-3589578324-968742033-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, Delete-on-Reboot, [98], [259987],1.0.1757
PUM.Optional.LowRiskFileTypes, HKU\S-1-5-21-2970249747-3589578324-968742033-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LOWRISKFILETYPES, Delete-on-Reboot, [15184], [251589],1.0.1757
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DISPLAYNAME, Delete-on-Reboot, [299], [259314],1.0.1757
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2970249747-3589578324-968742033-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, Delete-on-Reboot, [98], [259988],1.0.1757
 
Registry Data: 6
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2970249747-3589578324-968742033-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, Replace-on-Reboot, [98], [293485],1.0.1757
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2970249747-3589578324-968742033-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [98], [293485],1.0.1757
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2970249747-3589578324-968742033-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH BAR, Replace-on-Reboot, [98], [293485],1.0.1757
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2970249747-3589578324-968742033-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCHASSISTANT, Replace-on-Reboot, [98], [293485],1.0.1757
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Replace-on-Reboot, [299], [293477],1.0.1757
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2970249747-3589578324-968742033-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|DEFAULT_SEARCH_URL, Replace-on-Reboot, [98], [293486],1.0.1757
 
Data Stream: 0
(No malicious items detected)
 
Folder: 6
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads, Delete-on-Reboot, [1266], [334848],1.0.1757
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp, Delete-on-Reboot, [1266], [334848],1.0.1757
PUP.Optional.SlimCleanerPlus, C:\PROGRAMDATA\SlimWare Utilities, Inc, Delete-on-Reboot, [1266], [334848],1.0.1757
PUP.Optional.SlimCleanerPlus, C:\PROGRAM FILES (X86)\SlimDrivers, Delete-on-Reboot, [1266], [334846],1.0.1757
PUP.Optional.SlimCleanerPlus, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SLIMDRIVERS, Delete-on-Reboot, [1266], [335035],1.0.1757
PUP.Optional.S5Mark, C:\PROGRAM FILES (X86)\S5, Delete-on-Reboot, [945], [383706],1.0.1757
 
File: 30
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00403CDC63856F73FB741BEAFDFCB12D8000000000002AF2EE.exe, Delete-on-Reboot, [1266], [334848],1.0.1757
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\008613D54D37224B23D39A7F0432D11795000000000178A2D5.exe, Delete-on-Reboot, [1266], [334848],1.0.1757
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00B2EE0E07B14FA1A6AB9F96256AF7CE20000000000081FB60.exe, Delete-on-Reboot, [1266], [334848],1.0.1757
PUP.Optional.SlimCleanerPlus, C:\ProgramData\SlimWare Utilities, Inc\DriverApp\Downloads\00F378AA63F38CB495ECAB1C68C0D2296700000000103A7D31.exe, Delete-on-Reboot, [1266], [334848],1.0.1757
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers\Open-Source Licenses.txt, Delete-on-Reboot, [1266], [334846],1.0.1757
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe, Delete-on-Reboot, [1266], [334846],1.0.1757
PUP.Optional.SlimCleanerPlus, C:\Program Files (x86)\SlimDrivers\UnifiedLogger.dll, Delete-on-Reboot, [1266], [334846],1.0.1757
PUP.Optional.SlimCleanerPlus, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers Help.lnk, Delete-on-Reboot, [1266], [335035],1.0.1757
PUP.Optional.SlimCleanerPlus, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers.lnk, Delete-on-Reboot, [1266], [335035],1.0.1757
PUP.Optional.Linkury.ACMB1, C:\PROGRAMDATA\QVOFAX\X-COF.DLL, Delete-on-Reboot, [98], [319410],1.0.1757
PUP.Optional.Linkury.Gen, C:\USERS\ANDWONG88\APPDATA\ROAMING\LABDOM.TST, Delete-on-Reboot, [16598], [261636],1.0.1757
PUP.Optional.Linkury, C:\USERS\ANDWONG88\APPDATA\ROAMING\ZONEHOME.BIN, Delete-on-Reboot, [299], [331415],1.0.1757
PUP.Optional.Linkury.ACMB1, C:\PROGRAMDATA\QVOFAX\TECHSTATCORE.DLL, Delete-on-Reboot, [98], [319430],1.0.1757
PUP.Optional.Linkury.Generic, C:\USERS\ANDWONG88\APPDATA\ROAMING\AGENT.DAT, Delete-on-Reboot, [1951], [360491],1.0.1757
PUP.Optional.Linkury.ACMB1, C:\USERS\ANDWONG88\APPDATA\ROAMING\CONFIG.XML, Delete-on-Reboot, [98], [302553],1.0.1757
PUP.Optional.Linkury, C:\USERS\ANDWONG88\APPDATA\ROAMING\MD.XML, Delete-on-Reboot, [299], [258091],1.0.1757
PUP.Optional.Linkury.ACMB1, C:\USERS\ANDWONG88\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLY9F72V.DEFAULT\PREFS.JS, Replaced, [98], [302805],1.0.1757
PUP.Optional.Linkury.ACMB1, C:\USERS\ANDWONG88\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLY9F72V.DEFAULT\PREFS.JS, Replaced, [98], [303330],1.0.1757
PUP.Optional.Linkury.ACMB1, C:\USERS\ANDWONG88\APPDATA\ROAMING\INSTALLATIONCONFIGURATION.XML, Delete-on-Reboot, [98], [302554],1.0.1757
PUP.Optional.Linkury, C:\USERS\ANDWONG88\APPDATA\ROAMING\NOAH.DAT, Delete-on-Reboot, [299], [258092],1.0.1757
PUP.Optional.SlimCleanerPlus, C:\USERS\PUBLIC\DESKTOP\SLIMDRIVERS.LNK, Delete-on-Reboot, [1266], [334854],1.0.1757
PUP.Optional.S5Mark, C:\PROGRAM FILES (X86)\S5\S.EXE, Delete-on-Reboot, [945], [383706],1.0.1757
PUP.Optional.S5Mark, C:\Program Files (x86)\s5\u.exe, Delete-on-Reboot, [945], [383706],1.0.1757
Trojan.Clicker, C:\USERS\ANDWONG88\APPDATA\LOCAL\TEMP\1492562245\S5-20170325.ZIP, Delete-on-Reboot, [26], [387411],1.0.1757
PUP.Optional.IStartSurf, C:\USERS\ANDWONG88\APPDATA\LOCAL\TEMP\CODECFIXDIVX.EXE, Delete-on-Reboot, [86], [381337],1.0.1757
Trojan.Clicker, C:\USERS\ANDWONG88\APPDATA\LOCAL\TEMP\1492562245\S5M_INSTALL_325.ZIP, Delete-on-Reboot, [26], [387412],1.0.1757
PUP.Optional.WhatsYourName, C:\USERS\ANDWONG88\APPDATA\LOCAL\TEMP\GLOBAL_INSTALLER.EXE, Delete-on-Reboot, [8033], [388274],1.0.1757
PUP.Optional.Linkury.ACMB1, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\SEARCHPLUGINS\FINDIT.XML, Delete-on-Reboot, [98], [259511],1.0.1757
PUP.Optional.SlimCleanerPlus, C:\WINDOWS\TASKS\SLIMDRIVERS STARTUP.JOB, Delete-on-Reboot, [1266], [334888],1.0.1757
PUP.Optional.SlimCleanerPlus, C:\WINDOWS\SYSTEM32\TASKS\SLIMDRIVERS STARTUP, Delete-on-Reboot, [1266], [334890],1.0.1757
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 18 April 2017 - 09:35 PM

Good, that was fast. Now we'll do a sweep with JRT and AdwCleaner since these infections often leave remnants behind.

iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 andwong91

andwong91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 18 April 2017 - 09:46 PM

JRT Log: 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Ultimate x64 
Ran by andwong88 (Administrator) on 04/18/2017 Tue at 19:36:10.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 61 
 
Successfully deleted: C:\end (File) 
Successfully deleted: C:\ProgramData\avg security toolbar (Folder) 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\28050 (Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\drivertoolkit (Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\malwareprotectionlive (Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\slimware utilities inc (Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Roaming\Mozilla\Firefox\Profiles\tly9f72v.default\searchplugins\avg-secure-search.xml (File) 
Successfully deleted: C:\Users\andwong88\AppData\Roaming\productdata (Folder) 
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\DriverToolkit Autorun (Task)
Successfully deleted: C:\Windows\Tasks\DriverToolkit Autorun.job (Task) 
Successfully deleted: C:\Program Files\drivertoolkit (Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22QBS3KT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\231XFYBE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\29D0I54U (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\325AX01O (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3J0K5MSI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69T8TN5H (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89XKXNX3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9R8LIR6B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9XJ5TU26 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I372TGHN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQ9RQRY4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ISIBZEFM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1JN9YXS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ORXLAI7D (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T17GIH69 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA0M7MJA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VFZ2UXWN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6LQDQ62 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YKL7Z7HN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\andwong88\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZP2UO6BU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22QBS3KT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\231XFYBE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\29D0I54U (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\325AX01O (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3J0K5MSI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69T8TN5H (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89XKXNX3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9R8LIR6B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9XJ5TU26 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I372TGHN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQ9RQRY4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ISIBZEFM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1JN9YXS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ORXLAI7D (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T17GIH69 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA0M7MJA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VFZ2UXWN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6LQDQ62 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YKL7Z7HN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZP2UO6BU (Temporary Internet Files Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/18/2017 Tue at 19:38:21.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
=============================================================================================================================================================================
 
AdwCleaner:
 
# AdwCleaner v6.045 - Logfile created 18/04/2017 at 19:43:16
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-18.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : andwong88 - LETHALORANGE
# Running from : D:\Desktop\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: Updater
[-] Service deleted: swdumon
[-] Service deleted: Qvofax
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\andwong88\AppData\Local\llssoft
[-] Folder deleted: C:\Users\andwong88\AppData\LocalLow\avg web tuneup
[-] Folder deleted: C:\ProgramData\Qvofax
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Qvofax
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\avg web tuneup
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\andwong88\AppData\Roaming\Installer.dat
[-] File deleted: C:\Users\andwong88\AppData\Roaming\Main.dat
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap
[-] Key deleted: HKLM\SOFTWARE\Classes\speedupmypc
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Prod.cap
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\speedupmypc
[-] Key deleted: HKU\S-1-5-21-2970249747-3589578324-968742033-1000\Software\DriverToolkit
[-] Key deleted: HKU\S-1-5-21-2970249747-3589578324-968742033-1000\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\DriverToolkit
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: HKLM\SOFTWARE\BrowserSafeGuard
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\YourFileDownloader
[-] Key deleted: HKLM\SOFTWARE\xs
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{746AB259-6474-4111-8966-1C62F9A6E063}
[#] Key deleted on reboot: [x64] HKCU\Software\DriverToolkit
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\952BA647474611149866C1269F6A0E36
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\952BA647474611149866C1269F6A0E36
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\952BA647474611149866C1269F6A0E36
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\952BA647474611149866C1269F6A0E36
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\952BA647474611149866C1269F6A0E36
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [3558 Bytes] - [18/04/2017 19:43:16]
C:\AdwCleaner\AdwCleaner[S0].txt - [3577 Bytes] - [18/04/2017 19:42:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3704 Bytes] ##########
 


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 19 April 2017 - 09:20 AM

Good :) Now let's grab a fresh set of FRST logs and see if there's anything left to remove manually.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Download the right version of FRST for your system:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your Desktop;
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Make sure the Addition.txt box is checked;
  • Click on the Scan button;
    KSJwAxg.png
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 andwong91

andwong91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 19 April 2017 - 09:27 PM

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2017
Ran by andwong88 (administrator) on LETHALORANGE (19-04-2017 19:16:17)
Running from D:\Downloads
Loaded Profiles: andwong88 (Available Profiles: andwong88)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Flux Software LLC) C:\Users\andwong88\AppData\Local\FluxSoftware\Flux\flux.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hammer & Chisel, Inc.) C:\Users\andwong88\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\andwong88\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\andwong88\AppData\Local\Discord\app-0.0.297\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\LeagueClient.exe
() D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\LeagueClientUx.exe
() D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\LeagueClientUxRender.exe
() D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\LeagueClientUxRender.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8804608 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WindowsDefender] => -
HKU\S-1-5-21-2970249747-3589578324-968742033-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-2970249747-3589578324-968742033-1000\...\Run: [Google Update] => C:\Users\andwong88\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateCore.exe [599632 2017-04-10] (Google Inc.)
HKU\S-1-5-21-2970249747-3589578324-968742033-1000\...\Run: [f.lux] => C:\Users\andwong88\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2970249747-3589578324-968742033-1000\...\Run: [Windows Defender] => -
HKU\S-1-5-21-2970249747-3589578324-968742033-1000\...\MountPoints2: {98725754-4987-11e4-a501-448a5b6766d8} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2970249747-3589578324-968742033-1000\...\MountPoints2: {ac60066e-bf66-11e3-98e6-448a5b6766d8} - G:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\andwong88\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\andwong88\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\andwong88\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\andwong88\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\andwong88\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\andwong88\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\andwong88\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\andwong88\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\andwong88\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-04-07]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{7364C716-1212-4EAE-B0C9-A31D1E797BF8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{0A549688-275E-4D96-801F-1373619DE8B8}: [NameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-04-02] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-04-02] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-02] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-04-02] (Microsoft Corporation)
BHO-x32: LEC -> {4A241D35-F7EB-401b-8C5B-A904A50F280E} -> C:\Program Files (x86)\Power Translator 15\Applications\LEC IE Translation Extension.dll [2011-07-05] (Language Engineering Corporation, LLC)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-10] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-04-02] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-04-02] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-10] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files (x86)\Power Translator 15\Applications\LEC IE Translation Extension.dll [2011-07-05] (Language Engineering Corporation, LLC)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://connect.bechtel.com/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-02] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\andwong88\AppData\Roaming\Mozilla\Firefox\Profiles\tly9f72v.default [2017-04-19]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\tly9f72v.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\tly9f72v.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\tly9f72v.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\tly9f72v.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\andwong88\AppData\Roaming\Mozilla\Firefox\Profiles\tly9f72v.default\Extensions\elemhidehelper@adblockplus.org.xpi [2017-03-10]
FF Extension: (Reddit Enhancement Suite) - C:\Users\andwong88\AppData\Roaming\Mozilla\Firefox\Profiles\tly9f72v.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2016-09-19]
FF Extension: (Google Translator for Firefox) - C:\Users\andwong88\AppData\Roaming\Mozilla\Firefox\Profiles\tly9f72v.default\Extensions\translator@zoli.bod.xpi [2017-03-20]
FF Extension: (uBlock Origin) - C:\Users\andwong88\AppData\Roaming\Mozilla\Firefox\Profiles\tly9f72v.default\Extensions\uBlock0@raymondhill.net.xpi [2017-03-10]
FF Extension: (CouponsHelper) - C:\Users\andwong88\AppData\Roaming\Mozilla\Firefox\Profiles\tly9f72v.default\Extensions\{239cc760-75a9-4276-b1fc-c0ceb963f373}.xpi [2016-09-27]
FF Extension: (Cookies Manager+) - C:\Users\andwong88\AppData\Roaming\Mozilla\Firefox\Profiles\tly9f72v.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2017-03-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2014-03-24] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [1999-12-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [1999-12-31] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-04-02] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-04-02] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2014-08-21] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\Program Files\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Program Files\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2970249747-3589578324-968742033-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\andwong88\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2970249747-3589578324-968742033-1000: @talk.google.com/O1DPlugin -> C:\Users\andwong88\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2970249747-3589578324-968742033-1000: @tools.google.com/Google Update;version=3 -> C:\Users\andwong88\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2970249747-3589578324-968742033-1000: @tools.google.com/Google Update;version=9 -> C:\Users\andwong88\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2970249747-3589578324-968742033-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\andwong88\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-20] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\andwong88\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\andwong88\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.reddit.com/
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=875977&fr=yo-yhp-ch"
CHR Profile: C:\Users\andwong88\AppData\Local\Google\Chrome\User Data\Default [2017-04-19]
CHR Extension: (Google Translate) - C:\Users\andwong88\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-02-25]
CHR Extension: (Google Slides) - C:\Users\andwong88\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-23]
CHR Extension: (Google Docs) - C:\Users\andwong88\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-23]
CHR Extension: (Google Drive) - C:\Users\andwong88\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-13]
CHR Extension: (YouTube) - C:\Users\andwong88\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-23]
CHR Extension: (uBlock Origin) - C:\Users\andwong88\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-04-16]
CHR Extension: (Google Search) - C:\Users\andwong88\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
CHR Extension: (Adobe Acrobat) - C:\Users\andwong88\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Google Sheets) - C:\Users\andwong88\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-13]
CHR Extension: (EditThisCookie) - C:\Users\andwong88\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-03-26]
CHR Extension: (Google Docs Offline) - C:\Users\andwong88\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\andwong88\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-02-15]
CHR Extension: (PDF Merge - PDF Files Merger) - C:\Users\andwong88\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndolbcaghkmhjhgggldkgjibdilpbdbm [2017-02-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\andwong88\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\andwong88\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\andwong88\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-04-09] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294920 2017-04-03] (Microsoft Corporation)
S4 Ds3Service; D:\Program Files\SCP Toolkit\ScpService.exe [389632 2016-01-10] (Scarlet.Crush Productions) [File not signed]
S4 GalaxyClientService; M:\GalaxyClient\GalaxyClientService.exe [244800 2016-07-10] (GOG.com)
S4 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6211648 2016-06-21] (GOG.com)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S4 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 1999-12-31] (Intel Corporation)
S4 LEC TranslateDotNet Server; C:\Program Files (x86)\Power Translator 15\LogoMedia TranslateDotNet Server.exe [1955520 2011-07-05] (Language Engineering Corporation, LLC)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2100736 2014-06-04] (MSI) [File not signed]
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4026368 2014-06-06] (MSI) [File not signed]
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2118144 2014-06-03] () [File not signed]
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4157440 2014-06-17] () [File not signed]
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [1990144 2014-06-03] () [File not signed]
S3 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2250240 2014-06-06] () [File not signed]
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2063360 2014-06-04] () [File not signed]
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [549888 2014-06-10] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3482368 2014-06-17] (INCA Internet Co., Ltd.)
S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-02-23] (NVIDIA Corporation)
S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-02-23] (NVIDIA Corporation)
S4 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-16] (NVIDIA Corporation)
S4 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-10-28] (Electronic Arts)
S4 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-10-28] (Electronic Arts)
S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1325384 2017-03-21] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-06-03] ()
S4 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-01-22] (Qualcomm Atheros) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [15888 2013-04-01] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AcpiCtlDrv; C:\Windows\System32\DRIVERS\AcpiCtlDrv.sys [25880 2012-07-17] (Intel Corporation)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [80080 2013-11-08] (Qualcomm Atheros, Inc.)
S3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [43000 2017-01-20] (Corsair)
S3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [27640 2017-01-20] (Corsair)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-29] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-22] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [25448 2013-01-07] (Intel Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2017-01-10] (hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-18] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-18] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-18] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-18] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-04-18] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 1999-12-31] (Intel Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [59448 2017-02-23] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [42600 1999-12-31] (Synaptics Incorporated)
S2 STEC3; C:\Windows\SysWOW64\STEC3.sys [2368 2016-08-30] (AntiCracking) [File not signed]
R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54344 2016-11-22] (Intel Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S1 nbhzpoir; \??\C:\Windows\system32\drivers\nbhzpoir.sys [X]
S3 NTIOLib_MSIClock_CC; \??\C:\Program Files (x86)\MSI\CommandCenter\ClockGen\NTIOLib_X64.sys [X]
S3 NTIOLib_MSICOMM_CC; \??\C:\Program Files (x86)\MSI\CommandCenter\NTIOLib_X64.sys [X]
S3 NTIOLib_MSICPU_CC; \??\C:\Program Files (x86)\MSI\CommandCenter\CPU\NTIOLib_X64.sys [X]
S3 NTIOLib_MSIDDR_CC; \??\C:\Program Files (x86)\MSI\CommandCenter\DDR\NTIOLib_X64.sys [X]
S3 NTIOLib_MSIFrequency_CC; \??\C:\Program Files (x86)\MSI\CommandCenter\ClockGen\CPU_Frequency\NTIOLib_X64.sys [X]
S3 NTIOLib_MSIRatio_CC; \??\C:\Program Files (x86)\MSI\CommandCenter\CPU\CPU_Ratio\NTIOLib_X64.sys [X]
S3 NTIOLib_MSISMB_CC; \??\C:\Program Files (x86)\MSI\CommandCenter\SMBus\NTIOLib_X64.sys [X]
S3 NTIOLib_MSISuperIO_CC; \??\C:\Program Files (x86)\MSI\CommandCenter\SuperIO\NTIOLib_X64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-18 19:40 - 2017-04-18 19:43 - 00000000 ____D C:\AdwCleaner
2017-04-18 19:25 - 2017-04-18 19:44 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-18 19:25 - 2017-04-18 19:44 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-18 19:25 - 2017-04-18 19:44 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-18 19:25 - 2017-04-18 19:25 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-18 19:25 - 2017-03-22 11:02 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-18 18:56 - 2017-04-18 19:44 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-18 18:56 - 2017-04-18 19:25 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-04-18 18:27 - 2017-04-19 19:16 - 00000000 ____D C:\FRST
2017-04-18 17:37 - 2017-04-18 19:20 - 00000000 ____D C:\Users\andwong88\AppData\Local\rctuni
2017-04-18 17:37 - 2017-04-18 19:20 - 00000000 ____D C:\Users\andwong88\AppData\Local\feikee
2017-04-18 17:37 - 2017-04-18 17:37 - 00000000 ____D C:\Users\andwong88\AppData\Roaming\c
2017-04-14 16:48 - 2017-04-14 16:48 - 00000000 ____D C:\Users\andwong88\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-04-12 17:16 - 2017-03-27 11:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 17:16 - 2017-03-27 10:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 17:16 - 2017-03-25 12:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 17:16 - 2017-03-25 12:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 17:16 - 2017-03-25 12:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 17:16 - 2017-03-25 11:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 17:16 - 2017-03-25 11:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 17:16 - 2017-03-25 11:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 17:16 - 2017-03-25 11:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 17:16 - 2017-03-25 11:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 17:16 - 2017-03-25 11:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 17:16 - 2017-03-25 11:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-04-12 17:16 - 2017-03-25 11:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 17:16 - 2017-03-25 11:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 17:16 - 2017-03-25 11:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-04-12 17:16 - 2017-03-25 11:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 17:16 - 2017-03-25 11:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-04-12 17:16 - 2017-03-25 11:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-04-12 17:16 - 2017-03-25 11:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-12 17:16 - 2017-03-25 11:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-04-12 17:16 - 2017-03-25 11:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-04-12 17:16 - 2017-03-25 11:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-12 17:16 - 2017-03-25 11:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-04-12 17:16 - 2017-03-25 11:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-04-12 17:16 - 2017-03-25 11:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-04-12 17:16 - 2017-03-25 11:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-04-12 17:16 - 2017-03-25 11:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-04-12 17:16 - 2017-03-25 11:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-04-12 17:16 - 2017-03-25 11:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-12 17:16 - 2017-03-25 11:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-12 17:16 - 2017-03-25 11:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-12 17:16 - 2017-03-25 11:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-12 17:16 - 2017-03-25 11:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-12 17:16 - 2017-03-25 11:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-12 17:16 - 2017-03-25 11:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 17:16 - 2017-03-25 11:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-12 17:16 - 2017-03-25 11:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 17:16 - 2017-03-25 11:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-12 17:16 - 2017-03-25 11:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-12 17:16 - 2017-03-25 10:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-12 17:16 - 2017-03-25 10:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 17:16 - 2017-03-25 10:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-12 17:16 - 2017-03-25 10:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-12 17:16 - 2017-03-25 10:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-12 17:16 - 2017-03-25 10:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 17:16 - 2017-03-25 10:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-12 17:16 - 2017-03-25 10:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 17:16 - 2017-03-25 10:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-12 17:16 - 2017-03-25 10:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-12 17:16 - 2017-03-25 10:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-12 17:16 - 2017-03-25 10:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-12 17:16 - 2017-03-25 10:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-12 17:16 - 2017-03-25 10:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-12 17:16 - 2017-03-25 10:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-04-12 17:16 - 2017-03-25 10:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-12 17:16 - 2017-03-25 10:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-04-12 17:16 - 2017-03-25 10:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 17:16 - 2017-03-25 10:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 17:16 - 2017-03-25 09:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 17:16 - 2017-03-25 09:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 17:16 - 2017-03-25 09:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-12 17:16 - 2017-03-25 09:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 17:16 - 2017-03-25 09:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-04-12 17:16 - 2017-03-25 09:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 17:16 - 2017-03-25 09:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 17:16 - 2017-03-25 09:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 17:16 - 2017-03-24 15:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 17:16 - 2017-03-24 15:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 17:16 - 2017-03-22 08:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 17:16 - 2017-03-22 08:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 17:16 - 2017-03-22 08:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 17:16 - 2017-03-22 08:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-12 17:16 - 2017-03-22 08:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 17:16 - 2017-03-22 08:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 17:16 - 2017-03-22 08:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 17:16 - 2017-03-22 08:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 17:16 - 2017-03-22 08:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-12 17:16 - 2017-03-22 08:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 17:16 - 2017-03-22 08:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-12 17:16 - 2017-03-22 08:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-12 17:16 - 2017-03-22 08:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 17:16 - 2017-03-22 08:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 17:16 - 2017-03-22 08:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 17:16 - 2017-03-22 08:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-12 17:16 - 2017-03-14 08:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 17:16 - 2017-03-14 08:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 17:16 - 2017-03-14 08:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-12 17:16 - 2017-03-10 09:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 17:16 - 2017-03-10 09:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-12 17:16 - 2017-03-10 09:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 17:16 - 2017-03-10 09:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-12 17:16 - 2017-03-10 09:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-12 17:16 - 2017-03-10 09:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 17:16 - 2017-03-10 09:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-12 17:16 - 2017-03-10 09:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-12 17:16 - 2017-03-10 09:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-12 17:16 - 2017-03-10 09:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 17:16 - 2017-03-10 08:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 17:16 - 2017-03-08 13:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-12 17:16 - 2017-03-08 13:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-04-12 17:16 - 2017-03-07 21:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-12 17:16 - 2017-03-07 21:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-12 17:16 - 2017-03-07 21:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-12 17:16 - 2017-03-07 21:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-12 17:16 - 2017-03-07 21:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-12 17:16 - 2017-03-07 21:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-12 17:16 - 2017-03-07 21:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-12 17:16 - 2017-03-07 21:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-12 17:16 - 2017-03-07 21:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 21:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-12 17:16 - 2017-03-07 21:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-12 17:16 - 2017-03-07 21:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-12 17:16 - 2017-03-07 21:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-12 17:16 - 2017-03-07 21:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-12 17:16 - 2017-03-07 20:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-12 17:16 - 2017-03-07 20:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-12 17:16 - 2017-03-07 20:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 17:16 - 2017-03-07 20:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 17:16 - 2017-03-07 20:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 17:16 - 2017-03-07 20:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-12 17:16 - 2017-03-07 20:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-12 17:16 - 2017-03-07 20:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-12 17:16 - 2017-03-07 20:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-12 17:16 - 2017-03-07 20:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-12 17:16 - 2017-03-07 20:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-12 17:16 - 2017-03-07 20:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-12 17:16 - 2017-03-07 20:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 20:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 20:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 20:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-12 17:16 - 2017-03-07 09:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 17:16 - 2017-03-07 09:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 17:16 - 2017-03-07 07:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-12 17:16 - 2017-03-03 18:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 17:16 - 2017-03-03 18:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 17:16 - 2017-03-03 18:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 17:16 - 2017-03-03 18:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 17:16 - 2016-03-23 15:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-12 17:16 - 2016-03-23 15:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-04-10 16:45 - 2017-04-10 16:45 - 00000000 ____D C:\Users\andwong88\AppData\LocalLow\1_2_0v
2017-04-09 15:04 - 2017-04-09 15:04 - 00000000 ____D C:\Users\andwong88\AppData\Local\TslGame
2017-04-02 19:48 - 2017-04-02 19:48 - 00000000 ____D C:\Users\andwong88\AppData\LocalLow\Pixel Crow
2017-04-02 08:06 - 2017-04-02 08:06 - 00000000 ____D C:\Users\andwong88\AppData\LocalLow\Infinite Fall
2017-04-01 08:08 - 2017-04-01 08:08 - 00000000 ____D C:\Users\andwong88\AppData\LocalLow\1_0_1ver
2017-03-26 08:07 - 2017-02-14 09:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-03-26 08:07 - 2017-02-14 09:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-03-26 08:07 - 2017-02-11 09:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-03-26 08:07 - 2017-02-11 09:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-03-26 08:07 - 2017-02-09 09:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-03-26 08:07 - 2017-02-09 09:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-03-26 08:07 - 2017-02-09 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-03-26 08:07 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-03-20 20:16 - 2017-03-20 20:16 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-20 20:16 - 2017-03-16 15:56 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-03-20 20:16 - 2017-01-25 17:13 - 00103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-03-20 20:16 - 2017-01-25 17:12 - 00326656 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-03-20 20:16 - 2017-01-25 17:09 - 00322560 _____ C:\Windows\system32\vulkan-1.dll
2017-03-20 20:16 - 2017-01-25 17:09 - 00118272 _____ C:\Windows\system32\vulkaninfo.exe
2017-03-20 20:15 - 2017-03-16 17:59 - 40190400 _____ C:\Windows\system32\nvcompiler.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 34952760 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 19006832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 14674712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 14434360 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-03-20 20:15 - 2017-03-16 17:59 - 11122912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 11019888 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 09306312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 08990256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 03627064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 03187256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437892.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437892.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 01053240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 00989120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 00959424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 00912440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 00687408 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 00504104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 00500792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 00425104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 00408272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-03-20 20:15 - 2017-03-16 17:59 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-19 18:47 - 2015-06-16 17:06 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2970249747-3589578324-968742033-1000UA.job
2017-04-19 18:47 - 2015-06-16 17:06 - 00000882 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2970249747-3589578324-968742033-1000Core.job
2017-04-19 17:12 - 2014-04-07 20:42 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-19 17:09 - 2014-08-31 22:31 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-19 17:05 - 2009-07-13 21:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-19 17:05 - 2009-07-13 21:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-19 17:01 - 2015-01-02 17:58 - 16026662 _____ C:\Windows\system32\perfh011.dat
2017-04-19 17:01 - 2015-01-02 17:58 - 06363608 _____ C:\Windows\system32\perfh012.dat
2017-04-19 17:01 - 2015-01-02 17:58 - 05486542 _____ C:\Windows\system32\perfc011.dat
2017-04-19 17:01 - 2015-01-02 17:58 - 05334886 _____ C:\Windows\system32\perfc012.dat
2017-04-19 17:01 - 2009-07-13 22:13 - 00006512 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-19 16:57 - 2015-03-08 00:20 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-04-19 16:57 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-18 20:47 - 2017-03-01 07:15 - 00000000 ____D C:\Windows\pss
2017-04-18 19:44 - 2015-01-11 16:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-18 19:44 - 2014-10-01 22:35 - 00000000 ____D C:\Users\andwong88\AppData\Local\HTC MediaHub
2017-04-18 19:29 - 2014-04-07 20:02 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-18 19:25 - 2014-04-10 10:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-18 18:04 - 2014-04-07 19:54 - 00000000 ____D C:\Users\andwong88
2017-04-18 18:04 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2017-04-18 18:04 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-04-18 17:58 - 2016-01-07 17:19 - 00000000 ____D C:\Users\andwong88\AppData\Local\CrashDumps
2017-04-18 17:39 - 2014-04-07 19:54 - 00001437 _____ C:\Users\andwong88\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-04-18 17:37 - 2014-05-29 21:59 - 00000000 ____D C:\Users\andwong88\AppData\Roaming\tixati
2017-04-18 06:25 - 2016-12-21 18:44 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-18 06:25 - 2016-12-21 18:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-17 06:04 - 2009-07-13 22:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-14 16:49 - 2014-04-07 21:22 - 00000000 ____D C:\Users\andwong88\AppData\Roaming\Dropbox
2017-04-14 16:49 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2017-04-13 21:47 - 2017-03-10 12:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-13 21:47 - 2016-05-12 20:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-13 21:47 - 2014-12-24 17:09 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-13 06:07 - 2015-06-15 10:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-13 06:07 - 2015-06-15 10:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-13 06:07 - 2009-07-13 21:45 - 00444944 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-12 18:14 - 2014-04-24 23:50 - 00000000 ____D C:\Users\andwong88\AppData\Roaming\vlc
2017-04-12 17:19 - 2015-06-15 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-11 17:17 - 2014-08-31 22:31 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-11 17:17 - 2014-08-31 22:31 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-11 06:26 - 2014-04-08 16:42 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-11 06:26 - 2014-04-08 16:42 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-11 06:26 - 2014-04-08 16:42 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-11 06:26 - 2014-04-08 16:42 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-11 06:26 - 2014-04-08 16:42 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-10 17:01 - 2015-06-26 21:02 - 00003514 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2970249747-3589578324-968742033-1000UA
2017-04-10 17:01 - 2015-06-26 21:02 - 00003242 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2970249747-3589578324-968742033-1000Core
2017-04-09 15:04 - 2016-09-09 18:36 - 00000000 ____D C:\Users\andwong88\AppData\Local\UnrealEngine
2017-04-09 15:03 - 2014-04-07 20:53 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-07 15:06 - 2010-11-20 20:27 - 00532136 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-04-03 21:25 - 2014-04-08 16:11 - 00000000 ____D C:\Users\andwong88\AppData\Local\Battle.net
2017-04-01 21:40 - 2016-05-03 21:28 - 00000000 ____D C:\Users\andwong88\AppData\Roaming\KeePass
2017-04-01 13:01 - 2016-03-01 06:24 - 00000078 _____ C:\Users\andwong88\AppData\Roaming\krenvprf.kep
2017-03-28 17:07 - 2015-05-31 18:36 - 00000000 ____D C:\Users\andwong88\AppData\Local\NVIDIA Corporation
2017-03-27 06:30 - 2015-05-20 16:53 - 00000000 ____D C:\ProgramData\IObit
2017-03-24 13:13 - 2015-10-11 19:13 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-03-22 22:01 - 2016-04-23 21:03 - 00000000 ____D C:\Users\andwong88\AppData\Local\Spotify
2017-03-22 21:29 - 2016-04-23 21:03 - 00000000 ____D C:\Users\andwong88\AppData\Roaming\Spotify
2017-03-21 06:03 - 2014-04-07 20:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-20 20:17 - 2017-03-10 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-03-20 20:17 - 2015-05-31 18:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-20 20:16 - 2014-10-01 22:24 - 00000000 ____D C:\Temp
 
==================== Files in the root of some directories =======
 
2016-10-25 19:14 - 2010-01-15 10:36 - 0075040 _____ () C:\Program Files (x86)\Common Files\SpeechUninstall.exe
2016-03-01 06:24 - 2017-04-01 13:01 - 0000078 _____ () C:\Users\andwong88\AppData\Roaming\krenvprf.kep
2014-04-07 19:58 - 2014-04-07 19:58 - 0000000 _____ () C:\Users\andwong88\AppData\Local\Driver_LOM_8161Present.flag
2015-07-06 21:57 - 2015-07-06 22:02 - 0007604 _____ () C:\Users\andwong88\AppData\Local\Resmon.ResmonCfg
2014-10-17 18:41 - 2014-10-17 18:41 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
2017-04-18 17:57 - 2017-04-18 17:57 - 0754176 _____ () C:\Users\andwong88\AppData\Local\Temp\DMDD__11426_il6.exe
2017-04-18 17:37 - 2017-04-18 17:37 - 0028672 _____ (Western Visayas College of Science and TechnologyT) C:\Users\andwong88\AppData\Local\Temp\fox.exe
2017-04-18 17:37 - 2017-04-18 17:37 - 0016384 _____ (DoxX) C:\Users\andwong88\AppData\Local\Temp\kube.exe
2017-01-26 18:54 - 2017-02-23 01:17 - 0754168 _____ (NVIDIA Corporation) C:\Users\andwong88\AppData\Local\Temp\nvSCPAPI.dll
2017-01-26 18:54 - 2017-02-23 01:17 - 0868152 _____ (NVIDIA Corporation) C:\Users\andwong88\AppData\Local\Temp\nvSCPAPI64.dll
2017-03-10 09:35 - 2017-02-23 01:17 - 0354176 _____ (NVIDIA Corporation) C:\Users\andwong88\AppData\Local\Temp\nvStInst.exe
2017-04-18 17:36 - 2017-04-18 17:36 - 2626924 _____ () C:\Users\andwong88\AppData\Local\Temp\pi.exe
2017-04-18 17:37 - 2017-04-18 17:37 - 0488448 _____ () C:\Users\andwong88\AppData\Local\Temp\s5m.exe
2016-10-14 16:52 - 2016-10-14 16:53 - 7878656 _____ () C:\Users\andwong88\AppData\Local\Temp\SkypeSetup.exe
2017-04-18 17:37 - 2017-04-18 17:37 - 4320815 _____ () C:\Users\andwong88\AppData\Local\Temp\start.exe
2017-04-18 17:37 - 2017-04-18 17:37 - 1249917 _____ (VideoBox                                                    ) C:\Users\andwong88\AppData\Local\Temp\vbsetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-14 16:41
 
==================== End of FRST.txt ============================


#11 andwong91

andwong91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 19 April 2017 - 09:28 PM

Addition log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2017
Ran by andwong88 (19-04-2017 19:16:36)
Running from D:\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2014-04-08 02:54:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2970249747-3589578324-968742033-500 - Administrator - Disabled)
andwong88 (S-1-5-21-2970249747-3589578324-968742033-1000 - Administrator - Enabled) => C:\Users\andwong88
Guest (S-1-5-21-2970249747-3589578324-968742033-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2970249747-3589578324-968742033-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Aarklash: Legacy (HKLM-x32\...\Steam App 222640) (Version:  - Cyanide)
Ace of Spades (HKLM-x32\...\Steam App 224540) (Version:  - Jagex Limited)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Agarest Zero (HKLM-x32\...\Steam App 260130) (Version:  - Idea Factory)
Ansel (Version: 378.92 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ATLAS Translation Standard V14.0 Trial Version (HKLM-x32\...\{6652750B-AA69-49B7-9D09-C0A28B6FFC9F}) (Version: 14.00.2000 - FUJITSU LIMITED)
Barony (HKLM\...\Steam App 371970) (Version:  - Turning Wheel LLC)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield™ 1 Open Beta (HKLM-x32\...\{F9E19363-7B10-4F8A-8640-945C36D4B504}) (Version: 1.0.8.10777 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 8.4 - Codeusa Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Chroma Squad (HKLM\...\Steam App 251130) (Version:  - Behold Studios)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
DARK SOULS III (HKLM\...\Steam App 374320) (Version:  - FromSoftware, Inc.)
DARK SOULS™ II: Scholar of the First Sin (HKLM-x32\...\Steam App 335300) (Version:  - FromSoftware, Inc)
Darksiders II (HKLM-x32\...\Steam App 50650) (Version:  - Vigil Games)
DEADBOLT (HKLM\...\Steam App 394970) (Version:  - Hopoo Games, LLC)
Deus Ex: Human Revolution (HKLM\...\Steam App 28050) (Version:  - Eidos Montreal)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2970249747-3589578324-968742033-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version:  - Larian Studios)
Divinity: Original Sin Enhanced Edition (HKLM-x32\...\Steam App 373420) (Version:  - Larian Studios)
Dragon's Dogma: Dark Arisen (HKLM\...\Steam App 367500) (Version:  - Capcom)
Dropbox (HKU\S-1-5-21-2970249747-3589578324-968742033-1000\...\Dropbox) (Version: 23.4.19 - Dropbox, Inc.)
Dungeon of the Endless (HKLM-x32\...\Steam App 249050) (Version:  - AMPLITUDE Studios)
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
Ember (HKLM\...\Steam App 339580) (Version:  - N-Fusion Interactive)
ENslaveD_Elf_full (HKU\S-1-5-21-2970249747-3589578324-968742033-1000\...\ENslaveD_Elf_full) (Version:  - )
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
f.lux (HKU\S-1-5-21-2970249747-3589578324-968742033-1000\...\Flux) (Version:  - )
Game Dev Tycoon (HKLM\...\Steam App 239820) (Version:  - Greenheart Games)
Game of Thrones - A Telltale Games Series (HKLM-x32\...\Steam App 330840) (Version:  - Telltale Games)
Geometry Dash (HKLM\...\Steam App 322170) (Version:  - RobTop Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Grim Dawn (HKLM-x32\...\1449651388_is1) (Version: 2.6.0.11 - GOG.com)
Hacknet (HKLM\...\Steam App 365450) (Version:  - Team Fractal Alligator)
HF pAppLoc version 1.1 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.1 - Inquisitor)
HITMAN™ (HKLM\...\Steam App 236870) (Version:  - Io-Interactive)
Hotline Miami 2: Wrong Number (HKLM\...\Steam App 274170) (Version:  - Dennaton Games)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.72.3 - HTC)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Ma・ Hz)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Icecream PDF Split and Merge version 1.03 (HKLM-x32\...\{95DC4DB4-99FB-4FB2-ADBD-97F194EDEB4D}_is1) (Version: 1.03 - Icecream Apps)
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version:  - Intel Corporation)
Iron Snout (HKLM-x32\...\Steam App 424280) (Version:  - SnoutUp)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2970249747-3589578324-968742033-1000\...\Juniper_Setup_Client) (Version: 7.4.11.47145 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKU\S-1-5-21-2970249747-3589578324-968742033-1000\...\Juniper_Term_Services) (Version: 7.4.0.31481 - Juniper Networks)
KeePass Password Safe 2.34 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.34 - Dominik Reichl)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LEC Translate (HKLM-x32\...\{B593248E-8CD9-4C54-AD3C-F6848C6A4209}) (Version: 1.00.0004 - Language Engineering, LLC)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LISA (HKLM-x32\...\Steam App 335670) (Version:  - Dingaling)
Mad Max (HKLM\...\Steam App 234140) (Version:  - Avalanche Studios)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (한국어) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (日本語) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7369.2127 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mount & Blade: Warband (HKLM\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM\...\Steam App 48720) (Version:  - TaleWorlds Entertainment)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.0.68 - MSI)
MSI Intel Extreme Tuning Utility (HKLM-x32\...\{2301bb34-385a-4a57-877f-c54347957fad}) (Version: 4.0.6.305 - Intel Corporation)
MSI Intel Extreme Tuning Utility (x32 Version: 4.0.6.305 - Intel Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-2970249747-3589578324-968742033-1000\...\MusicManager) (Version:  - Google, Inc.)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NieR:Automata™ (HKLM\...\Steam App 524220) (Version:  - Square Enix)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.92 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2127 - Microsoft Corporation) Hidden
Okhlos (HKLM\...\Steam App 400180) (Version:  - Coffee Powered Machine)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.2.1.38915 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.103.44.0 - Overwolf Ltd.)
Oxenfree (HKLM-x32\...\Steam App 388880) (Version:  - Night School Studio)
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.39.1040 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.39.1040 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.39.1040 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.39.1040 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7806 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Road to Ballhalla (HKLM\...\Steam App 425410) (Version:  - Torched Hill)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
RPG Maker XP (HKLM-x32\...\Steam App 235900) (Version:  - Degica)
Rust (HKLM\...\Steam App 252490) (Version:  - Facepunch Studios)
Savage Lands (HKLM\...\Steam App 307880) (Version:  - Signal Studios)
ScpToolkit (HKLM\...\{AC052048-9828-45E3-872B-04CE30A3B58B}) (Version: 1.6.238.16010 - Nefarius Software Solutions)
Shadow Tactics: Blades of the Shogun (HKLM\...\Steam App 418240) (Version:  - Mimimi Productions)
Shadowrun: Dragonfall - Director's Cut (HKLM-x32\...\Steam App 300550) (Version:  - Harebrained Schemes)
Shelter 2 (HKLM\...\Steam App 275100) (Version:  - Might and Delight)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
Soldat 1.7.0 (HKLM-x32\...\Soldat_is1) (Version: 1.7.0 - Michal Marcinkowski)
SOMA (HKLM\...\Steam App 282140) (Version:  - Frictional Games)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Speech Support (HKLM-x32\...\Speech Support) (Version:  - LEC)
Spotify (HKU\S-1-5-21-2970249747-3589578324-968742033-1000\...\Spotify) (Version: 1.0.48.103.g15edf1ec - Spotify AB)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Stealth Inc 2 (HKLM-x32\...\Steam App 329380) (Version:  - Carbon)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Teeworlds (HKLM-x32\...\Steam App 380840) (Version:  - Teeworlds Team)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Flame in the Flood (HKLM\...\Steam App 318600) (Version:  - The Molasses Flood)
The Legend of Heroes: Trails in the Sky (HKLM-x32\...\Steam App 251150) (Version:  - Nihon Falcom)
The Ship (HKLM-x32\...\Steam App 2400) (Version:  - Outerlight Ltd.)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.25.136.1020 - Electronic Arts Inc.)
The Talos Principle (HKLM-x32\...\Steam App 257510) (Version:  - Croteam)
Titan Quest Anniversary Edition (HKLM\...\Steam App 475150) (Version:  - Iron Lore Entertainment)
Titan Souls (HKLM\...\Steam App 297130) (Version:  - Acid Nerve)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Town of Salem (HKLM\...\Steam App 334230) (Version:  - BlankMediaGames)
TP-LINK TL-WN881ND Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Twitch Launcher (HKLM-x32\...\Twitch Launcher 1.0.0) (Version: 1.0.0 - Twitch)
Undertale (HKLM-x32\...\Steam App 391540) (Version:  - tobyfox)
Unity Web Player (HKU\S-1-5-21-2970249747-3589578324-968742033-1000\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Victor Vran (HKLM-x32\...\Steam App 345180) (Version:  - Haemimont Games)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Warhammer: End Times - Vermintide (HKLM\...\Steam App 235540) (Version:  - Fatshark)
WinDirStat 1.1.2 (HKU\S-1-5-21-2970249747-3589578324-968742033-1000\...\WinDirStat) (Version:  - )
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.11 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)
XCOM 2 (HKLM\...\Steam App 268500) (Version:  - Firaxis)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2970249747-3589578324-968742033-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\andwong88\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B96E53D-7C59-4A09-A9BB-6E33A9C83CD4} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2970249747-3589578324-968742033-1000UA => C:\Users\andwong88\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {0F7A2137-FF28-45DF-9170-E73FF552DE0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {0FFF9DC7-0A45-4836-9F2F-9C08A9955387} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {14154FF6-7056-4B38-809C-CE2CBD845726} - System32\Tasks\{3F76C1E2-BC3B-4DA6-9F34-D6228B637D1E} => pcalua.exe -a D:\Downloads\msicuu2.exe -d D:\Downloads
Task: {22FCCA97-E2FE-4CBD-A72A-EE31090F95B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-04-04] (Microsoft Corporation)
Task: {260F54BF-5E39-46C2-8533-9CC722462AC9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {27B723FD-56C1-4E91-81DB-9CC5014AD550} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {32ED3B5F-9626-448B-8CEB-373222EEEC9E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {4244C636-7584-41DA-8151-B480518FC930} - System32\Tasks\EVGAPrecision => D:\Program Files\EVGA Precision X\EVGAPrecision.exe 
Task: {499E2559-FC5F-49E1-A4DB-CA6A3DDC5CB6} - System32\Tasks\RTSS => D:\Program Files\RivaTuner Statistics Server\RTSS.exe 
Task: {52ED9EF6-DAFF-4F16-878E-28FC84159B23} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2970249747-3589578324-968742033-1000Core => C:\Users\andwong88\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-07] (Dropbox, Inc.)
Task: {5AE6C377-4C27-4F4A-97E0-4856C8153C44} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-03] (Microsoft Corporation)
Task: {5AFFE92C-1814-4AB2-BA18-AC1CC2C85C1D} - System32\Tasks\updater => D:\Program Files\SCP Toolkit\ScpUpdater.exe [2016-01-10] (Nefarius Software Solutions)
Task: {5BE5F179-9175-48AD-AD2D-42E8F0661418} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {60148FC4-C621-47DD-8444-7C7723488003} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {674FFF3B-35A2-47DB-902D-923477E7E299} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-03] (Microsoft Corporation)
Task: {68944BAB-51A5-4954-8903-615A553CADC7} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe 
Task: {698FD554-AF99-4C44-B802-48491B502585} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-04-04] (Microsoft Corporation)
Task: {6A56B2E6-FAE6-4F42-9444-27FC287894BD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-11] (Adobe Systems Incorporated)
Task: {7363B067-3E4C-4A0A-85EC-A1BB086E91B9} - \LuckyTab -> No File <==== ATTENTION
Task: {75073286-652B-4D7E-8296-610BF2BC9311} - System32\Tasks\{73B4D5CB-5A24-426B-863B-39C780E62C54} => pcalua.exe -a F:\menu.exe -d F:\
Task: {75845DE4-87E6-4860-B52B-88824570DEBD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-04-04] (Microsoft Corporation)
Task: {7E422749-271C-4F5B-8CB0-35E11A80B91B} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7FAA5DD3-8E22-4C02-96C0-767E67068AE3} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {81F0E365-AE27-4F00-B385-270B0946A312} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2970249747-3589578324-968742033-1000UA => C:\Users\andwong88\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-26] (Google Inc.)
Task: {95F8E823-ACA2-4950-A1F3-0F767A33A574} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2970249747-3589578324-968742033-1000Core => C:\Users\andwong88\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-26] (Google Inc.)
Task: {A1914799-A333-4D53-B709-A708B1F31139} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {A4646C5E-4927-4142-A549-5CE244B6CCF2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {BCE59B73-6F8B-4F3B-B22A-1608EF811EDF} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C767A931-742B-488B-8FA2-6875F8DDEEA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {CD217B76-8F36-46E2-A2F6-6D4A093DB955} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {DD27F774-D1A2-4B50-8323-11B287ACFAD3} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-03-21] (Overwolf LTD)
Task: {E1FFD6D9-5582-4C9B-BB7A-33D437587480} - System32\Tasks\{F0AC70A9-BA73-4464-A424-5A3DC37CAF8E} => pcalua.exe -a "D:\Program Files\Steam\SteamApps\common\L.A.Noire\3rd\vcredist_x86.exe" -d "D:\Program Files\Steam\SteamApps\common\L.A.Noire\3rd"
Task: {ECF3C63C-9EA8-42BB-9CB0-24BDD11B14BD} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {ED938B63-F086-493F-AF28-F9BD3187EDC8} - System32\Tasks\{44E9DE53-9121-4998-9113-C026BF077175} => pcalua.exe -a D:\Desktop\BnS_Lite_Installer.exe -d D:\Desktop
Task: {F9A7D29A-0D88-47E1-8C75-BC3E1B976808} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {FE957978-3D42-4D8C-9B34-BC16C6F32857} - System32\Tasks\{558D5A6E-DD21-4941-87EF-B13D1FC9B548} => pcalua.exe -a "D:\Program Files\Steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "D:\Program Files\Steam\steamapps\common\Left 4 Dead 2" -c /register
Task: {FEA97A92-67A7-4EEF-A9DC-7457F3DD06BF} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2970249747-3589578324-968742033-1000Core.job => C:\Users\andwong88\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2970249747-3589578324-968742033-1000UA.job => C:\Users\andwong88\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-21 17:42 - 2014-06-03 17:37 - 01990144 _____ () C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
2014-04-14 00:21 - 2015-06-03 17:23 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-12-21 18:45 - 2017-04-02 08:07 - 08923840 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2014-05-01 07:13 - 2014-05-01 07:13 - 00470016 _____ () C:\Users\andwong88\AppData\Local\MEGAsync\ShellExtX64.dll
2014-04-07 20:52 - 2012-11-01 11:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-04-07 20:52 - 2012-11-01 11:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2017-04-19 19:13 - 2017-04-19 19:13 - 03358336 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\LeagueClient.exe
2017-04-19 19:13 - 2017-04-19 19:13 - 01727104 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\LeagueClientUx.exe
2017-04-19 19:13 - 2017-04-19 19:13 - 01727104 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\LeagueClientUxRender.exe
2016-11-13 00:09 - 1999-12-31 17:00 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-12-21 18:45 - 2017-04-02 06:03 - 08923840 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2014-05-01 07:15 - 2014-05-01 07:15 - 00463360 _____ () C:\Users\andwong88\AppData\Local\MEGAsync\ShellExtX32.dll
2017-04-03 17:12 - 2017-03-28 19:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-03 17:12 - 2017-03-28 19:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2017-01-11 17:59 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\andwong88\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-11 17:59 - 2017-01-11 17:59 - 01082880 _____ () \\?\C:\Users\andwong88\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-11 17:59 - 2017-01-11 17:59 - 03750400 _____ () \\?\C:\Users\andwong88\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-11 17:59 - 2017-01-11 17:59 - 00914432 _____ () \\?\C:\Users\andwong88\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-11 17:59 - 2017-01-04 15:28 - 02278912 _____ () C:\Users\andwong88\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-11 17:59 - 2017-01-04 15:28 - 00096768 _____ () C:\Users\andwong88\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-04-19 18:18 - 2017-04-19 18:18 - 00148992 _____ () \\?\C:\Users\andwong88\AppData\Local\Temp\163F.tmp.node
2017-01-11 17:59 - 2017-01-11 17:59 - 02658304 _____ () \\?\C:\Users\andwong88\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-04-19 19:13 - 2017-04-19 19:13 - 00108672 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\zlib.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00099456 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\libnghttp2.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00128640 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\yaml.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 01387648 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-patcher\rcp-be-patcher.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00653816 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-rso-auth\rcp-be-rso-auth.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 01043448 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-login\rcp-be-lol-login.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00513016 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-platform-config\rcp-be-lol-platform-config.dll
2017-04-19 19:12 - 2017-04-05 17:11 - 00677504 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-summoner\rcp-be-lol-summoner.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00571384 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-ranked-stats\rcp-be-lol-ranked-stats.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00494072 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-maps\rcp-be-lol-maps.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00691840 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-game-queues\rcp-be-lol-game-queues.dll
2017-04-19 19:12 - 2017-04-05 17:11 - 00530560 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-player-preferences\rcp-be-lol-player-preferences.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00623232 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-game-settings\rcp-be-lol-game-settings.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00572032 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-settings\rcp-be-lol-settings.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00801920 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-gameflow\rcp-be-lol-gameflow.dll
2017-04-19 19:12 - 2017-04-05 17:11 - 00566912 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-sanitizer\rcp-be-sanitizer.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00552440 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-riot-messaging-service\rcp-be-lol-riot-messaging-service.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00537728 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-acs\rcp-be-lol-acs.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00538104 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-player-notifications\rcp-be-player-notifications.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00491136 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-loyalty\rcp-be-lol-loyalty.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 01032832 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-collections\rcp-be-lol-collections.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00488952 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-kr-shutdown-law\rcp-be-lol-kr-shutdown-law.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00922240 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-lobby-team-builder\rcp-be-lol-lobby-team-builder.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00585208 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-queue-eligibility\rcp-be-lol-queue-eligibility.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 01126016 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-lobby\rcp-be-lol-lobby.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00781440 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-champ-select-legacy\rcp-be-lol-champ-select-legacy.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00585856 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-champ-select\rcp-be-lol-champ-select.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00509944 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-spectator\rcp-be-lol-spectator.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 02459776 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-chat\rcp-be-lol-chat.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00180352 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\libexpat.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00489464 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-heartbeat\rcp-be-lol-heartbeat.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00512640 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-shutdown\rcp-be-lol-shutdown.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00872064 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-loot\rcp-be-lol-loot.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00465400 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-kickout\rcp-be-lol-kickout.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00481920 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-license-agreement\rcp-be-lol-license-agreement.dll
2017-04-19 19:12 - 2017-04-05 17:11 - 00706688 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-matchmaking\rcp-be-lol-matchmaking.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00473080 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-kr-playtime-reminder\rcp-be-lol-kr-playtime-reminder.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00483832 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-game-client-chat\rcp-be-lol-game-client-chat.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00527864 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-team-boosts\rcp-be-lol-team-boosts.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00729728 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-end-of-game\rcp-be-lol-end-of-game.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00516600 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-active-boosts\rcp-be-lol-active-boosts.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00542200 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-kudos\rcp-be-lol-kudos.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00588792 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-parties\rcp-be-lol-parties.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00796800 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-leagues\rcp-be-lol-leagues.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00584832 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-pft\rcp-be-lol-pft.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00620160 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-player-behavior\rcp-be-lol-player-behavior.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00598520 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-suggested-players\rcp-be-lol-suggested-players.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00523904 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-service-status\rcp-be-lol-service-status.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00550392 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-leaver-buster\rcp-be-lol-leaver-buster.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00655488 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-match-history\rcp-be-lol-match-history.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00700408 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-recofriender\rcp-be-recofriender.dll
2017-04-19 19:12 - 2017-04-05 17:11 - 00776320 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-clubs\rcp-be-lol-clubs.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00517112 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-clubs-public\rcp-be-lol-clubs-public.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00581248 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-esport-stream-notifications\rcp-be-lol-esport-stream-notifications.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00719488 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-replays\rcp-be-lol-replays.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00637056 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-store\rcp-be-lol-store.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00499192 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-player-level-up\rcp-be-lol-player-level-up.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00477176 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-tencent-qt\rcp-be-lol-tencent-qt.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00558720 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-beta-opt-in\rcp-be-lol-beta-opt-in.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00538104 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-player-messaging\rcp-be-lol-player-messaging.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00465536 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-user-experience\rcp-be-lol-user-experience.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00529536 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-simple-dialog-messages\rcp-be-lol-simple-dialog-messages.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00559232 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-lol-highlights\rcp-be-lol-highlights.dll
2017-04-19 19:12 - 2017-03-22 17:09 - 00482808 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\Plugins\rcp-be-network-testing\rcp-be-network-testing.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 55775872 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\libcef.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 01801344 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\libglesv2.dll
2017-04-19 19:13 - 2017-04-19 19:13 - 00022144 _____ () D:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.65\deploy\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2970249747-3589578324-968742033-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\andwong88\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Ds3Service => 2
MSCONFIG\Services: GalaxyClientService => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: HTCMonitorService => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LEC TranslateDotNet Server => 2
MSCONFIG\Services: MBAMService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: PingzapperSvc => 2
MSCONFIG\Services: Qualcomm Atheros Killer Service V2 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: vToolbarUpdater30.7.0 => 2
MSCONFIG\Services: XTU3SERVICE => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ScpToolkit Tray Notifications.lnk => C:\Windows\pss\ScpToolkit Tray Notifications.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Configuration Utility.lnk => C:\Windows\pss\TP-LINK Wireless Configuration Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^andwong88^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^andwong88^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 4630 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 4630 series.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Command Center => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "D:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: Dropbox Update => "C:\Users\andwong88\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: Eraser => "D:\Program Files (x86)\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: HP Officejet 4630 series (NET) => "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN4813957P05Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "D:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: MusicManager => "C:\Users\andwong88\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\andwong88\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6D5BFF01-CC1F-47F9-A6E0-8BB70E619C75}] => (Allow) C:\Program Files (x86)\Intel\Extreme Tuning Utility\Client\PerfTune.exe
FirewallRules: [{6F1721FA-6CFF-4934-A6B3-5FEFCC21BF45}] => (Allow) D:\Program Files\Steam\Steam.exe
FirewallRules: [{054DD98A-6B8A-4448-8BAF-B1194C34CED4}] => (Allow) D:\Program Files\Steam\Steam.exe
FirewallRules: [{96984A76-ED1D-4728-A2BF-22E5DBF012F0}] => (Allow) C:\Users\andwong88\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FF0E317D-1B8D-4094-801E-1569523D878E}] => (Allow) C:\Users\andwong88\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4B9522FF-A7F9-4799-A7BE-4A83BFE758D6}] => (Allow) D:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{AE074E49-EFC8-4EEB-9353-B1A2B6258421}] => (Allow) D:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{9E927FB4-A909-4A98-A888-AB24EFBE4471}] => (Allow) D:\Program Files\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{AC4B0B4A-682C-41E9-98A3-0EAB2E5C62CF}] => (Allow) D:\Program Files\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{78D18D92-A9D8-46F6-9CC3-0C8B4EBEE681}] => (Allow) D:\Program Files\Steam\SteamApps\common\Darksiders 2\Darksiders2.exe
FirewallRules: [{2387C542-3A24-49E4-A24C-6642DD01C15E}] => (Allow) D:\Program Files\Steam\SteamApps\common\Darksiders 2\Darksiders2.exe
FirewallRules: [{B267E5A7-6AEB-48A0-AB61-CEB2D1124518}] => (Allow) D:\Program Files\Diablo III\Diablo III.exe
FirewallRules: [{DBCFC10E-1814-4B6C-A012-4E969BE4B8B6}] => (Allow) D:\Program Files\Diablo III\Diablo III.exe
FirewallRules: [{CB498FB2-3D93-405F-9BB7-93CE830562B2}] => (Allow) D:\Program Files\Office15\lync.exe
FirewallRules: [{A4125FA5-DC7D-49E4-9246-5367AD535B8C}] => (Allow) D:\Program Files\Office15\lync.exe
FirewallRules: [{F4E03CE3-7C4C-4DDC-9B9E-2BC050203F4A}] => (Allow) D:\Program Files\Office15\UcMapi.exe
FirewallRules: [{CECD2347-0689-4455-9308-555F900298C8}] => (Allow) D:\Program Files\Office15\UcMapi.exe
FirewallRules: [{2C7CDDC3-7A1B-4782-9A9E-2DD4B95BDC1F}] => (Allow) D:\Program Files\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C6582345-0F08-4FA1-8831-CA0E6752921E}] => (Allow) D:\Program Files\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{2C073BE9-F245-4E51-836C-D2AA22EF279B}] => (Allow) D:\Program Files\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{FD7A727C-2632-4084-9B3E-38E9C10B47B1}] => (Allow) D:\Program Files\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{E0E191DE-699F-4055-B4E5-3924196597ED}] => (Allow) D:\Program Files\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{5A280AB7-9BA4-43CB-A991-F6203696A535}] => (Allow) D:\Program Files\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{9FA75D76-DA06-44A2-9144-77AD76D9E8A9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B9DCCC59-478A-4E12-A32B-C2725AA30B43}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{57AF1629-C2DE-4E3A-9227-6795FBE9AFBB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{68DFD54A-0125-4ABF-80B7-C5D1A7050C78}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{807B3AB9-47F7-4B0F-8226-9319DE6906A5}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{7F51E14B-590A-4097-8CBE-4D5E6D027ACA}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{4AC4F6C3-E8EF-4BA7-982A-D3967E72C725}] => (Allow) D:\Program Files\Steam\SteamApps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{8EDDF47F-A424-4CA8-BA95-7435074EB954}] => (Allow) D:\Program Files\Steam\SteamApps\common\RPGVXAce\RPGVXAce.exe
FirewallRules: [{5D16B446-CFCA-414A-92C0-E57C6176E6C0}] => (Allow) D:\Program Files\Steam\SteamApps\common\RPGXP\RPGXP.exe
FirewallRules: [{697867C1-8387-441A-BED4-207E4CBA3D6B}] => (Allow) D:\Program Files\Steam\SteamApps\common\RPGXP\RPGXP.exe
FirewallRules: [TCP Query User{88BF2DDA-8E1A-4DDA-8245-64ECBDE77979}D:\program files\tixati\tixati.exe] => (Allow) D:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{54799572-478F-4953-8FED-0B2B1B353724}D:\program files\tixati\tixati.exe] => (Allow) D:\program files\tixati\tixati.exe
FirewallRules: [{2526B9C7-EB90-453B-99EE-9F87BEB34450}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{37074CCF-6BB9-4F23-84CE-58D854B84E30}C:\users\andwong88\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\andwong88\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C92C6F27-5EDE-413C-AC9F-074568BF0AB0}C:\users\andwong88\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\andwong88\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{536EF34D-E1B8-4DCF-AAB0-1C154AF36D89}] => (Allow) D:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E634B270-F459-4FD2-A77F-97A5B4C058B8}] => (Allow) D:\Program Files\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{9F4815AF-E3F9-4D42-994C-2852F12CC371}] => (Allow) D:\Program Files\Steam\SteamApps\common\aceofspades\aos.exe
FirewallRules: [{5728C578-311D-43FA-8AD4-774159894BD7}] => (Allow) D:\Program Files\Steam\SteamApps\common\aceofspades\aos.exe
FirewallRules: [{150A1901-3296-455C-8F86-BEA4D460CF71}] => (Allow) D:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{FE8D46CA-79F4-4CDB-AC5D-C290ECD23EA5}] => (Allow) D:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{0CD49377-BA9D-4A4F-BF4C-9A04AF8962DE}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{AEB94D48-333F-4934-9991-3B881334A973}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{D28B86AD-9653-42CB-AC76-AEF1FBF98DE4}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{6E2DF597-EA7B-4653-9B2E-E8EACEFC1338}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
FirewallRules: [{16DC99A8-C993-43CC-974C-80AC8066ABC4}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
FirewallRules: [{9D01793C-59D8-45BB-BA08-ED9B681C53DE}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
FirewallRules: [{924BFA69-835D-4BFD-B2A8-19C4BAA09027}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
FirewallRules: [{E6971221-495B-4D35-8B82-79C76936B59D}] => (Allow) LPort=5357
FirewallRules: [{602CC39C-141C-46E1-9073-39E256EE9EBF}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8D9B9C51-163A-4F5D-AEEE-99809E7900E3}] => (Allow) D:\Program Files\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{5C1B86DD-40A1-4B49-A6C0-BFEC0EF00131}] => (Allow) D:\Program Files\Steam\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{CE2B3425-ACB8-401C-8648-29EAEB599013}] => (Allow) LPort=11100
FirewallRules: [{8DCD6E13-0E00-4CDF-9F39-5AD3BE699540}] => (Allow) LPort=11100
FirewallRules: [{1942D850-A177-4713-80BA-0DFD6213A04E}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{3F17C5AA-D17B-45EA-829D-C25C26B26DD7}] => (Allow) D:\Program Files\Steam\SteamApps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{48DE8D0F-D2D6-4C00-AB15-81FAA2E0EF69}] => (Allow) D:\Program Files\Steam\SteamApps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{855D3EF6-BAAA-4472-B517-E9F572CE47E7}] => (Allow) D:\Program Files\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FF728B8F-8E2B-4CE8-A406-A5E60563CBEB}] => (Allow) D:\Program Files\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [TCP Query User{97F053A7-4C04-43FC-BF61-BF58193A7D02}D:\program files\steam\steamapps\common\starbound\win32\starbound_server.exe] => (Block) D:\program files\steam\steamapps\common\starbound\win32\starbound_server.exe
FirewallRules: [UDP Query User{26B926EB-71DC-437F-94F9-5E46E5062C63}D:\program files\steam\steamapps\common\starbound\win32\starbound_server.exe] => (Block) D:\program files\steam\steamapps\common\starbound\win32\starbound_server.exe
FirewallRules: [{41DA9D9B-AC78-4E11-8F7D-0F843114C760}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A60F3109-0232-413B-B04E-AE71B5A73517}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4DA2C2EF-DAE7-4BC6-8385-FFC92DEA98A4}] => (Allow) D:\Program Files\Steam\SteamApps\common\Trails in the Sky FC\ed6_win.exe
FirewallRules: [{D8208122-E323-47A8-BF5D-B4252B5C1E34}] => (Allow) D:\Program Files\Steam\SteamApps\common\Trails in the Sky FC\ed6_win.exe
FirewallRules: [{B117E40C-D20C-4605-ADD3-65DADCD10C2B}] => (Allow) D:\Program Files\Steam\SteamApps\common\Trails in the Sky FC\Config.exe
FirewallRules: [{1F50CCAE-E951-424D-B2AA-282DD60E4380}] => (Allow) D:\Program Files\Steam\SteamApps\common\Trails in the Sky FC\Config.exe
FirewallRules: [{00A3F541-3EC1-4D08-9EB6-F6D480309802}] => (Allow) D:\Program Files\Steam\SteamApps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{D962C8B5-7FC6-474D-A2D6-9BBD9801EC12}] => (Allow) D:\Program Files\Steam\SteamApps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{EC92F468-245F-41E1-83A7-7CD121513B9D}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{A16FE1E2-4A85-40A4-BE44-D1B96BA93FFB}] => (Allow) D:\Program Files\Steam\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{41601844-5F32-469D-ACFB-AC7373D8E834}] => (Allow) D:\Program Files\Steam\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{C3A074BC-260D-44AA-8433-A08085EE0930}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{4A1FC8EF-1FE9-4FCB-89FD-98BBA6A72245}] => (Allow) D:\Program Files\Steam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{E7716389-7258-482C-B703-BED4449EF334}] => (Allow) D:\Program Files\Steam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{B29BA981-C017-4A21-B9D0-0D143EA0ED10}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{C3572692-D62B-4827-9C0A-02B47DD14268}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A868D62B-177F-491F-98DC-3FB2DFCBE32E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{491AFC35-B3F4-4DAB-A940-59F8213A5F09}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{911D5001-8883-4201-857B-F9571D41E6FF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C8000B55-9102-4DD6-813A-6C87D8E7F07D}] => (Allow) D:\Program Files\Steam\SteamApps\common\Bastion\Bastion.exe
FirewallRules: [{2C7A96E8-3FAA-4CD3-9B2C-F92E5DACD7B5}] => (Allow) D:\Program Files\Steam\SteamApps\common\Bastion\Bastion.exe
FirewallRules: [{CCE63DC7-43A0-410A-9FCB-276CD05ACC3A}] => (Allow) D:\Program Files\Steam\SteamApps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{0A115981-8834-45FF-BAB0-39710A2BAA8E}] => (Allow) D:\Program Files\Steam\SteamApps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{F2E0A421-F3D1-44CF-82AC-EDF8062372B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{4FA82117-8AC6-47B2-BA34-FDC792D827B3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A636D314-8B5F-46A6-BA9E-D7C35412A8D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6D06C940-0AAD-4CF9-A9FB-8442755F4C60}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A1FDB415-8042-49EB-B875-86D4ACA065CF}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{24E7468D-CC33-4BAA-848A-8FA4B7880D5A}] => (Allow) D:\Program Files\Steam\SteamApps\common\Stealth Inc 2\settings\settings.exe
FirewallRules: [{DA53252C-8DE8-4139-9196-81B4F46BECD4}] => (Allow) D:\Program Files\Steam\SteamApps\common\Stealth Inc 2\settings\settings.exe
FirewallRules: [{A3BD04E1-A6E7-401D-B24F-48D1EFC79B08}] => (Allow) D:\Program Files\Steam\SteamApps\common\Aarklash Legacy\Aarklash.exe
FirewallRules: [{E68E7759-233A-45DF-9BAA-8BF4308AF2D1}] => (Allow) D:\Program Files\Steam\SteamApps\common\Aarklash Legacy\Aarklash.exe
FirewallRules: [{4BB89DEA-F04C-4E72-AEE1-DDA4723EB2A1}] => (Allow) D:\Program Files\Steam\SteamApps\common\Game of Thrones\Thrones.exe
FirewallRules: [{FCFF00B5-63EF-4F3C-8B4C-56A032B1D0FA}] => (Allow) D:\Program Files\Steam\SteamApps\common\Game of Thrones\Thrones.exe
FirewallRules: [{4C70056E-C1C3-4884-AA3B-24A9E1C4B9D6}] => (Allow) D:\Program Files\Steam\SteamApps\common\Teeworlds\teeworlds.exe
FirewallRules: [{D9541F75-3E93-4652-B460-B437E07B4ABE}] => (Allow) D:\Program Files\Steam\SteamApps\common\Teeworlds\teeworlds.exe
FirewallRules: [{899B1645-0F64-4283-8284-FDED45A06C6C}] => (Allow) D:\Program Files\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [{505381F4-E7D9-45E6-9B96-88F4F2187622}] => (Allow) D:\Program Files\Steam\SteamApps\common\Undertale\UNDERTALE.exe
FirewallRules: [{C416663B-1410-462A-8533-6E711D7790A1}] => (Allow) D:\Program Files\Steam\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{C947C4F7-03E8-474F-B29C-6BF396222BC9}] => (Allow) D:\Program Files\Steam\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{5B92AF74-5C84-4B35-A319-F7A39C482F5B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{35C460B3-F977-454F-8EB8-1ADADB6C20DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D423AD63-7564-4554-A866-6FBC974AC9E8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1BFDE4FA-BF67-4BAF-BAD8-6322663A768F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8AB6A407-5BB7-478E-9209-9268A46AB5E1}] => (Allow) D:\Program Files\Steam\SteamApps\common\The Ship\ship.exe
FirewallRules: [{84F385ED-5A12-4F67-8EBB-39F47B794CFD}] => (Allow) D:\Program Files\Steam\SteamApps\common\The Ship\ship.exe
FirewallRules: [{526F4B27-A6ED-4EF1-B235-FFF9A5D88878}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7278B232-6616-47CD-90EE-AFEFBE8E5D3A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{77E6F28A-575C-4AF4-945F-032C4D3C3DA2}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{F31BE81B-40A8-4A83-BEA9-7811373394AE}] => (Allow) D:\Program Files\Steam\SteamApps\common\LISA\mkxp\lisa.exe
FirewallRules: [{C719048A-155B-4288-9C12-37B2C1269FDB}] => (Allow) D:\Program Files\Steam\SteamApps\common\LISA\mkxp\lisa.exe
FirewallRules: [{9160261C-DBE0-475F-A9EE-584891FCF25B}] => (Allow) D:\Program Files\Steam\SteamApps\common\LISA\Game.exe
FirewallRules: [{9B805273-2646-4AEB-9934-0EBF5A5DD657}] => (Allow) D:\Program Files\Steam\SteamApps\common\LISA\Game.exe
FirewallRules: [{5A5DD1DE-5774-4030-9B77-A9757256E237}] => (Allow) D:\Program Files\Steam\SteamApps\common\LISA\mkxp\lisa.exe
FirewallRules: [{D22A6417-AAB6-4110-A72B-2726971DA1D2}] => (Allow) D:\Program Files\Steam\SteamApps\common\LISA\mkxp\lisa.exe
FirewallRules: [{A95B4C6A-83A8-4DBE-9C49-5774B998D92C}] => (Allow) D:\Program Files\Steam\SteamApps\common\Dungeon of the Endless\DungeonoftheEndless.exe
FirewallRules: [{2D7184B3-78E1-435A-9894-D9ECD0EF4E5B}] => (Allow) D:\Program Files\Steam\SteamApps\common\Dungeon of the Endless\DungeonoftheEndless.exe
FirewallRules: [{13E17F30-62E5-4234-980C-0D7FF88759AF}] => (Allow) D:\Program Files\Steam\SteamApps\common\Victor Vran\VictorVranSteam.exe
FirewallRules: [{C65DFC06-9749-4C74-A49E-4C039971E8FC}] => (Allow) D:\Program Files\Steam\SteamApps\common\Victor Vran\VictorVranSteam.exe
FirewallRules: [{8FD620AA-595D-45CA-BA06-607BDC61D924}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{7E605718-BF53-45D8-972E-016DD7AAAF75}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B0C5B6B0-F029-4928-9A12-3DFB059FB596}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A9D5F8AA-E52B-4EAB-B446-8B1BD167E9C7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{00F3174E-DA85-4C74-9B3D-D0FD87BA01DA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0549B9DF-89BD-49E7-BE8F-E8161328579B}] => (Allow) D:\Program Files\Steam\SteamApps\common\Agarest Zero\AgarestZero.exe
FirewallRules: [{DD7DE5A9-2CBC-4F55-91E4-D1679206F6C8}] => (Allow) D:\Program Files\Steam\SteamApps\common\Agarest Zero\AgarestZero.exe
FirewallRules: [{3BF6CE04-1A0E-43AB-907F-49F8E378817E}] => (Allow) D:\Program Files\Steam\SteamApps\common\Oxenfree\Oxenfree.exe
FirewallRules: [{B3E6AC46-6FEB-4949-8D85-44182BEC73DC}] => (Allow) D:\Program Files\Steam\SteamApps\common\Oxenfree\Oxenfree.exe
FirewallRules: [{B8579000-145A-4545-A71F-66F77E56A6AD}] => (Allow) D:\Program Files\Steam\SteamApps\common\Iron Snout\IronSnout.exe
FirewallRules: [{69CF4C35-418F-42EA-A10F-DD8FAD5B7B6E}] => (Allow) D:\Program Files\Steam\SteamApps\common\Iron Snout\IronSnout.exe
FirewallRules: [{8CFFA881-3545-49BC-B6AA-0796063E835F}] => (Allow) D:\Program Files\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{FFE8C1B7-BE1A-442F-87FD-DDD2DF4D79F5}] => (Allow) D:\Program Files\Steam\SteamApps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{00EB2539-0C78-4473-A73A-E44325113182}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{CD22CC95-D704-4C92-BDDE-816EA4AFCA5D}] => (Allow) D:\Program Files\Steam\SteamApps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{04C9F8F2-D9BF-498E-A59A-2287C3C5B9DD}] => (Allow) D:\Program Files\Steam\SteamApps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{B7EE2442-3E9C-4E4D-BD5D-276252776B04}] => (Allow) D:\Program Files\Steam\SteamApps\common\Barony\barony.exe
FirewallRules: [{EC6128CC-A490-4A5C-8F28-7FC951890CB4}] => (Allow) D:\Program Files\Steam\SteamApps\common\Barony\barony.exe
FirewallRules: [{C13DD447-3C45-4398-A04A-4B6A02F791F3}] => (Allow) D:\Program Files\Steam\SteamApps\common\Barony\editor.exe
FirewallRules: [{541EC14A-4277-4CB7-A940-F96180DFC510}] => (Allow) D:\Program Files\Steam\SteamApps\common\Barony\editor.exe
FirewallRules: [{6BAA5650-DD5C-4BBD-B8AA-32458A44E4B6}] => (Allow) D:\Program Files\Steam\SteamApps\common\DDDA\DDDA.exe
FirewallRules: [{9939559B-CDFB-4078-B239-589103343C20}] => (Allow) D:\Program Files\Steam\SteamApps\common\DDDA\DDDA.exe
FirewallRules: [{7A13909C-E8B7-40A1-8C13-1BE128827AD5}] => (Allow) D:\Program Files\Steam\SteamApps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{3A966E30-2CAC-4D6A-A982-76C1E974DAF2}] => (Allow) D:\Program Files\Steam\SteamApps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{C263579E-E95B-4F39-8D87-FCDB657AFC73}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{BF5B70EB-2D8C-4AD9-8B5F-F681DAE26884}] => (Allow) D:\Program Files\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{1915709E-3C1C-4AB9-B460-CA3765DE86CC}] => (Allow) D:\Program Files\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{A7CDDB2E-FCF4-449D-B169-F52B9148B6BA}] => (Allow) D:\Program Files\Steam\SteamApps\common\DEADBOLT\deadbolt_game.exe
FirewallRules: [{065B4E68-CFB2-4E86-8DA4-EE282B68CCC0}] => (Allow) D:\Program Files\Steam\SteamApps\common\DEADBOLT\deadbolt_game.exe
FirewallRules: [{C095F5DF-9325-43AC-8DD4-D92AC4DE5FC2}] => (Allow) D:\Program Files\Steam\SteamApps\common\Circuits\Composer\Composer.exe
FirewallRules: [{1A8EA72F-3B8A-4E3F-A98F-CE441949C14A}] => (Allow) D:\Program Files\Steam\SteamApps\common\Circuits\Composer\Composer.exe
FirewallRules: [{B1A192EC-4EC4-4559-8B61-76019207F25F}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{91B1C004-FADF-4E7E-ABE6-705E19334C6E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{18C4647A-A9D9-4FC2-83A2-D0183BDE8947}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{7276D472-2E5C-40B8-94B3-18EA24D825FA}] => (Allow) D:\Program Files\Steam\SteamApps\common\Rust\Rust.exe
FirewallRules: [{7C0AEFB2-C9D8-42A1-BD1A-D2FEB8C6E4BC}] => (Allow) D:\Program Files\Steam\SteamApps\common\Rust\Rust.exe
FirewallRules: [{3CB50577-5B7A-47A4-966A-A8177DD8785B}] => (Allow) D:\Program Files\Steam\SteamApps\common\Savage Lands\SavageLands.exe
FirewallRules: [{C269160E-120D-4717-8220-D872C6412183}] => (Allow) D:\Program Files\Steam\SteamApps\common\Savage Lands\SavageLands.exe
FirewallRules: [{62537EDB-FF4A-43DD-8616-4D318BCD951B}] => (Allow) D:\Program Files\Steam\SteamApps\common\SOMA\Soma.exe
FirewallRules: [{0DF96B33-315C-4459-B0F4-902D0199575B}] => (Allow) D:\Program Files\Steam\SteamApps\common\SOMA\Soma.exe
FirewallRules: [{187B6EB3-5370-44AB-92AA-F2BDFF1D2DB1}] => (Allow) D:\Program Files\Steam\SteamApps\common\SOMA\ModLauncher.exe
FirewallRules: [{D03C36D3-9AA7-4282-B279-FBE95F36981D}] => (Allow) D:\Program Files\Steam\SteamApps\common\SOMA\ModLauncher.exe
FirewallRules: [{2CC23261-6A5E-4790-B939-3F6EBCCDF905}] => (Allow) D:\Program Files\Steam\SteamApps\common\Shelter2\Shelter2.exe
FirewallRules: [{5F360D48-DE9E-4C97-A2C1-6F06BAF1978A}] => (Allow) D:\Program Files\Steam\SteamApps\common\Shelter2\Shelter2.exe
FirewallRules: [{0944576C-67AC-441E-97EA-B8365D24E1C8}] => (Allow) C:\Program Files (x86)\Mr DJ\Crusader Kings II\CK2game.exe
FirewallRules: [{F42EE287-6615-4B38-84F1-2815FB46B82F}] => (Allow) C:\Program Files (x86)\Mr DJ\Crusader Kings II\CK2game.exe
FirewallRules: [{FD364ABC-1980-44AF-B990-ACCB555E2BC6}] => (Allow) D:\Program Files\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{B22A137C-5A6E-475B-8C60-2B2863277FD3}] => (Allow) D:\Program Files\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{600A4B21-8F79-4816-9E09-0438FF534F75}] => (Allow) D:\Program Files\Steam\SteamApps\common\Savage Resurrection\Savage\Binaries\Win64\Savage-Win64-Shipping.exe
FirewallRules: [{1CD68DEE-1C3D-45C9-9409-8F00943E8D58}] => (Allow) D:\Program Files\Steam\SteamApps\common\Savage Resurrection\Savage\Binaries\Win64\Savage-Win64-Shipping.exe
FirewallRules: [{890E5EBF-19C3-4E39-8557-80227958B275}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{A56A5054-EE29-45FE-8EF5-4EA3D6C0D0A9}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{B7A1A4D7-E053-45E0-B109-E21CE38E133C}] => (Allow) D:\Program Files\Steam\SteamApps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{15F6E545-605B-4DFD-AB72-DFD6C8980080}] => (Allow) D:\Program Files\Steam\SteamApps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{54F2E87C-6DDB-44C4-9940-6D6F0BE5FDFE}] => (Allow) D:\Program Files\Steam\SteamApps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{970CDF2A-6895-44C6-B547-27E3DB98F017}] => (Allow) D:\Program Files\Steam\SteamApps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{8C4F3B4D-FC7A-4339-A8B1-BF1F9F456792}] => (Allow) D:\Program Files\Steam\SteamApps\common\Titan Quest Anniversary Edition\TQ.exe
FirewallRules: [{2A194A0E-622E-49FF-8B4A-DA36E5E5005A}] => (Allow) D:\Program Files\Steam\SteamApps\common\Titan Quest Anniversary Edition\TQ.exe
FirewallRules: [{B81A0D68-DE70-4876-B91B-5DA453F920CD}] => (Allow) D:\Program Files\Steam\SteamApps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe
FirewallRules: [{01464187-DF9A-4B66-AA95-319F834E9249}] => (Allow) D:\Program Files\Steam\SteamApps\common\Titan Quest Anniversary Edition\WorkshopTool\TQWorkshopTool.exe
FirewallRules: [{19114949-50DC-4169-9157-6698562FD90E}] => (Allow) D:\Program Files\Steam\SteamApps\common\Deus Ex - Human Revolution\dxhr.exe
FirewallRules: [{64C29139-EE09-4726-BDAB-B2AE3F56D7DE}] => (Allow) D:\Program Files\Steam\SteamApps\common\Deus Ex - Human Revolution\dxhr.exe
FirewallRules: [{B15EE2C2-3B09-44BC-A5B0-D4E682E98FF6}] => (Allow) D:\Program Files\Steam\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{12657353-49E5-4F6A-A27C-B9323B0D608D}] => (Allow) D:\Program Files\Steam\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{C8CA7F78-C6E6-4E04-95F4-4500173369D1}] => (Allow) D:\Program Files\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{5AAC9EB9-5DD8-4455-9380-0CFDD235EB94}] => (Allow) D:\Program Files\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{35D74073-F3A8-4BC7-AAE2-1439935D3733}] => (Allow) D:\Program Files\Steam\SteamApps\common\tbs2\win32\The Banner Saga 2.exe
FirewallRules: [{FF9B5C40-701C-40B0-B285-2A97EE5E39A2}] => (Allow) D:\Program Files\Steam\SteamApps\common\tbs2\win32\The Banner Saga 2.exe
FirewallRules: [{720916F6-A801-416A-B004-4FE3D652AEE8}] => (Allow) D:\Program Files\Steam\SteamApps\common\Ember\Ember.exe
FirewallRules: [{477CB123-EC02-4D42-B5A2-1CCE99308842}] => (Allow) D:\Program Files\Steam\SteamApps\common\Ember\Ember.exe
FirewallRules: [{F42EF274-8569-4EFA-BFE8-6B89461C11DF}] => (Allow) D:\Program Files\Steam\SteamApps\common\Mad Max\MadMax.exe
FirewallRules: [{6EBD7CBA-FB1B-46D9-8CD7-BEB27535F6A3}] => (Allow) D:\Program Files\Steam\SteamApps\common\Mad Max\MadMax.exe
FirewallRules: [{E51A8582-0EAB-48EC-92B9-54D73F197ABB}] => (Allow) D:\Program Files\Steam\SteamApps\common\Starbound\win64\starbound.exe
FirewallRules: [{6DB7538B-50A8-4220-9B88-A91759EA5391}] => (Allow) D:\Program Files\Steam\SteamApps\common\Starbound\win64\starbound.exe
FirewallRules: [{E05B8DF2-B58D-4BAC-8C83-B179A28C2F51}] => (Allow) D:\Program Files\Steam\SteamApps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{DDA56C27-15F1-4CB6-B0F0-52F5BAC4EA5D}] => (Allow) D:\Program Files\Steam\SteamApps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{3D8AB36A-A5C3-4F19-86D0-90981BD25CE4}] => (Allow) D:\Program Files\Steam\SteamApps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{0E0E7082-CEB9-4B9E-A20A-B887C2CF7D63}] => (Allow) D:\Program Files\Steam\SteamApps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{9FFD964A-B345-4679-B350-C357385D2729}] => (Allow) D:\Program Files\Steam\SteamApps\common\Starbound\win32\starbound.exe
FirewallRules: [{B06FF1B8-556D-4508-9B14-9BB818D5C4E9}] => (Allow) D:\Program Files\Steam\SteamApps\common\Starbound\win32\starbound.exe
FirewallRules: [TCP Query User{553B44DA-1E59-490E-A8BD-7BBF1768651E}D:\program files\diablo iii\overwatch\overwatch.exe] => (Allow) D:\program files\diablo iii\overwatch\overwatch.exe
FirewallRules: [UDP Query User{A9286469-0289-4E2A-A693-F32C3DD53977}D:\program files\diablo iii\overwatch\overwatch.exe] => (Allow) D:\program files\diablo iii\overwatch\overwatch.exe
FirewallRules: [{82295532-2435-463B-83B5-DCB9DE4FF917}] => (Allow) D:\Program Files\Steam\SteamApps\common\Metronomicon\Metronomicon\Metronomicon.exe
FirewallRules: [{A305BC9E-BC91-456B-AD7B-84E555CFF899}] => (Allow) D:\Program Files\Steam\SteamApps\common\Metronomicon\Metronomicon\Metronomicon.exe
FirewallRules: [{B0DCA539-48F1-4B2F-8BAF-CC693EA5564A}] => (Allow) D:\Program Files\Steam\SteamApps\common\Road to Ballhalla\Game\RoadToBallhallaUE4.exe
FirewallRules: [{F47F57EE-B03A-461F-97D1-4EE5D7035DB5}] => (Allow) D:\Program Files\Steam\SteamApps\common\Road to Ballhalla\Game\RoadToBallhallaUE4.exe
FirewallRules: [{173741CB-7223-4F1C-ADE4-19DB9BC3C4CD}] => (Allow) D:\Program Files\Steam\SteamApps\common\Road to Ballhalla\Editor\rtbtiled.exe
FirewallRules: [{17D02B1A-2347-4F54-A491-F743FE519BED}] => (Allow) D:\Program Files\Steam\SteamApps\common\Road to Ballhalla\Editor\rtbtiled.exe
FirewallRules: [TCP Query User{2F532613-5253-4F6E-91C8-D2581B685A20}D:\program files\steam\steamapps\common\smash+grab\ufgruntime.exe] => (Allow) D:\program files\steam\steamapps\common\smash+grab\ufgruntime.exe
FirewallRules: [UDP Query User{A17D81DE-7AC7-46FD-A1D4-25B9F3E8E387}D:\program files\steam\steamapps\common\smash+grab\ufgruntime.exe] => (Allow) D:\program files\steam\steamapps\common\smash+grab\ufgruntime.exe
FirewallRules: [{F42D1D76-7C03-40AC-9BE2-18A4BD595ACA}] => (Allow) D:\Program Files\Steam\SteamApps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe
FirewallRules: [{FC094F49-69D0-45C0-B2DA-D086C1B5FE4E}] => (Allow) D:\Program Files\Steam\SteamApps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe
FirewallRules: [{D86526EF-F9A4-46D8-9A35-B24BB9ED9090}] => (Allow) D:\Program Files\Steam\SteamApps\common\ChromaSquad\chromasquad.exe
FirewallRules: [{BA8E5242-C382-42DF-B7B5-2C218AD253DB}] => (Allow) D:\Program Files\Steam\SteamApps\common\ChromaSquad\chromasquad.exe
FirewallRules: [{A5312BE2-DAA8-46DE-8A70-6043F632EC61}] => (Allow) D:\Program Files\Steam\SteamApps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{EE70E568-C976-4D7E-8254-69F4E776D5AF}] => (Allow) D:\Program Files\Steam\SteamApps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{95CC0391-49D2-4613-A32C-197479510AC1}] => (Allow) D:\Program Files\Steam\SteamApps\common\Titan Souls\TITAN.exe
FirewallRules: [{CC546682-FD3B-4B3B-A098-32C1EBAC872A}] => (Allow) D:\Program Files\Steam\SteamApps\common\Titan Souls\TITAN.exe
FirewallRules: [{7A0A5F9B-C7A5-4F53-801C-54F99CE08275}] => (Allow) D:\Program Files\Steam\SteamApps\common\Teeworlds\tw\teeworlds.exe
FirewallRules: [{515BDF63-062B-4316-B7BE-14B487721719}] => (Allow) D:\Program Files\Steam\SteamApps\common\Teeworlds\tw\teeworlds.exe
FirewallRules: [{059F0575-D717-4EDC-8359-A5B93E048F3C}] => (Allow) D:\Program Files\Steam\SteamApps\common\Awesomenauts\Beta\AwesomenautsLauncher.exe
FirewallRules: [{D5CA2C1D-B681-4FCB-8D24-C487C52477ED}] => (Allow) D:\Program Files\Steam\SteamApps\common\Awesomenauts\Beta\AwesomenautsLauncher.exe
FirewallRules: [{3E259527-A163-4D70-8D81-429DAE0B55E0}] => (Allow) D:\Program Files\Steam\SteamApps\common\Hitman™\Launcher.exe
FirewallRules: [{EAD8A11A-18F8-46DC-BBEB-A5EEC14E3276}] => (Allow) D:\Program Files\Steam\SteamApps\common\Hitman™\Launcher.exe
FirewallRules: [{57C739BA-7132-4420-828B-F18CCA2E9497}] => (Allow) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{780E858D-08AB-4F14-8078-CA4E3CA8F9B3}] => (Allow) D:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EDB34134-52BA-4DBA-A509-D8F98B0CECD5}] => (Allow) D:\Program Files\Steam\SteamApps\common\Hacknet\Hacknet.exe
FirewallRules: [{A45228C5-BF1A-465D-8FEE-402C8E158EE1}] => (Allow) D:\Program Files\Steam\SteamApps\common\Hacknet\Hacknet.exe
FirewallRules: [{35C9FEC3-D6D7-4DA8-8AAE-7890266E6C89}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F3F0AF10-DB3C-475B-9B57-738C329C430F}] => (Allow) D:\Program Files\Steam\SteamApps\common\Shadow Tactics\Shadow Tactics.exe
FirewallRules: [{477175AE-591E-4DE4-B4E4-3D6ACA18C30D}] => (Allow) D:\Program Files\Steam\SteamApps\common\Shadow Tactics\Shadow Tactics.exe
FirewallRules: [{25D7EEFF-A2A2-43E5-8B43-B8911D49C28B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{7C8FABD1-DE8D-470A-8358-8D6E848577B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{04D148C6-CE58-4A5B-901F-8140E716A349}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{79A6031D-840B-4B8C-9265-D76546C4EA66}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{BF726426-B89A-40D6-B990-AE0E1CD29F42}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{520AA885-5730-4ED3-95A4-415A0F5183C8}] => (Allow) D:\Program Files\Steam\SteamApps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{73B780D3-CACC-45D2-A9CC-94957DE52031}] => (Allow) D:\Program Files\Steam\SteamApps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [TCP Query User{8BE398F0-8EC7-4475-899F-99E1D84E80DD}C:\users\andwong88\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andwong88\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{14854E99-93DE-47C9-8456-392A85F7DF88}C:\users\andwong88\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andwong88\appdata\roaming\spotify\spotify.exe
FirewallRules: [{306F4AB0-AEEB-41E9-A1C6-DE844FF6DEEA}] => (Allow) D:\Program Files\Steam\SteamApps\common\FlameInTheFlood\RiverGame.exe
FirewallRules: [{DF4A87F8-6B87-4705-9825-463D1EF3B633}] => (Allow) D:\Program Files\Steam\SteamApps\common\FlameInTheFlood\RiverGame.exe
FirewallRules: [{687A8E0D-3B90-48BB-BBB5-9E83EC466DC9}] => (Allow) D:\Program Files\Steam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{F2599CAE-9AA6-41C2-9A54-44962E3E506F}] => (Allow) D:\Program Files\Steam\SteamApps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{26245A5C-C145-456B-A32C-F4241DF5E5D7}] => (Allow) D:\Program Files\Steam\SteamApps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{8C404999-CD21-47FF-A473-02B463927DD2}] => (Allow) D:\Program Files\Steam\SteamApps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{95596490-B02D-4AAA-88E8-78B09F245332}] => (Allow) D:\Program Files\Steam\SteamApps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{8924F515-1178-4F83-A717-0ED40575AE54}] => (Allow) D:\Program Files\Steam\SteamApps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{E73D4653-9BEB-4A33-916B-BAE95048A876}] => (Allow) D:\Program Files\Steam\SteamApps\common\Okhlos\Okhlos.exe
FirewallRules: [{EB162D79-F846-4C98-B272-612CE51F2FF3}] => (Allow) D:\Program Files\Steam\SteamApps\common\Okhlos\Okhlos.exe
FirewallRules: [TCP Query User{1646F8B8-65C2-4274-9349-50D7B31A97F9}D:\program files\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe] => (Allow) D:\program files\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe
FirewallRules: [UDP Query User{265DAE65-0F8A-4C09-A096-12EB92DDEE85}D:\program files\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe] => (Allow) D:\program files\steam\steamapps\common\abzu\abzugame\binaries\win64\abzugame-win64-shipping.exe
FirewallRules: [{59DC6139-6DE8-47AC-B937-89E7241AD959}] => (Allow) D:\Program Files\Steam\SteamApps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [{149FD3F1-B68C-414D-B1AA-FCF647F602EF}] => (Allow) D:\Program Files\Steam\SteamApps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [TCP Query User{C30597C6-C64E-4398-A79B-48F55B9B347C}D:\program files\steam\steamapps\common\flameintheflood\rivergame\binaries\win64\rivergame-win64-shipping.exe] => (Allow) D:\program files\steam\steamapps\common\flameintheflood\rivergame\binaries\win64\rivergame-win64-shipping.exe
FirewallRules: [UDP Query User{3EC04AEB-7B83-4178-92F9-60C775B51F9F}D:\program files\steam\steamapps\common\flameintheflood\rivergame\binaries\win64\rivergame-win64-shipping.exe] => (Allow) D:\program files\steam\steamapps\common\flameintheflood\rivergame\binaries\win64\rivergame-win64-shipping.exe
FirewallRules: [{D4FE3599-A5F1-4339-A01B-DFA04FD11B0D}] => (Allow) D:\Program Files\Steam\SteamApps\common\LISA\mkxp\lisa.exe
FirewallRules: [{0149F25E-6A71-49E5-8D17-C58E465AAD43}] => (Allow) D:\Program Files\Steam\SteamApps\common\LISA\mkxp\lisa.exe
FirewallRules: [{7FC2B1CE-E87E-4BA7-8719-EAA9F3B7B7B5}] => (Allow) D:\Program Files\Steam\SteamApps\common\LISA\JOYFUL\Game.exe
FirewallRules: [{2983C6FD-FA59-48F4-A2CD-9FBA09726576}] => (Allow) D:\Program Files\Steam\SteamApps\common\LISA\JOYFUL\Game.exe
FirewallRules: [{FF81672C-AD8D-4195-95B6-0BAC5E5211EA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{9D6767F3-32DF-4828-B04D-B9109CE0168B}] => (Allow) D:\Program Files\Steam\SteamApps\common\NieRAutomata\NieRAutomata.exe
FirewallRules: [{90EA5A01-1BAB-4C55-AF96-126F16A798A8}] => (Allow) D:\Program Files\Steam\SteamApps\common\NieRAutomata\NieRAutomata.exe
FirewallRules: [TCP Query User{69B29E87-F3C6-4616-AFAF-A671284C6088}D:\desktop\beat cop\beatcop.exe] => (Allow) D:\desktop\beat cop\beatcop.exe
FirewallRules: [UDP Query User{5E53F1F2-335D-44F5-A788-84E521A2B410}D:\desktop\beat cop\beatcop.exe] => (Allow) D:\desktop\beat cop\beatcop.exe
FirewallRules: [TCP Query User{C182035F-B2A6-4FF9-A88C-1DA0C672FA82}D:\program files\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\program files\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{3DC80C63-5629-4DD2-9A4B-05FA61371DF5}D:\program files\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\program files\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{DB6A46D0-348A-4DD6-99F3-498AFD165DC5}] => (Allow) D:\Program Files\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{068BA491-28CE-4840-A08A-D44F75F36C41}] => (Allow) D:\Program Files\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{010B12F4-FFB1-4931-8E92-112DF7B07E61}] => (Allow) D:\Program Files\Steam\SteamApps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{D9C00A12-BB3E-43FD-B161-43479B371459}] => (Allow) D:\Program Files\Steam\SteamApps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{D956FFE4-E3B2-4D31-A3F7-2677E2943255}] => (Allow) D:\Program Files\Steam\SteamApps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{CAEA0D64-EA5E-4C7B-B620-525CAD6CC9EB}] => (Allow) D:\Program Files\Steam\SteamApps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{08B731EE-93B9-4298-A844-321675A00D6B}] => (Allow) D:\Program Files\Steam\SteamApps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{B3E33949-25E8-422B-ABC3-1F8269C810F8}] => (Allow) D:\Program Files\Steam\SteamApps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{BB197B88-4532-4314-BDE0-A3FE1025AFDB}] => (Allow) D:\Program Files\Steam\SteamApps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{25F23DCF-15F9-4A99-BB1D-59F1B5F8B4C1}] => (Allow) D:\Program Files\Steam\SteamApps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{A9F16FDC-ECA8-4ED2-9D0A-09AB63195930}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
18-04-2017 18:03:09 Restore Operation
18-04-2017 19:19:29 Malwarebytes Anti-Rootkit Restore Point
18-04-2017 19:36:10 JRT Pre-Junkware Removal
19-04-2017 18:56:41 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/19/2017 05:01:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (04/19/2017 05:01:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (04/19/2017 05:01:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (04/19/2017 05:01:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (04/19/2017 04:59:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/19/2017 06:27:05 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (04/19/2017 06:15:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "m:\galaxyclient\games\grim dawn\crashreporter.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (04/19/2017 06:13:07 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/19/2017 06:10:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (04/19/2017 06:10:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
 
System errors:
=============
Error: (04/19/2017 04:57:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The STEC3 service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (04/19/2017 06:04:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The STEC3 service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (04/18/2017 08:48:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The STEC3 service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (04/18/2017 08:20:25 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error: (04/18/2017 08:20:23 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error: (04/18/2017 07:44:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The STEC3 service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (04/18/2017 07:43:30 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (04/18/2017 07:43:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/18/2017 07:43:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/18/2017 07:43:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 35%
Total physical RAM: 16327.95 MB
Available physical RAM: 10544.78 MB
Total Virtual: 32654.08 MB
Available Virtual: 27343.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:41.98 GB) NTFS
Drive d: (Orange) (Fixed) (Total:931.51 GB) (Free:169.37 GB) NTFS
Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive h: (Orange HQ) (Removable) (Total:7.48 GB) (Free:7.12 GB) NTFS
Drive m: (Blue) (Fixed) (Total:931.51 GB) (Free:879.39 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EA2C13F5)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 99AF0BA5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8505ABAF)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 20 April 2017 - 03:58 PM

There isn't much to remove anymore, but there's still stuff none-the-less :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

Attached Files


animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 andwong91

andwong91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 20 April 2017 - 07:46 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-04-2017
Ran by andwong88 (20-04-2017 17:40:46) Run:1
Running from D:\Desktop\Anti-Trojan Bomb\FRST
Loaded Profiles: andwong88 (Available Profiles: andwong88)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2970249747-3589578324-968742033-1000\...\Run: [GalaxyClient] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\andwong88\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\andwong88\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\andwong88\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll -> No File
GroupPolicy: Restriction <======= ATTENTION
 
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
 
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\tly9f72v.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\tly9f72v.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\tly9f72v.default -> hxxps://www.malwarebytes.org/restorebrowser/
 
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=875977&fr=yo-yhp-ch"
 
S1 nbhzpoir; \??\C:\Windows\system32\drivers\nbhzpoir.sys [X]
 
Task: {14154FF6-7056-4B38-809C-CE2CBD845726} - System32\Tasks\{3F76C1E2-BC3B-4DA6-9F34-D6228B637D1E} => pcalua.exe -a D:\Downloads\msicuu2.exe -d D:\Downloads
Task: {68944BAB-51A5-4954-8903-615A553CADC7} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe 
Task: {7363B067-3E4C-4A0A-85EC-A1BB086E91B9} - \LuckyTab -> No File <==== ATTENTION
Task: {75073286-652B-4D7E-8296-610BF2BC9311} - System32\Tasks\{73B4D5CB-5A24-426B-863B-39C780E62C54} => pcalua.exe -a F:\menu.exe -d F:\
Task: {E1FFD6D9-5582-4C9B-BB7A-33D437587480} - System32\Tasks\{F0AC70A9-BA73-4464-A424-5A3DC37CAF8E} => pcalua.exe -a "D:\Program Files\Steam\SteamApps\common\L.A.Noire\3rd\vcredist_x86.exe" -d "D:\Program Files\Steam\SteamApps\common\L.A.Noire\3rd"
Task: {ED938B63-F086-493F-AF28-F9BD3187EDC8} - System32\Tasks\{44E9DE53-9121-4998-9113-C026BF077175} => pcalua.exe -a D:\Desktop\BnS_Lite_Installer.exe -d D:\Desktop
Task: {FE957978-3D42-4D8C-9B34-BC16C6F32857} - System32\Tasks\{558D5A6E-DD21-4941-87EF-B13D1FC9B548} => pcalua.exe -a "D:\Program Files\Steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "D:\Program Files\Steam\steamapps\common\Left 4 Dead 2" -c /register
 
MSCONFIG\Services: vToolbarUpdater30.7.0 => 2
 
FirewallRules: [{91B1C004-FADF-4E7E-ABE6-705E19334C6E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{18C4647A-A9D9-4FC2-83A2-D0183BDE8947}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
 
C:\Users\andwong88\AppData\Local\rctuni
C:\Users\andwong88\AppData\Local\feikee
C:\Users\andwong88\AppData\LocalLow\1_0_1ver
C:\Users\andwong88\AppData\LocalLow\1_2_0v
C:\Users\andwong88\AppData\Roaming\c
C:\Windows\AutoKMS
 
EmptyTemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2970249747-3589578324-968742033-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found. 
Firefox DefaultSearchEngine.US removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "homepage" removed successfully
Chrome StartupUrls => removed successfully
HKLM\System\CurrentControlSet\Services\nbhzpoir => key removed successfully
nbhzpoir => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14154FF6-7056-4B38-809C-CE2CBD845726} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14154FF6-7056-4B38-809C-CE2CBD845726} => key removed successfully
C:\Windows\System32\Tasks\{3F76C1E2-BC3B-4DA6-9F34-D6228B637D1E} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3F76C1E2-BC3B-4DA6-9F34-D6228B637D1E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{68944BAB-51A5-4954-8903-615A553CADC7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68944BAB-51A5-4954-8903-615A553CADC7} => key removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7363B067-3E4C-4A0A-85EC-A1BB086E91B9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7363B067-3E4C-4A0A-85EC-A1BB086E91B9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyTab => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75073286-652B-4D7E-8296-610BF2BC9311} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75073286-652B-4D7E-8296-610BF2BC9311} => key removed successfully
C:\Windows\System32\Tasks\{73B4D5CB-5A24-426B-863B-39C780E62C54} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{73B4D5CB-5A24-426B-863B-39C780E62C54} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1FFD6D9-5582-4C9B-BB7A-33D437587480} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1FFD6D9-5582-4C9B-BB7A-33D437587480} => key removed successfully
C:\Windows\System32\Tasks\{F0AC70A9-BA73-4464-A424-5A3DC37CAF8E} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F0AC70A9-BA73-4464-A424-5A3DC37CAF8E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED938B63-F086-493F-AF28-F9BD3187EDC8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED938B63-F086-493F-AF28-F9BD3187EDC8} => key removed successfully
C:\Windows\System32\Tasks\{44E9DE53-9121-4998-9113-C026BF077175} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{44E9DE53-9121-4998-9113-C026BF077175} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE957978-3D42-4D8C-9B34-BC16C6F32857} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE957978-3D42-4D8C-9B34-BC16C6F32857} => key removed successfully
C:\Windows\System32\Tasks\{558D5A6E-DD21-4941-87EF-B13D1FC9B548} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{558D5A6E-DD21-4941-87EF-B13D1FC9B548} => key removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\vToolbarUpdater30.7.0 => key removed successfully
HKLM\System\CurrentControlSet\Services\vToolbarUpdater30.7.0 => key not found. 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{91B1C004-FADF-4E7E-ABE6-705E19334C6E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18C4647A-A9D9-4FC2-83A2-D0183BDE8947} => value removed successfully
C:\Users\andwong88\AppData\Local\rctuni => moved successfully
C:\Users\andwong88\AppData\Local\feikee => moved successfully
C:\Users\andwong88\AppData\LocalLow\1_0_1ver => moved successfully
C:\Users\andwong88\AppData\LocalLow\1_2_0v => moved successfully
C:\Users\andwong88\AppData\Roaming\c => moved successfully
C:\Windows\AutoKMS => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 135352542 B
Java, Flash, Steam htmlcache => 489144562 B
Windows/system/drivers => 464171133 B
Edge => 0 B
Chrome => 764959081 B
Firefox => 41293001 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 79418867 B
systemprofile32 => 75296 B
LocalService => 66228 B
NetworkService => 16142730 B
andwong88 => 672287857 B
 
RecycleBin => 1376 B
EmptyTemp: => 2.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:41:13 ====


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 AM

Posted 20 April 2017 - 07:48 PM

Good, the fix went through just fine. How's your system behaving now? Were there any other issues you would like me to address?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 andwong91

andwong91
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 20 April 2017 - 07:53 PM

Everything seems good now. I don't get that error anymore and I don't notice anything unusual. Thanks for the help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users