Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with SmartService (I think)


  • This topic is locked This topic is locked
16 replies to this topic

#1 redflgslooklikeflgs

redflgslooklikeflgs

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 23 July 2017 - 05:53 PM

Strange processes are running on my Windows 7 machine, internet searches being redirected, and I even got a message that my hard drive was full, when it shouldn't have been. The malware was creating temp files to fill my harddrive. I've run both the Avast! rescuedisk and the Kapersky rescue disk, but neither one can remove all of the malware. I've found other threads calling this SmartService, so if it isn't that then I apologise.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017
Ran by Luke (administrator) on LUKE-PC (23-07-2017 18:37:39)
Running from E:\Desktop
Loaded Profiles: Luke (Available Profiles: Luke)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
() C:\Windows\System32\tprdpw64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Sand Studio) E:\Programs\AirDroid\AirDroid.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [AirDroid 3] => E:\Programs\AirDroid\AirDroid.exe [10223408 2017-06-28] (Sand Studio)
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\MountPoints2: K - K:\setup.exe
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\MountPoints2: {7fbd7e68-e113-11e3-a78c-8f97b0442811} - K:\setup.exe
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\MountPoints2: {cbcd9215-2053-11e6-8751-89338eab2433} - M:\stp-se4.exe
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\MountPoints2: {cbcd9218-2053-11e6-8751-89338eab2433} - M:\setup.exe
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\MountPoints2: {f45084ee-dfc9-11e5-b230-b9335618642a} - L:\LaunchU3.exe -a
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{3D817C84-CC44-4F44-ADD4-49F98BDCCDBC}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{C429DA9F-55EA-4C0D-B23A-42B9B2E413BA}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
 
FireFox:
========
FF DefaultProfile: zw7mdomu.default
FF ProfilePath: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default [2017-07-18]
FF Extension: (Fast search) - C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default\Extensions\amcontextmenu@loucypher [2017-07-18]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - E:\Programs\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - E:\Programs\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-23] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> E:\Programs\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> E:\Programs\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> E:\Programs\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://thepiratebay.la/search/%22chaos%20chaos%22/0/99/0
CHR StartupUrls: Default -> "hxxps://1917.rt.com/#!/en/twitter/lenin"
CHR Profile: C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default [2017-07-18]
CHR Extension: (Torrent Search) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2016-08-14]
CHR Extension: (Duolingo on the Web) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2016-02-10]
CHR Extension: (Google Docs) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Language Immersion for Chrome) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2014-04-27]
CHR Extension: (YouTube) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Honey) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-07-15]
CHR Extension: (Adblock Plus) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Google Search) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Read Later Fast) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji [2015-05-14]
CHR Extension: (Adobe Acrobat) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Google Play Music) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-07-18]
CHR Extension: (Full Page Screen Capture) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-09-02]
CHR Extension: (Select and Speak - Text to Speech (SpeakIt!)) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjopfpjmkcfgjpogepmdjmcnihfpokn [2017-03-22]
CHR Extension: (Google Docs Offline) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Eve News24) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\hacenaodinjocbceobidngfdopgcpbjh [2014-04-27]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2016-08-26]
CHR Extension: (Upload to Imgur - Right-click Imgur Uploader) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmpmjpekinnebjgnakcahjikbomnmlb [2017-07-13]
CHR Extension: (Dropbox) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-06-29]
CHR Extension: (Bernie PB) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippaapoiolpdkljaeicdcjilfdimgklb [2016-05-20]
CHR Extension: (PolitEcho) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcindbcjkekiofoogdiohbdleddkpbbm [2017-03-20]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-07-17]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2017-07-17]
CHR Extension: (Logical Increments Field Agent) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnmfdickgjlfdjmjnaejgkjeebfadc [2014-04-27]
CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Launch Readlang Web Reader) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpdkefpnfejbfnmdilmfhephfffmfoh [2017-05-29]
CHR Extension: (Mockingbird Freebooks) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\phnddmkgmlolmdjfkjmfljijkgadkkob [2016-04-25]
CHR Extension: (Gmail) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - E:\Programs\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"drmkpro64" => service could not be unlocked. <==== ATTENTION
 
S3 Disc Soft Lite Bus Service; E:\Programs\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-12] (Disc Soft Ltd)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757040 2017-04-06] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Dataup; C:\Users\Luke\AppData\Local\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-05-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-05-22] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-21] (Disc Soft Ltd)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-30] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54344 2016-11-22] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-23 18:37 - 2017-07-23 18:37 - 00000000 ____D C:\FRST
2017-07-22 17:21 - 2017-07-23 05:24 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2017-07-18 17:24 - 2017-07-18 17:24 - 00000000 ____D C:\Users\Luke\AppData\Local\llssoft
2017-07-18 17:23 - 2017-07-18 17:23 - 00000218 _____ C:\Users\Luke\AppData\Local\recently-used.xbel
2017-07-18 17:23 - 2017-07-18 17:23 - 00000000 ____D C:\Users\Luke\AppData\Local\ntuserlitelist
2017-07-18 17:18 - 2017-07-23 20:51 - 00000000 ____D C:\ProgramData\WindowsErrorReporting
2017-07-18 17:18 - 2017-07-23 05:20 - 00000000 ____D C:\Program Files\I482T6L62U
2017-07-18 17:18 - 2017-07-23 05:20 - 00000000 ____D C:\Program Files\4RLBQKTY99
2017-07-18 17:18 - 2017-07-23 05:20 - 00000000 ____D C:\Program Files (x86)\wx0f50xmdn2
2017-07-18 17:18 - 2017-07-23 05:20 - 00000000 ____D C:\Program Files (x86)\AVBoost
2017-07-18 17:18 - 2017-07-18 17:24 - 00000000 ____D C:\Users\Luke\AppData\Roaming\gq4ureronjm
2017-07-18 17:18 - 2017-07-18 17:24 - 00000000 ____D C:\Users\Luke\AppData\Roaming\bavb503uyqq
2017-07-18 17:18 - 2017-07-18 17:18 - 00000000 ____D C:\Users\Luke\AppData\Roaming\c
2017-07-18 17:18 - 2017-07-18 17:18 - 00000000 ____D C:\Users\Luke\AppData\Local\nxgzb
2017-07-18 17:18 - 2017-07-18 17:18 - 00000000 ____D C:\Users\Luke\AppData\Local\CrashRpt
2017-07-18 17:18 - 2017-07-18 17:18 - 00000000 ____D C:\Program Files (x86)\s5
2017-07-18 17:17 - 2017-07-18 17:17 - 00003302 _____ C:\Windows\System32\Tasks\AGProxyCheck
2017-07-18 17:17 - 2017-07-18 17:17 - 00000000 ____D C:\Users\Luke\AppData\Roaming\AGData
2017-07-18 17:17 - 2017-07-18 17:17 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2017-07-12 13:51 - 2017-06-30 00:15 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-12 13:51 - 2017-06-29 23:32 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 02319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 02058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-12 13:51 - 2017-06-29 22:40 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-12 13:51 - 2017-06-29 22:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 13:51 - 2017-06-29 22:39 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-12 13:51 - 2017-06-29 22:39 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-12 13:51 - 2017-06-29 22:38 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-12 13:51 - 2017-06-29 22:38 - 01363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-12 13:51 - 2017-06-29 22:38 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-12 13:51 - 2017-06-29 22:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-12 13:51 - 2017-06-29 22:38 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-12 13:51 - 2017-06-29 22:38 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-12 13:51 - 2017-06-29 22:38 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-12 13:51 - 2017-06-29 22:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-12 13:51 - 2017-06-29 22:27 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-12 13:51 - 2017-06-29 22:27 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-12 13:51 - 2017-06-29 22:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-12 13:51 - 2017-06-29 22:26 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-12 13:51 - 2017-06-29 02:27 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-12 13:51 - 2017-06-29 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-12 13:51 - 2017-06-29 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-12 13:51 - 2017-06-29 02:04 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-12 13:51 - 2017-06-29 02:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-12 13:51 - 2017-06-29 02:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-12 13:51 - 2017-06-29 02:02 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-12 13:51 - 2017-06-29 02:02 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-12 13:51 - 2017-06-29 02:02 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-12 13:51 - 2017-06-29 01:55 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-12 13:51 - 2017-06-29 01:54 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-12 13:51 - 2017-06-29 01:51 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-12 13:51 - 2017-06-29 01:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-12 13:51 - 2017-06-29 01:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-12 13:51 - 2017-06-29 01:50 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-12 13:51 - 2017-06-29 01:50 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-12 13:51 - 2017-06-29 01:44 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-12 13:51 - 2017-06-29 01:43 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-12 13:51 - 2017-06-29 01:39 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-12 13:51 - 2017-06-29 01:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-12 13:51 - 2017-06-29 01:31 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-12 13:51 - 2017-06-29 01:31 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-12 13:51 - 2017-06-29 01:30 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-12 13:51 - 2017-06-29 01:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-12 13:51 - 2017-06-29 01:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-12 13:51 - 2017-06-29 01:23 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-12 13:51 - 2017-06-29 01:23 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-12 13:51 - 2017-06-29 01:23 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-12 13:51 - 2017-06-29 01:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-12 13:51 - 2017-06-29 01:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-12 13:51 - 2017-06-29 01:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-12 13:51 - 2017-06-29 01:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-12 13:51 - 2017-06-29 01:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-12 13:51 - 2017-06-29 01:19 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-12 13:51 - 2017-06-29 01:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-12 13:51 - 2017-06-29 01:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-12 13:51 - 2017-06-29 01:14 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-12 13:51 - 2017-06-29 01:13 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-12 13:51 - 2017-06-29 01:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-12 13:51 - 2017-06-29 01:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-12 13:51 - 2017-06-29 01:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-12 13:51 - 2017-06-29 01:09 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-12 13:51 - 2017-06-29 01:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-12 13:51 - 2017-06-29 01:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-12 13:51 - 2017-06-29 01:07 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-12 13:51 - 2017-06-29 01:05 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-12 13:51 - 2017-06-29 01:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-12 13:51 - 2017-06-29 01:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-12 13:51 - 2017-06-29 01:00 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-12 13:51 - 2017-06-29 00:58 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-12 13:51 - 2017-06-29 00:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-12 13:51 - 2017-06-29 00:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-12 13:51 - 2017-06-29 00:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-12 13:51 - 2017-06-29 00:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-12 13:51 - 2017-06-29 00:53 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-12 13:51 - 2017-06-29 00:52 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-12 13:51 - 2017-06-29 00:48 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-12 13:51 - 2017-06-29 00:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-12 13:51 - 2017-06-29 00:46 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-12 13:51 - 2017-06-29 00:46 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-12 13:51 - 2017-06-29 00:43 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-12 13:51 - 2017-06-29 00:41 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-12 13:51 - 2017-06-29 00:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-12 13:51 - 2017-06-29 00:28 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-12 13:51 - 2017-06-29 00:24 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-12 13:51 - 2017-06-29 00:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-12 13:51 - 2017-06-22 10:58 - 03223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-12 13:51 - 2017-06-15 16:23 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 13:51 - 2017-06-12 18:54 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-12 13:51 - 2017-06-12 18:54 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-12 13:51 - 2017-06-12 18:54 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-12 13:51 - 2017-06-12 18:49 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 01363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 13:51 - 2017-06-12 18:49 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-12 13:51 - 2017-06-12 18:29 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-12 13:51 - 2017-06-12 18:29 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-12 13:51 - 2017-06-12 18:29 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-12 13:51 - 2017-06-12 18:29 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-12 13:51 - 2017-06-12 18:29 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-12 13:51 - 2017-06-12 18:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-12 13:51 - 2017-06-12 18:29 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-12 13:51 - 2017-06-12 18:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-12 13:51 - 2017-06-12 18:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-12 13:51 - 2017-06-12 18:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 13:51 - 2017-06-12 18:14 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 13:51 - 2017-06-12 18:14 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 13:51 - 2017-06-12 18:12 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-12 13:51 - 2017-06-12 18:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-12 13:51 - 2017-06-12 18:12 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-12 13:51 - 2017-06-12 18:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-12 13:51 - 2017-06-12 18:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-12 13:51 - 2017-06-12 18:06 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-12 13:51 - 2017-06-12 18:06 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-12 13:51 - 2017-06-12 18:06 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-12 13:51 - 2017-06-12 18:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-12 13:51 - 2017-06-10 11:59 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 13:51 - 2017-06-10 11:39 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-12 13:51 - 2017-06-09 11:33 - 01680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 13:51 - 2017-06-06 11:30 - 01867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 13:51 - 2017-06-06 11:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-12 13:51 - 2017-05-30 00:56 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 13:51 - 2017-05-30 00:56 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 13:51 - 2017-05-30 00:56 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 13:51 - 2017-05-21 00:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-12 13:51 - 2017-05-21 00:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-12 13:51 - 2017-05-16 11:35 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-12 13:51 - 2017-05-16 11:35 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-12 13:51 - 2017-05-16 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-12 13:51 - 2017-05-03 11:34 - 00094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-12 13:51 - 2017-05-03 11:29 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-12 13:51 - 2017-05-03 09:05 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-12 13:51 - 2017-05-03 09:05 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-12 13:51 - 2017-05-03 09:05 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-12 13:51 - 2017-05-03 09:05 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-12 13:51 - 2017-05-03 09:05 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-12 13:51 - 2017-05-03 09:05 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-12 13:51 - 2017-05-03 09:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-12 13:51 - 2017-03-22 22:06 - 01691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-07-09 21:43 - 2017-07-09 21:44 - 00000000 ____D C:\Users\Luke\AppData\Local\SniperElite4
2017-07-09 21:43 - 2017-07-09 21:43 - 00000000 ____D C:\ProgramData\Sniper Elite 4
2017-07-08 21:58 - 2017-07-08 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sniper Elite 4
2017-06-30 23:29 - 2017-06-30 23:29 - 00000000 ____D C:\ProgramData\Age of Empires 3
2017-06-30 23:28 - 2017-06-30 23:28 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Age of Empires III - Complete Collection_unistall
2017-06-30 23:28 - 2017-06-30 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empires III - Complete Collection
2017-06-26 18:15 - 2017-06-26 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 10
2017-06-26 18:15 - 2017-03-23 10:04 - 03547136 _____ C:\Windows\system32\pwNative.exe
2017-06-26 18:15 - 2013-09-30 16:26 - 00019152 _____ C:\Windows\system32\pwdrvio.sys
2017-06-26 18:15 - 2013-09-30 16:26 - 00012504 _____ C:\Windows\system32\pwdspio.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-23 20:51 - 2015-06-26 14:51 - 00000000 __SHD C:\found.001
2017-07-23 18:36 - 2014-06-08 20:40 - 00000000 __SHD C:\Users\Luke\IntelGraphicsProfiles
2017-07-23 18:36 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-23 09:32 - 2009-07-14 00:45 - 00031104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-23 09:32 - 2009-07-14 00:45 - 00031104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-23 09:30 - 2009-07-14 01:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-23 09:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-07-23 09:29 - 2014-08-14 18:48 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-23 09:28 - 2015-05-17 00:44 - 00000000 ____D C:\Users\Luke\AppData\Local\CrashDumps
2017-07-22 16:24 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Performance
2017-07-18 17:58 - 2015-01-09 15:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-07-18 17:23 - 2015-06-21 14:07 - 00000000 ____D C:\Users\Luke\AppData\Roaming\deluge
2017-07-17 19:57 - 2014-04-28 20:35 - 00000000 ____D C:\Users\Luke\AppData\Roaming\vlc
2017-07-16 21:35 - 2014-10-08 19:24 - 00000000 ____D C:\Users\Luke\AppData\Roaming\foobar2000
2017-07-15 12:32 - 2014-05-25 21:28 - 00000000 ____D C:\Windows\Minidump
2017-07-15 12:32 - 2014-05-21 20:27 - 00000000 ____D C:\Users\Luke\AppData\Roaming\DAEMON Tools Lite
2017-07-15 02:41 - 2014-09-29 21:55 - 00000000 ____D C:\Users\Luke\AppData\Local\Spotify
2017-07-15 00:09 - 2014-09-29 21:54 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Spotify
2017-07-13 14:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-07-12 20:45 - 2014-12-10 23:07 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-12 20:45 - 2009-07-14 00:45 - 00386896 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-12 15:40 - 2014-04-27 21:08 - 00000000 ____D C:\Windows\system32\MRT
2017-07-12 15:39 - 2014-04-27 21:08 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-11 15:55 - 2016-10-22 21:37 - 00004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-07-11 15:55 - 2016-01-06 14:37 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-11 15:55 - 2016-01-06 14:37 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-11 15:55 - 2016-01-06 14:37 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-11 15:55 - 2016-01-06 14:37 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-11 15:55 - 2016-01-06 14:37 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-09 00:03 - 2015-05-14 10:36 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-30 23:29 - 2014-05-06 13:26 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-06-30 02:51 - 2014-04-27 21:34 - 00773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-06-29 17:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-06-28 16:16 - 2014-04-27 23:17 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2013-02-16 23:27 - 2013-02-16 23:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2015-01-26 10:38 - 2015-05-12 10:16 - 0000600 _____ () C:\Users\Luke\AppData\Local\PUTTY.RND
2017-07-18 17:23 - 2017-07-18 17:23 - 0000218 _____ () C:\Users\Luke\AppData\Local\recently-used.xbel
2017-05-17 11:32 - 2017-05-17 11:32 - 0125952 _____ () C:\Users\Luke\AppData\Local\report
2015-03-27 15:23 - 2015-08-05 02:01 - 0007662 _____ () C:\Users\Luke\AppData\Local\Resmon.ResmonCfg
2016-10-22 21:41 - 2016-10-22 21:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2017-07-18 17:18 - 2017-07-18 17:19 - 29131120 _____ (AppTrailers) C:\Users\Luke\AppData\Local\Temp\AppTrailers.9.1.10amt.exe
2017-07-18 17:18 - 2017-07-18 17:18 - 0328160 _____ (WeMonetize                                                  ) C:\Users\Luke\AppData\Local\Temp\CETTK0U.exe
2017-07-18 17:18 - 2017-07-18 17:18 - 1199825 _____ () C:\Users\Luke\AppData\Local\Temp\unins000.exe
2017-07-18 17:18 - 2017-07-18 17:18 - 0680734 _____ (VideoBox                                                    ) C:\Users\Luke\AppData\Local\Temp\vbinst.exe
2017-07-17 18:50 - 2017-07-17 18:51 - 30950664 _____ () C:\Users\Luke\AppData\Local\Temp\vlc-2.2.6-win32.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-12 00:40
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:18 PM

Posted 23 July 2017 - 06:07 PM

Welcome :)

 

 

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 redflgslooklikeflgs

redflgslooklikeflgs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 23 July 2017 - 06:31 PM

Malwarebytes Anti-Rootkit BETA 1.9.4.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.07.23.04
  rootkit: v2017.05.27.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18738
Luke :: LUKE-PC [administrator]
 
7/23/2017 7:17:34 PM
mbar-log-2017-07-23 (19-17-34).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 575727
Time elapsed: 10 minute(s), 7 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 20
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AVBoost_is1 (Adware.Tuto4PC) -> Delete on reboot. [535dbeabbced092df5881dbb17eab947]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 (Rootkit.Agent.PUA) -> Delete on reboot. [1997dd8cd8d1d75f8c0968e924dd659b]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP (Trojan.Clicker) -> Delete on reboot. [6749a7c2c3e6c96da7f9fc230df4817f]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup (Trojan.Clicker) -> Delete on reboot. [129e97d21b8eae881ac39787e91828d8]
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\SOFTWARE\MICROSOFT\BIGTIME (Adware.Tuto4PC) -> Delete on reboot. [aa06c5a47d2cb28419599568a16059a7]
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\SOFTWARE\MICROSOFT\EWMON (Adware.Tuto4PC) -> Delete on reboot. [08a81d4cb3f66dc97ff405f8b34ef010]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
HKLM\SOFTWARE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1 (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
 
Registry Values Detected: 4
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AVBoost_is1|Publisher (Adware.Tuto4PC.Generic) -> Data: WeMonetize -> Delete on reboot. [5f51baaf10990a2c680e27ef986ae31d]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath (Trojan.Clicker) -> Data: C:\Users\Luke\AppData\Local\ntuserlitelist\dataup\dataup.exe -> Delete on reboot. [6749a7c2c3e6c96da7f9fc230df4817f]
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\SOFTWARE\MICROSOFT\BIGTIME|partner (Adware.Tuto4PC) -> Data: installcube -> Delete on reboot. [aa06c5a47d2cb28419599568a16059a7]
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\SOFTWARE\MICROSOFT\EWMON|partner (Adware.Tuto4PC) -> Data: installcube -> Delete on reboot. [08a81d4cb3f66dc97ff405f8b34ef010]
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 67
C:\Users\Luke\AppData\Local\Temp\QV8XW04I3V (Adware.Tuto4PC.Generic) -> Delete on reboot. [f4bc95d45c4d68ce80b3fffc02ff51af]
C:\Users\Luke\AppData\Local\llssoft\winvmx (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\databases (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\File System (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\File System\000 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\File System\000\t (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\File System\Origins (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\IndexedDB (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\H4QAERVP (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\cdn.stickyadstv.com (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\eereader.com (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\efreader.com (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\egreader.com (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys\#eereader.com (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys\#efreader.com (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys\#egreader.com (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\databases (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\GPUCache (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\IndexedDB (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\IndexedDB\http_www.popularmechanics.com_0.indexeddb.leveldb (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Local Storage (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\4PCMNWZP (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\cdn.stickyadstv.com (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\eereader.com (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\efreader.com (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\egreader.com (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys\#eereader.com (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys\#efreader.com (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys\#egreader.com (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\dump (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\ntuserlitelist (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\dataup (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\locales (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\winscr (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Program Files (x86)\wx0f50xmdn2 (Adware.Tuto4PC.Generic) -> Delete on reboot. [ac04b5b4f3b642f446b91ef07989c838]
C:\Program Files\4RLBQKTY99 (Adware.Tuto4PC.Generic) -> Delete on reboot. [5c5467022a7fe94d100a59754cb516ea]
C:\Program Files\I482T6L62U (Adware.Tuto4PC.Generic) -> Delete on reboot. [00b0b9b07336d85e889204ca877aeb15]
 
Files Detected: 534
C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys (Rootkit.Agent.PUA) -> Delete on reboot. [a1184d89fddc3c481bce6ecc1384a192]
C:\Users\Luke\AppData\Local\Temp\CETTK0U.exe (Adware.Tuto4PC) -> Delete on reboot. [fcb478f1bdecbd79d763abf669973dc3]
C:\Users\Luke\AppData\Local\Temp\1500412703\s5m_install_325.exe (Trojan.Clicker) -> Delete on reboot. [644cc4a5d3d6a2946ab00cc836cbb749]
C:\Users\Luke\AppData\Local\ntuserlitelist\dataup\dataup.exe (Adware.Yelloader) -> Delete on reboot. [3e722b3e3772eb4b39e38e8d857cb34d]
C:\Users\Luke\AppData\Local\nxgzb\mejbcodt (Adware.Yelloader) -> Delete on reboot. [9917630612970135406298729a68847c]
C:\Users\Luke\AppData\Local\Temp\QV8XW04I3V\Like.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [f4bc95d45c4d68ce80b3fffc02ff51af]
C:\Users\Luke\AppData\Local\Temp\QV8XW04I3V\AfficheOne.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [f4bc95d45c4d68ce80b3fffc02ff51af]
C:\Users\Luke\AppData\Local\Temp\QV8XW04I3V\Era5Le.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [f4bc95d45c4d68ce80b3fffc02ff51af]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Cookies (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\data_0 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\data_1 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\data_2 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\data_3 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000001 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000002 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000003 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000004 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000005 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000006 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000007 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000008 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000009 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00000a (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00000b (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00000c (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00000e (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00000f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000010 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000011 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000012 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000013 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000014 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000015 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000016 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000017 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000018 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000019 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00001a (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00001b (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00001c (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00001d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00001e (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00001f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000020 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000022 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000023 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000024 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000025 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000026 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000027 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000028 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000029 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00002a (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00002b (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00002c (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00002d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00002e (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00002f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000030 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000031 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000032 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000033 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000034 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000036 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000037 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000038 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000039 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00003a (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00003b (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00003c (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00003d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00003e (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00003f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000040 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000041 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000042 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000043 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000044 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000045 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000046 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000047 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000048 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00004a (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00004b (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00004c (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00004d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00004e (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00004f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000050 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000051 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000052 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000053 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000054 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000055 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000056 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000057 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000058 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000059 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00005a (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00005b (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00005c (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00005e (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00005f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000060 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000061 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000062 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000063 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000064 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000065 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000066 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000067 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000068 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000069 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00006a (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00006b (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00006c (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00006d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00006e (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00006f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000070 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00000d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000021 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000035 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000049 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00005d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000071 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000085 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00009a (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ae (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c2 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d6 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ea (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ff (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000113 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000072 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000073 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000074 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000075 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000076 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000077 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000078 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000079 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00007a (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00007b (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00007c (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00007d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00007e (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00007f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000080 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000081 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000082 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000083 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000084 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000086 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000087 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000088 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000089 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00008a (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00008b (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00008c (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00008d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00008f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000090 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000091 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000092 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000093 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000094 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000095 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000096 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000097 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000098 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000099 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00009b (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00009c (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00009d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00009e (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00009f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a0 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a1 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a2 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a3 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a4 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a5 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a6 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a7 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a8 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a9 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000aa (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ab (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ac (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ad (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000af (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b0 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b1 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b2 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b3 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b4 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b5 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b6 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b7 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b8 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b9 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ba (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000bb (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000bc (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000bd (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000be (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000bf (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c0 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c1 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c3 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c4 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c5 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c6 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c7 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c8 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c9 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ca (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000cb (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000cc (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000cd (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ce (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000cf (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d0 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d1 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d2 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d3 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d4 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d5 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d7 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d8 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d9 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000da (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000db (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000dc (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000dd (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000de (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000df (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e0 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e1 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e2 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e3 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e4 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e5 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e6 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e7 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e8 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e9 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000eb (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ed (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ee (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ef (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f0 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f1 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f2 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f3 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f4 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f5 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f6 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f7 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f8 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f9 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000fa (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000fb (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000fc (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000fd (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000fe (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000100 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000101 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000102 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000103 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000104 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000105 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000106 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000107 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000108 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000109 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00010a (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00010b (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00010c (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00010d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00010e (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00010f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000110 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000111 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000112 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000114 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000115 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000116 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000117 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000118 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000119 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\index (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\QuotaManager (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\QuotaManager-journal (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\databases\Databases.db (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\databases\Databases.db-journal (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\File System\Origins\000003.log (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\File System\Origins\CURRENT (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\File System\Origins\LOCK (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\File System\Origins\LOG (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\File System\Origins\MANIFEST-000001 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\000003.log (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\CURRENT (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\LOCK (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\LOG (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\MANIFEST-000001 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\https_c.betrad.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\https_c.betrad.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\https_connexity.net_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\https_connexity.net_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
c:\users\luke\appdata\local\llssoft\winvmx\data652\local storage\https_secure-ds.serving-sys.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
c:\users\luke\appdata\local\llssoft\winvmx\data652\local storage\https_secure-ds.serving-sys.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\https_widgets.outbrain.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\https_widgets.outbrain.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\https_www.accuwebhosting.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\https_www.accuwebhosting.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\http_connexity.net_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\http_connexity.net_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\http_renderer.qmerce.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\http_renderer.qmerce.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
c:\users\luke\appdata\local\llssoft\winvmx\data652\local storage\http_ul1.dvtps.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
c:\users\luke\appdata\local\llssoft\winvmx\data652\local storage\http_ul1.dvtps.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\http_widgets.outbrain.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\http_widgets.outbrain.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\http_www.express.co.uk_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\http_www.express.co.uk_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
c:\users\luke\appdata\local\llssoft\winvmx\data652\pepper data\shockwave flash\419d.tmp (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
c:\users\luke\appdata\local\llssoft\winvmx\data652\pepper data\shockwave flash\91ef.tmp (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys\settings.sol (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com\settings.sol (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys\#eereader.com\settings.sol (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys\#efreader.com\settings.sol (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys\#egreader.com\settings.sol (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Cookies (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Cookies-journal (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\data_0 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\data_1 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\data_2 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\data_3 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000001 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000002 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000003 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000004 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000005 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000006 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000007 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000008 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000009 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00000a (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00000b (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00000c (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00000e (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00000f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000010 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000011 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000012 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000013 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000014 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000015 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000016 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000017 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000018 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000019 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00001a (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00001b (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00001c (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00001d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00001e (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00001f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000020 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000022 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000023 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000024 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000025 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000026 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000027 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000028 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000029 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00002a (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00002b (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00002c (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00002d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00002e (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00002f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000030 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000031 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000032 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000033 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000034 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000036 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000037 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000038 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000039 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00003a (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00003b (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00003c (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00003d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00003e (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00003f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000041 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000042 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000043 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000044 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000045 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000046 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000047 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000048 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000049 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00004b (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00004c (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00004d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00004e (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00004f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000050 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000051 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000052 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000053 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000054 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000055 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000056 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000057 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000058 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000059 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00005d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00005e (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00005f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000060 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000062 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000063 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000064 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000065 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000066 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000067 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000068 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000069 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00006a (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00006b (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00006c (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00006d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00006e (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00006f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000070 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000071 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000072 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000073 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000074 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00000d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000021 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000035 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00004a (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000061 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000075 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000076 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000077 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000078 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000079 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00007a (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00007b (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00007c (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00007d (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00007e (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00007f (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000080 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000081 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000082 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000083 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000084 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000085 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000086 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000087 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\index (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\QuotaManager (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\QuotaManager-journal (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Visited Links (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\databases\Databases.db (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\databases\Databases.db-journal (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\GPUCache\data_0 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\GPUCache\data_1 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\GPUCache\data_2 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\GPUCache\data_3 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\GPUCache\index (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\IndexedDB\http_www.popularmechanics.com_0.indexeddb.leveldb\000003.log (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\IndexedDB\http_www.popularmechanics.com_0.indexeddb.leveldb\CURRENT (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\IndexedDB\http_www.popularmechanics.com_0.indexeddb.leveldb\LOCK (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\IndexedDB\http_www.popularmechanics.com_0.indexeddb.leveldb\LOG (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\IndexedDB\http_www.popularmechanics.com_0.indexeddb.leveldb\MANIFEST-000001 (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Local Storage\https_ec-ns.sascdn.com_0.localstorage (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Local Storage\https_ec-ns.sascdn.com_0.localstorage-journal (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys\settings.sol (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com\settings.sol (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys\#eereader.com\settings.sol (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys\#efreader.com\settings.sol (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys\#egreader.com\settings.sol (Trojan.Clicker.D) -> Delete on reboot. [9f11531669402f079e162f8059a7b749]
C:\Users\Luke\AppData\Local\ntuserlitelist\dataup\dataup.ini (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\dataup\help_dll.dll (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\dataup\NTSVC.ocx (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\cef.pak (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\cef_100_percent.pak (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\cef_200_percent.pak (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\cef_extensions.pak (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\d3dcompiler_47.dll (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\debug.log (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\icudtl.dat (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\libcef.dll (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\libEGL.dll (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\libGLESv2.dll (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\natives_blob.bin (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\snapshot_blob.bin (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\widevinecdm.dll (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\widevinecdmadapter.dll (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\locales\en-US.pak (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\locales\zh-CN.pak (Trojan.Clicker) -> Delete on reboot. [ac04de8b7f2a3bfb59ce7f3d47ba4cb4]
C:\Program Files (x86)\wx0f50xmdn2\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [ac04b5b4f3b642f446b91ef07989c838]
C:\Program Files (x86)\wx0f50xmdn2\8IDSB2JM3YQT3J9.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [ac04b5b4f3b642f446b91ef07989c838]
C:\Program Files (x86)\wx0f50xmdn2\config.conf (Adware.Tuto4PC.Generic) -> Delete on reboot. [ac04b5b4f3b642f446b91ef07989c838]
C:\Program Files (x86)\wx0f50xmdn2\VU228.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [ac04b5b4f3b642f446b91ef07989c838]
C:\Program Files\4RLBQKTY99\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [5c5467022a7fe94d100a59754cb516ea]
C:\Program Files\4RLBQKTY99\4RLBQKTY9.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [5c5467022a7fe94d100a59754cb516ea]
C:\Program Files\4RLBQKTY99\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [5c5467022a7fe94d100a59754cb516ea]
C:\Program Files\I482T6L62U\cast.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [00b0b9b07336d85e889204ca877aeb15]
C:\Program Files\I482T6L62U\CJPALABPX.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [00b0b9b07336d85e889204ca877aeb15]
C:\Program Files\I482T6L62U\uninstaller.exe.config (Adware.Tuto4PC.Generic) -> Delete on reboot. [00b0b9b07336d85e889204ca877aeb15]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.4.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.18738
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED
CPU speed: 3.400000 GHz
Memory total: 8469245952, free: 5778472960
 
Downloaded database version: v2017.07.23.04
Downloaded database version: v2017.05.27.01
Downloaded database version: v2017.07.17.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     07/23/2017 19:17:29
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\ndistpr64.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\system32\drivers\NDIS.SYS
\SystemRoot\system32\drivers\TDI.SYS
\SystemRoot\system32\drivers\FLTMGR.SYS
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\pwdrvio.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\XtuAcpiDriver.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\dtlitescsibus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\dtliteusbbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\usbccgp.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\AE2500w764.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\iertutil.dll
\Windows\System32\Wldap32.dll
\Windows\System32\nsi.dll
\Windows\System32\shell32.dll
\Windows\System32\normaliz.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ole32.dll
\Windows\System32\setupapi.dll
\Windows\System32\usp10.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\difxapi.dll
\Windows\System32\psapi.dll
\Windows\System32\lpk.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msctf.dll
\Windows\System32\user32.dll
\Windows\System32\sechost.dll
\Windows\System32\clbcatq.dll
\Windows\System32\advapi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msvcrt.dll
\Windows\System32\gdi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\wininet.dll
\Windows\System32\urlmon.dll
\Windows\System32\imm32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2017.07.23.04
  rootkit: v2017.05.27.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8008e5e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008e5eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008e5e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008bdc060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\ndistpr64.sys --> [Rootkit.Agent.PUA]
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 4097459428
    GPT Header CurrentLba = 1 BackupLba 234441647
    GPT Header FirstUsableLba 34  LastUsableLba 234441614
    GPT Header Guid fa00a9b2-9f85-46ec-b559-c4b59f6ba01a
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 4097459428
    Backup GPT header CurrentLba = 234441647 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 234441614
    Backup GPT header Guid fa00a9b2-9f85-46ec-b559-c4b59f6ba01a
    Backup GPT header Contains 128 partition entries starting at LBA 234441615
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 3345c547-1242-47bd-8066-9b3ff129d613
    FirstLBA 2048  Last LBA 206847
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 0 is bootable
    Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 52d105d9-c94d-4217-9c47-a69ee8674e7
    FirstLBA 206848  Last LBA 468991
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 1acf86cd-e4d8-409d-b69-a0eff03fc31f
    FirstLBA 468992  Last LBA 234440703
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 120034123776 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8008e5a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008e5ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008e5a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008ba1060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AAD9AF44
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8008e5b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008e5bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008e5b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008bc9060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 27964956
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 32593920
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 32595968  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 32800768  Numsec = 573153280
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 3 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 605955735  Numsec = 644302890
    Partition is not bootable
    Partition file system is NTFS
 
Disk Size: 640135028736 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa80097be790, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80097c1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80097be790, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80097c2060, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BDBF0A14
 
Partition information:
 
    Partition 0 type is Other (0xc)
    Partition is ACTIVE.
    Partition starts at LBA: 112  Numsec = 30883728
    Partition is not bootable
    Partition file system is FAT32
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 15812526080 bytes
Sector size: 512 bytes
 
Done!
<<<2>>>
<<<3>>>
Volume: E:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Infected: C:\Users\Luke\AppData\Local\Temp\CETTK0U.exe --> [Adware.Tuto4PC]
Infected: C:\Users\Luke\AppData\Local\Temp\1500412703\s5m_install_325.exe --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\dataup\dataup.exe --> [Adware.Yelloader]
Infected: C:\Users\Luke\AppData\Local\nxgzb\mejbcodt --> [Adware.Yelloader]
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-8A7BDAB14BE9A2080B86A437ABF5CB7087BC6ED5.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-8A7BDAB14BE9A2080B86A437ABF5CB7087BC6ED5.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-8A7BDAB14BE9A2080B86A437ABF5CB7087BC6ED5.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-8A7BDAB14BE9A2080B86A437ABF5CB7087BC6ED5.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-8A7BDAB14BE9A2080B86A437ABF5CB7087BC6ED5.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-8A7BDAB14BE9A2080B86A437ABF5CB7087BC6ED5.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-8A7BDAB14BE9A2080B86A437ABF5CB7087BC6ED5.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-8A7BDAB14BE9A2080B86A437ABF5CB7087BC6ED5.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-8A7BDAB14BE9A2080B86A437ABF5CB7087BC6ED5.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-8A7BDAB14BE9A2080B86A437ABF5CB7087BC6ED5.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-8A7BDAB14BE9A2080B86A437ABF5CB7087BC6ED5.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-8A7BDAB14BE9A2080B86A437ABF5CB7087BC6ED5.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-8A7BDAB14BE9A2080B86A437ABF5CB7087BC6ED5.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-8A7BDAB14BE9A2080B86A437ABF5CB7087BC6ED5.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-8A7BDAB14BE9A2080B86A437ABF5CB7087BC6ED5.bin.83" is compressed (flags = 1)
Infected: C:\Users\Luke\AppData\Local\Temp\QV8XW04I3V\Like.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Users\Luke\AppData\Local\Temp\QV8XW04I3V --> [Adware.Tuto4PC.Generic]
Infected: C:\Users\Luke\AppData\Local\Temp\QV8XW04I3V\AfficheOne.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Users\Luke\AppData\Local\Temp\QV8XW04I3V\Era5Le.exe.config --> [Adware.Tuto4PC.Generic]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AVBoost_is1 --> [Adware.Tuto4PC]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AVBoost_is1|Publisher --> [Adware.Tuto4PC.Generic]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\drmkpro64 --> [Rootkit.Agent.PUA]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP --> [Trojan.Clicker]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup --> [Trojan.Clicker]
Infected: HKU\S-1-5-21-2829323167-97675127-1012005819-1000\SOFTWARE\MICROSOFT\BIGTIME|partner --> [Adware.Tuto4PC]
Infected: HKU\S-1-5-21-2829323167-97675127-1012005819-1000\SOFTWARE\MICROSOFT\BIGTIME --> [Adware.Tuto4PC]
Infected: HKU\S-1-5-21-2829323167-97675127-1012005819-1000\SOFTWARE\MICROSOFT\EWMON|partner --> [Adware.Tuto4PC]
Infected: HKU\S-1-5-21-2829323167-97675127-1012005819-1000\SOFTWARE\MICROSOFT\EWMON --> [Adware.Tuto4PC]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000001 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000002 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000003 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000004 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000005 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000006 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000007 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000008 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000009 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00000a --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00000b --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00000c --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00000e --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00000f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000010 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000011 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000012 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000013 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000014 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000015 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000016 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000017 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000018 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000019 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00001a --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00001b --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00001c --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00001d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00001e --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00001f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000020 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000022 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000023 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000024 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000025 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000026 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000027 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000028 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000029 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00002a --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00002b --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00002c --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00002d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00002e --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00002f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000030 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000031 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000032 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000033 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000034 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000036 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000037 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000038 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000039 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00003a --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00003b --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00003c --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00003d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00003e --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00003f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000040 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000041 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000042 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000043 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000044 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000045 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000046 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000047 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000048 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00004a --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00004b --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00004c --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00004d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00004e --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00004f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000050 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000051 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000052 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000053 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000054 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000055 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000056 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000057 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000058 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000059 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00005a --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00005b --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00005c --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00005e --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00005f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000060 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000061 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000062 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000063 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000064 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000065 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000066 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000067 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000068 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000069 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00006a --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00006b --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00006c --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00006d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00006e --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00006f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000070 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00000d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000021 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000035 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000049 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00005d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000071 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000085 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00009a --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ae --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c2 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d6 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ea --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ff --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000113 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000072 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000073 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000074 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000075 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000076 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000077 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000078 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000079 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00007a --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00007b --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00007c --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00007d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00007e --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00007f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000080 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000081 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000082 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000083 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000084 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000086 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000087 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000088 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000089 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00008a --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00008b --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00008c --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00008d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00008f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000090 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000091 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000092 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000093 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000094 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000095 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000096 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000097 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000098 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000099 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00009b --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00009c --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00009d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00009e --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00009f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a0 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a1 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a2 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a3 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a4 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a5 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a6 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a7 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a8 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000a9 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000aa --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ab --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ac --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ad --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000af --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b0 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b1 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b2 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b3 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b4 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b5 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b6 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b7 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b8 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000b9 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ba --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000bb --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000bc --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000bd --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000be --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000bf --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c0 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c1 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c3 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c4 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c5 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c6 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c7 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c8 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000c9 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ca --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000cb --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000cc --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000cd --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ce --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000cf --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d0 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d1 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d2 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d3 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d4 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d5 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d7 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d8 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000d9 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000da --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000db --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000dc --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000dd --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000de --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000df --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e0 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e1 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e2 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e3 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e4 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e5 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e6 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e7 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e8 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000e9 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000eb --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ed --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ee --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000ef --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f0 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f1 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f2 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f3 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f4 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f5 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f6 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f7 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f8 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000f9 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000fa --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000fb --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000fc --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000fd --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_0000fe --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000100 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000101 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000102 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000103 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000104 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000105 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000106 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000107 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000108 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000109 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00010a --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00010b --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00010c --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00010d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00010e --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_00010f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000110 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000111 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000112 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000114 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000115 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000116 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000117 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000118 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\f_000119 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\index --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\QuotaManager --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\QuotaManager-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\databases --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\databases\Databases.db --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\databases\Databases.db-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\File System --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\File System\000 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\File System\000\t --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\File System\Origins --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\File System\Origins\000003.log --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\File System\Origins\CURRENT --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\File System\Origins\LOCK --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\File System\Origins\LOG --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\File System\Origins\MANIFEST-000001 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\IndexedDB --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\000003.log --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\CURRENT --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\LOCK --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\LOG --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\IndexedDB\http_www.express.co.uk_0.indexeddb.leveldb\MANIFEST-000001 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\https_c.betrad.com_0.localstorage --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\https_c.betrad.com_0.localstorage-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\https_connexity.net_0.localstorage --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\https_connexity.net_0.localstorage-journal --> [Trojan.Clicker.D]
Infected: c:\users\luke\appdata\local\llssoft\winvmx\data652\local storage\https_secure-ds.serving-sys.com_0.localstorage --> [Trojan.Clicker.D]
Infected: c:\users\luke\appdata\local\llssoft\winvmx\data652\local storage\https_secure-ds.serving-sys.com_0.localstorage-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\https_widgets.outbrain.com_0.localstorage --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\https_widgets.outbrain.com_0.localstorage-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\https_www.accuwebhosting.com_0.localstorage --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\https_www.accuwebhosting.com_0.localstorage-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\http_connexity.net_0.localstorage --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\http_connexity.net_0.localstorage-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\http_renderer.qmerce.com_0.localstorage --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\http_renderer.qmerce.com_0.localstorage-journal --> [Trojan.Clicker.D]
Infected: c:\users\luke\appdata\local\llssoft\winvmx\data652\local storage\http_ul1.dvtps.com_0.localstorage --> [Trojan.Clicker.D]
Infected: c:\users\luke\appdata\local\llssoft\winvmx\data652\local storage\http_ul1.dvtps.com_0.localstorage-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\http_widgets.outbrain.com_0.localstorage --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\http_widgets.outbrain.com_0.localstorage-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\http_www.express.co.uk_0.localstorage --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Local Storage\http_www.express.co.uk_0.localstorage-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash --> [Trojan.Clicker.D]
Infected: c:\users\luke\appdata\local\llssoft\winvmx\data652\pepper data\shockwave flash\419d.tmp --> [Trojan.Clicker.D]
Infected: c:\users\luke\appdata\local\llssoft\winvmx\data652\pepper data\shockwave flash\91ef.tmp --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\H4QAERVP --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\cdn.stickyadstv.com --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\eereader.com --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\efreader.com --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\egreader.com --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys\settings.sol --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com\settings.sol --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys\#eereader.com --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys\#eereader.com\settings.sol --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys\#efreader.com --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys\#efreader.com\settings.sol --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys\#egreader.com --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data652\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\DTZ7Y96B\macromedia.com\support\flashplayer\sys\#egreader.com\settings.sol --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Cookies --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Cookies-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000001 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000002 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000003 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000004 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000005 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000006 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000007 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000008 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000009 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00000a --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00000b --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00000c --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00000e --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00000f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000010 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000011 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000012 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000013 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000014 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000015 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000016 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000017 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000018 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000019 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00001a --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00001b --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00001c --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00001d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00001e --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00001f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000020 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000022 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000023 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000024 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000025 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000026 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000027 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000028 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000029 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00002a --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00002b --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00002c --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00002d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00002e --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00002f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000030 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000031 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000032 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000033 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000034 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000036 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000037 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000038 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000039 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00003a --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00003b --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00003c --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00003d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00003e --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00003f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000041 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000042 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000043 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000044 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000045 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000046 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000047 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000048 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000049 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00004b --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00004c --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00004d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00004e --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00004f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000050 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000051 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000052 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000053 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000054 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000055 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000056 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000057 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000058 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000059 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00005d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00005e --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00005f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000060 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000062 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000063 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000064 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000065 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000066 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000067 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000068 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000069 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00006a --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00006b --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00006c --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00006d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00006e --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00006f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000070 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000071 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000072 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000073 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000074 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00000d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000021 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000035 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00004a --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000061 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000075 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000076 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000077 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000078 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000079 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00007a --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00007b --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00007c --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00007d --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00007e --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_00007f --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000080 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000081 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000082 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000083 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000084 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000085 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000086 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\f_000087 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\index --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\QuotaManager --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\QuotaManager-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Visited Links --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\databases --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\databases\Databases.db --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\databases\Databases.db-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\GPUCache --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\GPUCache\data_0 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\GPUCache\data_1 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\GPUCache\data_2 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\GPUCache\data_3 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\GPUCache\index --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\IndexedDB --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\IndexedDB\http_www.popularmechanics.com_0.indexeddb.leveldb --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\IndexedDB\http_www.popularmechanics.com_0.indexeddb.leveldb\000003.log --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\IndexedDB\http_www.popularmechanics.com_0.indexeddb.leveldb\CURRENT --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\IndexedDB\http_www.popularmechanics.com_0.indexeddb.leveldb\LOCK --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\IndexedDB\http_www.popularmechanics.com_0.indexeddb.leveldb\LOG --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\IndexedDB\http_www.popularmechanics.com_0.indexeddb.leveldb\MANIFEST-000001 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Local Storage --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Local Storage\https_ec-ns.sascdn.com_0.localstorage --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Local Storage\https_ec-ns.sascdn.com_0.localstorage-journal --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\4PCMNWZP --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2 --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\cdn.stickyadstv.com --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\eereader.com --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\efreader.com --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\egreader.com --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys\settings.sol --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys\#cdn.stickyadstv.com\settings.sol --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys\#eereader.com --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys\#eereader.com\settings.sol --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys\#efreader.com --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys\#efreader.com\settings.sol --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys\#egreader.com --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\data676\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\FNLX5RS2\macromedia.com\support\flashplayer\sys\#egreader.com\settings.sol --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\llssoft\winvmx\dump --> [Trojan.Clicker.D]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\dataup --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\dataup\dataup.ini --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\dataup\help_dll.dll --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\dataup\NTSVC.ocx --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\NTService.Control.1 --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1 --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1 --> [Trojan.Clicker]
Infected: HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C} --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\cef.pak --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\cef_100_percent.pak --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\cef_200_percent.pak --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\cef_extensions.pak --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\d3dcompiler_47.dll --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\dbghelp.dll --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\debug.log --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\icudtl.dat --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\libcef.dll --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\libEGL.dll --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\libGLESv2.dll --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\natives_blob.bin --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\snapshot_blob.bin --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\widevinecdm.dll --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\widevinecdmadapter.dll --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\locales --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\locales\en-US.pak --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\svcvmx\locales\zh-CN.pak --> [Trojan.Clicker]
Infected: C:\Users\Luke\AppData\Local\ntuserlitelist\winscr --> [Trojan.Clicker]
Infected: C:\Program Files (x86)\wx0f50xmdn2\cast.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\wx0f50xmdn2 --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\wx0f50xmdn2\8IDSB2JM3YQT3J9.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\wx0f50xmdn2\config.conf --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files (x86)\wx0f50xmdn2\VU228.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\4RLBQKTY99\cast.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\4RLBQKTY99 --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\4RLBQKTY99\4RLBQKTY9.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\4RLBQKTY99\uninstaller.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\I482T6L62U\cast.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\I482T6L62U --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\I482T6L62U\CJPALABPX.exe.config --> [Adware.Tuto4PC.Generic]
Infected: C:\Program Files\I482T6L62U\uninstaller.exe.config --> [Adware.Tuto4PC.Generic]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: E:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:18 PM

Posted 23 July 2017 - 07:55 PM

  • Highlight the entire content of the quote box below.

Start::  
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
C:\Users\Luke\AppData\Local\ntuserlitelist
S2 Dataup; C:\Users\Luke\AppData\Local\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
C:\Windows\System32\drivers\drmkpro64
S2 Dataup; C:\Users\Luke\AppData\Local\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION
2017-07-18 17:18 - 2017-07-18 17:19 - 29131120 _____ (AppTrailers) C:\Users\Luke\AppData\Local\Temp\AppTrailers.9.1.10amt.exe
2017-07-18 17:18 - 2017-07-18 17:18 - 0328160 _____ (WeMonetize                                                  ) C:\Users\Luke\AppData\Local\Temp\CETTK0U.exe
2017-07-18 17:18 - 2017-07-18 17:18 - 1199825 _____ () C:\Users\Luke\AppData\Local\Temp\unins000.exe
2017-07-18 17:18 - 2017-07-18 17:18 - 0680734 _____ (VideoBox                                                    ) C:\Users\Luke\AppData\Local\Temp\vbinst.exe
2017-07-17 18:50 - 2017-07-17 18:51 - 30950664 _____ () C:\Users\Luke\AppData\Local\Temp\vlc-2.2.6-win32.exe
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

iO5EZayK.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 redflgslooklikeflgs

redflgslooklikeflgs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 23 July 2017 - 10:28 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017
Ran by Luke (23-07-2017 23:11:47) Run:1
Running from E:\Desktop
Loaded Profiles: Luke (Available Profiles: Luke)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
C:\Users\Luke\AppData\Local\ntuserlitelist
S2 Dataup; C:\Users\Luke\AppData\Local\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
C:\Windows\System32\drivers\drmkpro64
S2 Dataup; C:\Users\Luke\AppData\Local\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION
2017-07-18 17:18 - 2017-07-18 17:19 - 29131120 _____ (AppTrailers) C:\Users\Luke\AppData\Local\Temp\AppTrailers.9.1.10amt.exe
2017-07-18 17:18 - 2017-07-18 17:18 - 0328160 _____ (WeMonetize                                                  ) C:\Users\Luke\AppData\Local\Temp\CETTK0U.exe
2017-07-18 17:18 - 2017-07-18 17:18 - 1199825 _____ () C:\Users\Luke\AppData\Local\Temp\unins000.exe
2017-07-18 17:18 - 2017-07-18 17:18 - 0680734 _____ (VideoBox                                                    ) C:\Users\Luke\AppData\Local\Temp\vbinst.exe
2017-07-17 18:50 - 2017-07-17 18:51 - 30950664 _____ () C:\Users\Luke\AppData\Local\Temp\vlc-2.2.6-win32.exe
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => key removed successfully
"C:\Users\Luke\AppData\Local\ntuserlitelist" => not found.
Dataup => service not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
"C:\Windows\System32\drivers\drmkpro64" => not found.
Dataup => service not found.
C:\Users\Luke\AppData\Local\Temp\AppTrailers.9.1.10amt.exe => moved successfully
"C:\Users\Luke\AppData\Local\Temp\CETTK0U.exe" => not found.
C:\Users\Luke\AppData\Local\Temp\unins000.exe => moved successfully
C:\Users\Luke\AppData\Local\Temp\vbinst.exe => moved successfully
C:\Users\Luke\AppData\Local\Temp\vlc-2.2.6-win32.exe => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {11FAF916-4EFB-4BA2-8F0B-52378D796AD9}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5648081 B
Java, Flash, Steam htmlcache => 140096564 B
Windows/system/drivers => 286420 B
Edge => 0 B
Chrome => 873263785 B
Firefox => 5173382 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83519 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 70792 B
Luke => 27977091 B
 
RecycleBin => 0 B
EmptyTemp: => 1012 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 23:12:03 ====
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64 
Ran by Luke (Administrator) on Sun 07/23/2017 at 23:17:52.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\end (File) 
Successfully deleted: C:\Windows\wininit.ini (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/23/2017 at 23:20:17.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner 7.0.0.0 - Logfile created on Mon Jul 24 03:23:56 2017
# Updated on 2017/17/07 by Malwarebytes 
# Running on Windows 7 Professional (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\Program Files (x86)\S5
Deleted: C:\Program Files (x86)\AnonymizerGadget
Deleted: C:\Program Files (x86)\AVBoost
Deleted: C:\Users\Luke\AppData\Local\llssoft
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
Deleted: Microsoft\Windows\Windows Error Reporting\ErrorReporting
 
 
***** [ Registry ] *****
 
Deleted: [Key] - HKU\S-1-5-21-2829323167-97675127-1012005819-1000\Software\genesis
Deleted: [Key] - HKCU\Software\genesis
Deleted: [Key] - HKLM\SOFTWARE\NpApp
Deleted: [Key] - HKLM\SOFTWARE\xs
Deleted: [Key] - HKU\S-1-5-21-2829323167-97675127-1012005819-1000\Software\VideoBox
Deleted: [Key] - HKCU\Software\VideoBox
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\s5m
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{59A062A1-5ECA-4A1A-BC44-B2A9283A8ACB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKU\S-1-5-21-2829323167-97675127-1012005819-1000\Software\MICROSOFT\wewewe
Deleted: [Key] - HKCU\Software\MICROSOFT\wewewe
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: AOL - aol.com
SearchProvider deleted: Ask - ask.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [3136 B] - [2017/7/24 3:22:30]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:18 PM

Posted 24 July 2017 - 04:53 PM

How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 redflgslooklikeflgs

redflgslooklikeflgs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 25 July 2017 - 12:14 AM

The random processes seem mostly cleared up, but I'm not sure. I keep seeing "dllhost.exe," and sometimes two or three processes with that name. Google searches in Chrome are still being redirected to Yahoo results, and I've checked the settings (it's set to use google).

 

Should I run FRST and post the log again?



#8 redflgslooklikeflgs

redflgslooklikeflgs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 25 July 2017 - 09:34 AM

Here it is, if it helps.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017
Ran by Luke (administrator) on LUKE-PC (25-07-2017 10:27:41)
Running from E:\Desktop
Loaded Profiles: Luke (Available Profiles: Luke)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\userinit.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Sand Studio) E:\Programs\AirDroid\AirDroid.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Run: [AirDroid 3] => E:\Programs\AirDroid\AirDroid.exe [10223408 2017-06-28] (Sand Studio)
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\MountPoints2: K - K:\setup.exe
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\MountPoints2: {7fbd7e68-e113-11e3-a78c-8f97b0442811} - K:\setup.exe
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\MountPoints2: {cbcd9215-2053-11e6-8751-89338eab2433} - M:\stp-se4.exe
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\MountPoints2: {cbcd9218-2053-11e6-8751-89338eab2433} - M:\setup.exe
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\MountPoints2: {f45084ee-dfc9-11e5-b230-b9335618642a} - L:\LaunchU3.exe -a
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{3D817C84-CC44-4F44-ADD4-49F98BDCCDBC}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{C429DA9F-55EA-4C0D-B23A-42B9B2E413BA}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
 
FireFox:
========
FF DefaultProfile: zw7mdomu.default
FF ProfilePath: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default [2017-07-23]
FF Extension: (Fast search) - C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\zw7mdomu.default\Extensions\amcontextmenu@loucypher [2017-07-18]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - E:\Programs\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - E:\Programs\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-07-23] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> E:\Programs\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> E:\Programs\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> E:\Programs\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://thepiratebay.la/search/%22chaos%20chaos%22/0/99/0
CHR StartupUrls: Default -> "hxxps://1917.rt.com/#!/en/twitter/lenin"
CHR Profile: C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default [2017-07-25]
CHR Extension: (Torrent Search) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2016-08-14]
CHR Extension: (Duolingo on the Web) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2016-02-10]
CHR Extension: (Google Docs) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Language Immersion for Chrome) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2014-04-27]
CHR Extension: (YouTube) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Honey) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-07-25]
CHR Extension: (Adblock Plus) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-12]
CHR Extension: (Google Search) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Read Later Fast) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji [2015-05-14]
CHR Extension: (Adobe Acrobat) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Google Play Music) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-07-18]
CHR Extension: (Full Page Screen Capture) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-09-02]
CHR Extension: (Select and Speak - Text to Speech (SpeakIt!)) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjopfpjmkcfgjpogepmdjmcnihfpokn [2017-07-25]
CHR Extension: (Google Docs Offline) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Eve News24) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\hacenaodinjocbceobidngfdopgcpbjh [2014-04-27]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2016-08-26]
CHR Extension: (Upload to Imgur - Right-click Imgur Uploader) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmpmjpekinnebjgnakcahjikbomnmlb [2017-07-13]
CHR Extension: (Dropbox) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-06-29]
CHR Extension: (Bernie PB) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippaapoiolpdkljaeicdcjilfdimgklb [2016-05-20]
CHR Extension: (PolitEcho) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcindbcjkekiofoogdiohbdleddkpbbm [2017-03-20]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-07-25]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2017-07-17]
CHR Extension: (Logical Increments Field Agent) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfmnmfdickgjlfdjmjnaejgkjeebfadc [2014-04-27]
CHR Extension: (Awesome Screenshot: Screen Video Recorder) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2017-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Launch Readlang Web Reader) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpdkefpnfejbfnmdilmfhephfffmfoh [2017-05-29]
CHR Extension: (Mockingbird Freebooks) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\phnddmkgmlolmdjfkjmfljijkgadkkob [2016-04-25]
CHR Extension: (Gmail) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - E:\Programs\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Disc Soft Lite Bus Service; E:\Programs\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-12] (Disc Soft Ltd)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757040 2017-04-06] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-05-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-05-22] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-21] (Disc Soft Ltd)
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-30] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54344 2016-11-22] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-23 23:21 - 2017-07-25 00:49 - 00000000 ____D C:\AdwCleaner
2017-07-23 19:17 - 2017-07-23 23:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-23 18:37 - 2017-07-25 10:27 - 00000000 ____D C:\FRST
2017-07-22 17:21 - 2017-07-23 05:24 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2017-07-18 17:23 - 2017-07-18 17:23 - 00000218 _____ C:\Users\Luke\AppData\Local\recently-used.xbel
2017-07-18 17:18 - 2017-07-23 20:51 - 00000000 ____D C:\ProgramData\WindowsErrorReporting
2017-07-18 17:18 - 2017-07-23 19:28 - 00000000 ____D C:\Users\Luke\AppData\Local\nxgzb
2017-07-18 17:18 - 2017-07-18 17:24 - 00000000 ____D C:\Users\Luke\AppData\Roaming\gq4ureronjm
2017-07-18 17:18 - 2017-07-18 17:24 - 00000000 ____D C:\Users\Luke\AppData\Roaming\bavb503uyqq
2017-07-18 17:18 - 2017-07-18 17:18 - 00000000 ____D C:\Users\Luke\AppData\Roaming\c
2017-07-18 17:18 - 2017-07-18 17:18 - 00000000 ____D C:\Users\Luke\AppData\Local\CrashRpt
2017-07-18 17:17 - 2017-07-18 17:17 - 00003302 _____ C:\Windows\System32\Tasks\AGProxyCheck
2017-07-18 17:17 - 2017-07-18 17:17 - 00000000 ____D C:\Users\Luke\AppData\Roaming\AGData
2017-07-12 13:51 - 2017-06-30 00:15 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-12 13:51 - 2017-06-29 23:32 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 02319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 02058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-07-12 13:51 - 2017-06-29 22:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-07-12 13:51 - 2017-06-29 22:40 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-12 13:51 - 2017-06-29 22:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 13:51 - 2017-06-29 22:39 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-12 13:51 - 2017-06-29 22:39 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-07-12 13:51 - 2017-06-29 22:38 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-12 13:51 - 2017-06-29 22:38 - 01363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-12 13:51 - 2017-06-29 22:38 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-12 13:51 - 2017-06-29 22:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-12 13:51 - 2017-06-29 22:38 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-07-12 13:51 - 2017-06-29 22:38 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-07-12 13:51 - 2017-06-29 22:38 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-07-12 13:51 - 2017-06-29 22:38 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-07-12 13:51 - 2017-06-29 22:27 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-12 13:51 - 2017-06-29 22:27 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-12 13:51 - 2017-06-29 22:26 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-07-12 13:51 - 2017-06-29 22:26 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-07-12 13:51 - 2017-06-29 02:27 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-12 13:51 - 2017-06-29 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-12 13:51 - 2017-06-29 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-12 13:51 - 2017-06-29 02:04 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-12 13:51 - 2017-06-29 02:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-12 13:51 - 2017-06-29 02:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-12 13:51 - 2017-06-29 02:02 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-12 13:51 - 2017-06-29 02:02 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-12 13:51 - 2017-06-29 02:02 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-12 13:51 - 2017-06-29 01:55 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-12 13:51 - 2017-06-29 01:54 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-12 13:51 - 2017-06-29 01:51 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-12 13:51 - 2017-06-29 01:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-12 13:51 - 2017-06-29 01:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-12 13:51 - 2017-06-29 01:50 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-12 13:51 - 2017-06-29 01:50 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-12 13:51 - 2017-06-29 01:44 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-12 13:51 - 2017-06-29 01:43 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-12 13:51 - 2017-06-29 01:39 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-12 13:51 - 2017-06-29 01:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-12 13:51 - 2017-06-29 01:31 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-12 13:51 - 2017-06-29 01:31 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-12 13:51 - 2017-06-29 01:30 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-12 13:51 - 2017-06-29 01:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-12 13:51 - 2017-06-29 01:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-12 13:51 - 2017-06-29 01:23 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-12 13:51 - 2017-06-29 01:23 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-12 13:51 - 2017-06-29 01:23 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-12 13:51 - 2017-06-29 01:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-12 13:51 - 2017-06-29 01:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-12 13:51 - 2017-06-29 01:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-12 13:51 - 2017-06-29 01:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-12 13:51 - 2017-06-29 01:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-12 13:51 - 2017-06-29 01:19 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-12 13:51 - 2017-06-29 01:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-12 13:51 - 2017-06-29 01:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-12 13:51 - 2017-06-29 01:14 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-12 13:51 - 2017-06-29 01:13 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-12 13:51 - 2017-06-29 01:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-12 13:51 - 2017-06-29 01:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-12 13:51 - 2017-06-29 01:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-12 13:51 - 2017-06-29 01:09 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-12 13:51 - 2017-06-29 01:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-12 13:51 - 2017-06-29 01:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-12 13:51 - 2017-06-29 01:07 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-12 13:51 - 2017-06-29 01:05 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-12 13:51 - 2017-06-29 01:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-12 13:51 - 2017-06-29 01:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-12 13:51 - 2017-06-29 01:00 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-12 13:51 - 2017-06-29 00:58 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-12 13:51 - 2017-06-29 00:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-12 13:51 - 2017-06-29 00:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-12 13:51 - 2017-06-29 00:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-12 13:51 - 2017-06-29 00:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-12 13:51 - 2017-06-29 00:53 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-12 13:51 - 2017-06-29 00:52 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-12 13:51 - 2017-06-29 00:48 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-12 13:51 - 2017-06-29 00:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-12 13:51 - 2017-06-29 00:46 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-12 13:51 - 2017-06-29 00:46 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-12 13:51 - 2017-06-29 00:43 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-12 13:51 - 2017-06-29 00:41 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-12 13:51 - 2017-06-29 00:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-12 13:51 - 2017-06-29 00:28 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-12 13:51 - 2017-06-29 00:24 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-12 13:51 - 2017-06-29 00:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-12 13:51 - 2017-06-22 10:58 - 03223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-12 13:51 - 2017-06-15 16:23 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 13:51 - 2017-06-12 18:54 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-12 13:51 - 2017-06-12 18:54 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-12 13:51 - 2017-06-12 18:54 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-12 13:51 - 2017-06-12 18:49 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 01363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 13:51 - 2017-06-12 18:49 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-12 13:51 - 2017-06-12 18:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-12 13:51 - 2017-06-12 18:29 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-12 13:51 - 2017-06-12 18:29 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-12 13:51 - 2017-06-12 18:29 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-12 13:51 - 2017-06-12 18:29 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-12 13:51 - 2017-06-12 18:29 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-12 13:51 - 2017-06-12 18:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-12 13:51 - 2017-06-12 18:29 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-12 13:51 - 2017-06-12 18:29 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-12 13:51 - 2017-06-12 18:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-12 13:51 - 2017-06-12 18:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-12 13:51 - 2017-06-12 18:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 13:51 - 2017-06-12 18:14 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 13:51 - 2017-06-12 18:14 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 13:51 - 2017-06-12 18:12 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-12 13:51 - 2017-06-12 18:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-12 13:51 - 2017-06-12 18:12 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-12 13:51 - 2017-06-12 18:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-12 13:51 - 2017-06-12 18:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-12 13:51 - 2017-06-12 18:06 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-12 13:51 - 2017-06-12 18:06 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-12 13:51 - 2017-06-12 18:06 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-12 13:51 - 2017-06-12 18:05 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-12 13:51 - 2017-06-10 11:59 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 13:51 - 2017-06-10 11:39 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-12 13:51 - 2017-06-09 11:33 - 01680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 13:51 - 2017-06-06 11:30 - 01867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 13:51 - 2017-06-06 11:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-12 13:51 - 2017-05-30 00:56 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 13:51 - 2017-05-30 00:56 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 13:51 - 2017-05-30 00:56 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-07-12 13:51 - 2017-05-21 00:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-07-12 13:51 - 2017-05-21 00:06 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-07-12 13:51 - 2017-05-16 11:35 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-12 13:51 - 2017-05-16 11:35 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-12 13:51 - 2017-05-16 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-07-12 13:51 - 2017-05-03 11:34 - 00094952 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-12 13:51 - 2017-05-03 11:29 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-12 13:51 - 2017-05-03 09:05 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-12 13:51 - 2017-05-03 09:05 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-12 13:51 - 2017-05-03 09:05 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-12 13:51 - 2017-05-03 09:05 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-12 13:51 - 2017-05-03 09:05 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-12 13:51 - 2017-05-03 09:05 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-12 13:51 - 2017-05-03 09:05 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-12 13:51 - 2017-03-22 22:06 - 01691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-07-09 21:43 - 2017-07-09 21:44 - 00000000 ____D C:\Users\Luke\AppData\Local\SniperElite4
2017-07-09 21:43 - 2017-07-09 21:43 - 00000000 ____D C:\ProgramData\Sniper Elite 4
2017-07-08 21:58 - 2017-07-08 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sniper Elite 4
2017-06-30 23:29 - 2017-06-30 23:29 - 00000000 ____D C:\ProgramData\Age of Empires 3
2017-06-30 23:28 - 2017-06-30 23:28 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Age of Empires III - Complete Collection_unistall
2017-06-30 23:28 - 2017-06-30 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empires III - Complete Collection
2017-06-26 18:15 - 2017-06-26 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 10
2017-06-26 18:15 - 2017-03-23 10:04 - 03547136 _____ C:\Windows\system32\pwNative.exe
2017-06-26 18:15 - 2013-09-30 16:26 - 00019152 _____ C:\Windows\system32\pwdrvio.sys
2017-06-26 18:15 - 2013-09-30 16:26 - 00012504 _____ C:\Windows\system32\pwdspio.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-25 10:27 - 2014-06-08 20:40 - 00000000 __SHD C:\Users\Luke\IntelGraphicsProfiles
2017-07-25 10:27 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-25 00:55 - 2009-07-14 00:45 - 00031104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-25 00:55 - 2009-07-14 00:45 - 00031104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-25 00:54 - 2009-07-14 01:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-25 00:54 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-07-25 00:35 - 2014-08-14 18:48 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-23 23:13 - 2015-03-11 15:36 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-07-23 23:11 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-07-23 23:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-07-23 20:51 - 2015-06-26 14:51 - 00000000 __SHD C:\found.001
2017-07-23 19:15 - 2014-08-14 18:48 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-07-23 09:28 - 2015-05-17 00:44 - 00000000 ____D C:\Users\Luke\AppData\Local\CrashDumps
2017-07-22 16:24 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Performance
2017-07-18 17:58 - 2015-01-09 15:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-07-18 17:23 - 2015-06-21 14:07 - 00000000 ____D C:\Users\Luke\AppData\Roaming\deluge
2017-07-17 19:57 - 2014-04-28 20:35 - 00000000 ____D C:\Users\Luke\AppData\Roaming\vlc
2017-07-16 21:35 - 2014-10-08 19:24 - 00000000 ____D C:\Users\Luke\AppData\Roaming\foobar2000
2017-07-15 12:32 - 2014-05-25 21:28 - 00000000 ____D C:\Windows\Minidump
2017-07-15 12:32 - 2014-05-21 20:27 - 00000000 ____D C:\Users\Luke\AppData\Roaming\DAEMON Tools Lite
2017-07-15 02:41 - 2014-09-29 21:55 - 00000000 ____D C:\Users\Luke\AppData\Local\Spotify
2017-07-15 00:09 - 2014-09-29 21:54 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Spotify
2017-07-13 14:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-07-12 20:45 - 2014-12-10 23:07 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-12 20:45 - 2009-07-14 00:45 - 00386896 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-12 15:40 - 2014-04-27 21:08 - 00000000 ____D C:\Windows\system32\MRT
2017-07-12 15:39 - 2014-04-27 21:08 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-11 15:55 - 2016-10-22 21:37 - 00004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-07-11 15:55 - 2016-01-06 14:37 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-11 15:55 - 2016-01-06 14:37 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-11 15:55 - 2016-01-06 14:37 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-11 15:55 - 2016-01-06 14:37 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-11 15:55 - 2016-01-06 14:37 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-09 00:03 - 2015-05-14 10:36 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-30 23:29 - 2014-05-06 13:26 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-06-30 02:51 - 2014-04-27 21:34 - 00773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-06-28 16:16 - 2014-04-27 23:17 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2013-02-16 23:27 - 2013-02-16 23:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2015-01-26 10:38 - 2015-05-12 10:16 - 0000600 _____ () C:\Users\Luke\AppData\Local\PUTTY.RND
2017-07-18 17:23 - 2017-07-18 17:23 - 0000218 _____ () C:\Users\Luke\AppData\Local\recently-used.xbel
2017-05-17 11:32 - 2017-05-17 11:32 - 0125952 _____ () C:\Users\Luke\AppData\Local\report
2015-03-27 15:23 - 2015-08-05 02:01 - 0007662 _____ () C:\Users\Luke\AppData\Local\Resmon.ResmonCfg
2016-10-22 21:41 - 2016-10-22 21:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-12 00:40
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017
Ran by Luke (25-07-2017 10:27:58)
Running from E:\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-04-27 23:48:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2829323167-97675127-1012005819-500 - Administrator - Disabled)
Guest (S-1-5-21-2829323167-97675127-1012005819-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2829323167-97675127-1012005819-1002 - Limited - Enabled)
Luke (S-1-5-21-2829323167-97675127-1012005819-1000 - Administrator - Enabled) => C:\Users\Luke
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_Origami_is1) (Version: 1.0 - R.G. Origami, Seraph1)
AirDroid 3.3.1.0 (HKLM-x32\...\AirDroid) (Version: 3.3.1.0 - Sand Studio)
AMD Catalyst Install Manager (HKLM\...\{AF88A32E-BC54-2AA3-2FC8-D63D86DF4A7A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
ArcGIS 10.2 for Desktop (HKLM-x32\...\{44EF0455-5764-4158-90B3-CA483BCB1F75}) (Version: 10.2.3348 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.2 for Desktop (HKLM-x32\...\ArcGIS 10.2 for Desktop) (Version: 10.2.3348 - Environmental Systems Research Institute, Inc.)
AVI Splitter (HKLM-x32\...\AVI Splitter_is1) (Version:  - )
Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
BOSS Userlist Manager (HKLM-x32\...\{F0AB569C-99EF-4F4D-992D-2206E354C903}) (Version: 6.7.2 - Surazal)
calibre 64bit (HKLM\...\{D7D0A0C9-6728-4FA3-B611-04FFDB739F97}) (Version: 2.83.0 - Kovid Goyal)
CAM (HKLM-x32\...\{751D9BCF-E66B-42AC-ADF3-66ED78649223}) (Version: 1.1.4 - NZXT)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0156 - Disc Soft Ltd)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version:  - )
Discord (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dogecoin (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Dogecoin) (Version: 1.6.0.0 - Dogecoin)
Dropbox (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
EVE Isk per Hour (HKLM-x32\...\{4A4A176E-F5F4-47D2-9866-2CAF8B09A29D}) (Version: 3.3 - EVE Isk per Hour)
EVE Isk per Hour (HKLM-x32\...\{7A37BE74-5767-407A-8145-098EF7DA02FB}) (Version: 3.3 - EVE IPH)
EVE Online (HKLM-x32\...\{2C60FECF-7254-436F-81A6-BCA9E87760A5}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKLM-x32\...\{7DB2B037-E097-4B03-909D-0431F0250DE0}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKLM-x32\...\{9CFA1749-644E-48EC-B4ED-1BD368198737}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKLM-x32\...\{A556A849-45D4-4F7C-A520-135A060F1A6C}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKLM-x32\...\{BAF7798B-050F-415A-9E84-912C424F747D}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKLM-x32\...\{C680CFD6-1227-46F4-A2F2-0E1FB7402592}) (Version: 3.0.0 - CCP Games Ltd.)
EVE Online (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\{21baeecc-bb92-4eaa-bc13-6d66469e4477}) (Version: 1.0.0 - CCP)
EVE Online (remove only) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
EVEMon (HKLM-x32\...\EVEMon) (Version: 3.0.3 - EVEMon Development Team)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Far Cry Primal (HKLM-x32\...\{80BD47AF-CF13-49B2-99BF-7E78FBA26124}_is1) (Version:  - Ubisoft)
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
foobar2000 v1.3.3 (HKLM-x32\...\foobar2000) (Version: 1.3.3 - Peter Pawlowski)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FreeFileSync 7.7 (HKLM-x32\...\FreeFileSync) (Version: 7.7 - www.FreeFileSync.org)
Git version 2.9.3.2 (HKLM\...\Git_is1) (Version: 2.9.3.2 - The Git Development Community)
GitHub (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\5f7eb300e2ea4ebf) (Version: 3.3.1.0 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
HHD Software Free Hex Editor Neo 6.24 (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 6.24.0.5920 - HHD Software, Ltd.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intergraph Licensing 11.10.1 (HKLM-x32\...\{E61CBFF0-5B9A-4722-AE2D-E5910CA5A1EA}) (Version: 11.10.0100.00201 - Intergraph Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
K-Lite Codec Pack 10.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
LibreOffice 4.4.7.2 (HKLM-x32\...\{94C42982-D118-45DE-B761-3D331428FAB9}) (Version: 4.4.7.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ Compiler Package for Python 2.7 (HKLM-x32\...\{692514A8-5484-45FC-B0AE-BE2DF7A75891}) (Version: 9.0.1.30729 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mortal Kombat X (HKLM-x32\...\Mortal Kombat X_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NetLogo 5.1.0 (HKLM-x32\...\5730-6571-9917-5170) (Version: 5.1.0 - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
Node.js (HKLM\...\{8434AEA1-1294-47E3-9137-848F546CD824}) (Version: 4.4.7 - Node.js Foundation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
Pillars.Of.Eternity.[Royal.v3.04.1165.All.DLC]-ALI213 version 3.04.1165 (HKLM-x32\...\{A355E44B-796E-45D3-99B3-362E75256DDE}}_is1) (Version: 3.04.1165 - Ali213.net)
Pokemon GO Live Map (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\pokemon) (Version: 0.3.3 - Mike Christopher)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
pyfa version 1.28.1 (YC119.3 1.0) (HKLM-x32\...\{3DA39096-C08D-49CD-90E0-1D177F32C8AA}_is1) (Version: 1.28.1 (YC119.3 1.0) - pyfa)
Python 2.7 pycurl-7.43.0 (HKLM-x32\...\pycurl-py2.7) (Version:  - )
Python 2.7 PyYAML-3.11 (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\PyYAML-py2.7) (Version:  - )
Python 2.7 reverence-1.5.0 (HKLM-x32\...\reverence-py2.7) (Version:  - )
Python 2.7 reverence-1.8.0 (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\reverence-py2.7) (Version:  - )
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games)
RuneScape Launcher 2.2.2 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.2 - Jagex Ltd)
Sid Meiers Civilization VI Proper (HKLM\...\c2lkbWVpZXJzY2l2aWxpemF0aW9udmk_is1) (Version: 1 - )
Sniper Elite 4 (HKLM\...\Sniper Elite 4_is1) (Version: 1.0 - )
Spotify (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
Star Citizen Launcher (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 2.0.0.2 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.76421 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.0.0.1 - GOG.com)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Blood and Wine (HKLM-x32\...\Blood and Wine_is1) (Version: 1.21.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.0.12.0 - GOG.com)
Universal Media Server (HKLM-x32\...\Universal Media Server) (Version: 5.3.1 - Universal Media Server)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-2829323167-97675127-1012005819-1000\...\WinDirStat) (Version:  - )
WinRAR 5.10 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.3 - win.rar GmbH)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.2.20130217 - Xilisoft)
Yawcam 0.5.0 (HKLM-x32\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version: 0.5.0 - Yawcam)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{182FB546-8596-4CEF-9CB5-E9505BF7F628}\InprocServer32 -> E:\Programs\Hex Editor\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{6DB27B2E-87AC-4354-927A-AD711A0ED77E}\InprocServer32 -> E:\Programs\Hex Editor\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{A244CEC5-DB63-4ED9-B0D7-A0527C064113}\InprocServer32 -> E:\Programs\Hex Editor\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{AE1514A4-5D7D-4D1B-BC7F-320E6962B0DD}\InprocServer32 -> E:\Programs\Hex Editor\FileDocument.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{B845012A-F05A-4EC8-816D-B033183B9CA5}\InprocServer32 -> E:\Programs\Hex Editor\hhdhexneo.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{F350F7C1-9F0E-4A97-8EEC-E690C7095BEF}\InprocServer32 -> E:\Programs\Hex Editor\PatchAPI\dll\x64\hexpatch64.dll (HHD Software Ltd.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2829323167-97675127-1012005819-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-15] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-15] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-15] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Programs\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)
ContextMenuHandlers01: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => E:\Programs\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Programs\Notepad++\NppShell_05.dll [2012-06-18] ()
ContextMenuHandlers01: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers01: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ContextMenuHandlers01: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => E:\Programs\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Programs\WinRAR\rarext.dll [2014-04-25] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers02: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers02: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => E:\Programs\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Programs\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers03: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Programs\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)
ContextMenuHandlers04: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers04: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-15] ()
ContextMenuHandlers04: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => E:\Programs\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers04: [WMPShellExt] -> {A2CF4243-6525-4764-B3F5-2FCDE2F47989} =>  -> No File
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-08-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-09] (Intel Corporation)
ContextMenuHandlers05: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2015-08-09] (Intel Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Programs\7-Zip\7-zip.dll [2015-01-03] (Igor Pavlov)
ContextMenuHandlers06: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => E:\Programs\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => E:\Programs\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers06: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => E:\Programs\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Programs\WinRAR\rarext.dll [2014-04-25] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers1_S-1-5-21-2829323167-97675127-1012005819-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2829323167-97675127-1012005819-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2829323167-97675127-1012005819-1000: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll [2014-06-24] (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1BC844E0-850E-4D64-9F10-E04DAB2DA740} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {2B722D9F-9ECA-4B60-8822-95C07C6CB590} - System32\Tasks\AGProxyCheck => C:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove]
Task: {2C3D58A9-38E8-489B-8F35-1BE176B0E2F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {5CE59C4C-CB7C-4D0D-826B-C33BEF11E073} - System32\Tasks\{19A59D09-F635-4BA4-B25C-EBA8DB5AE042} => C:\Windows\system32\pcalua.exe -a C:\Users\Luke\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
Task: {6E03092E-C68D-4914-8166-879A2F977B0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6EAC00B3-5F18-4BA0-A747-C7B4F8416A66} - System32\Tasks\Update Manager => C:\Users\Luke\AppData\Roaming\Pillars.Of.Eternity.[Royal.v3.04.1165.All.DLC]-ALI213\Upgrade.exe
Task: {89E210A4-8973-43BA-81BF-67CAD0E8BAEE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {8E760976-057E-4938-9ECD-C3721D160812} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {D3C47F5F-9279-4BC5-B5EC-B7FD09ECE2F5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {DC1E7EC8-6ACB-4E06-A591-6535E770EAA8} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {E657A2C0-B30C-4A23-AD9E-87FE909B25C6} - \PastaQuotes -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 32-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Luke\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86"
ShortcutWithArgument: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Luke\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" amd64"
ShortcutWithArgument: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Cross Tools Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Luke\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86_amd64"
ShortcutWithArgument: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-06-30 04:23 - 2016-11-15 11:24 - 00592384 _____ () C:\Users\Luke\AppData\Local\MEGAsync\ShellExtX64.dll
2015-03-29 06:25 - 2015-03-29 06:25 - 00043480 _____ () E:\Programs\FileZilla FTP Client\fzshellext_64.dll
2014-01-25 02:22 - 2015-08-09 05:50 - 00404376 _____ () C:\Windows\system32\igfxTray.exe
2016-03-23 02:16 - 2017-06-28 10:51 - 09042648 _____ () E:\Programs\AirDroid\Android.dll
2016-03-23 02:13 - 2017-06-28 10:51 - 00644312 _____ () E:\Programs\AirDroid\System.Data.SQLite.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2017-07-23 23:11 - 00000035 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Universal Media Server.lnk => C:\Windows\pss\Universal Media Server.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Luke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Luke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "E:\Programs\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AnonymizerGadget => "C:\Users\Luke\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe" /S /startup --ppapi-flash-path=./pepflashplayer.dll /source:1687 /subsource:
MSCONFIG\startupreg: CAM => E:\Programs\NZXT\CAM\CAM_Client.exe -autostart
MSCONFIG\startupreg: DAEMON Tools Lite => "E:\Programs\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "E:\Programs\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: Discord => C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: Spotify => "C:\Users\Luke\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Luke\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: WinampAgent => E:\Programs\Winamp\winampa.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{9D5892D2-C6D5-4241-BEF4-77B2E7F01944}E:\programs\airdroid\airdroid.exe] => (Block) E:\programs\airdroid\airdroid.exe
FirewallRules: [UDP Query User{1C348082-4F58-49C5-BB64-0253975D2710}E:\programs\airdroid\airdroid.exe] => (Block) E:\programs\airdroid\airdroid.exe
FirewallRules: [TCP Query User{6ECD0F74-DB8D-492B-91CC-A707AED24C2A}E:\programs\airdroid\airdroid.exe] => (Block) E:\programs\airdroid\airdroid.exe
FirewallRules: [UDP Query User{859A98D6-010A-4652-BA35-4243B598EF04}E:\programs\airdroid\airdroid.exe] => (Block) E:\programs\airdroid\airdroid.exe
FirewallRules: [TCP Query User{83A18EF0-E677-4EA6-A145-BF00639CE86C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{D10B246E-CAD7-4C75-AF42-394FCF43DB18}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
 
==================== Restore Points =========================
 
23-07-2017 19:28:06 Malwarebytes Anti-Rootkit Restore Point
23-07-2017 19:28:16 Windows Update
23-07-2017 23:17:53 JRT Pre-Junkware Removal
25-07-2017 00:51:14 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/25/2017 10:27:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/25/2017 12:50:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/25/2017 12:49:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/25/2017 12:32:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/24/2017 04:53:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/24/2017 12:24:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/23/2017 11:25:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/23/2017 11:23:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/23/2017 11:13:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (07/25/2017 01:03:13 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.249.174.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiSpyware
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.14003.0
 
Error code: 0x80072ee2
 
Error description: The operation timed out
 
Error: (07/25/2017 01:03:13 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.249.174.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.14003.0
 
Error code: 0x80072ee2
 
Error description: The operation timed out
 
Error: (07/25/2017 12:50:34 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 117.2.0.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: Network Inspection System
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 2.1.13804.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (07/25/2017 12:50:34 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.247.989.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiSpyware
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13903.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (07/25/2017 12:50:34 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.247.989.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13903.0
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (07/25/2017 12:50:34 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.247.989.0
 
Update Source: Microsoft Update Server
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13903.0
 
Error code: 0x8024402c
 
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
 
Error: (07/25/2017 12:49:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (07/25/2017 12:49:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (07/25/2017 12:49:54 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (07/25/2017 12:49:54 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.247.989.0
 
Update Source: Microsoft Update Server
 
Update Stage: Download
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.13903.0
 
Error code: 0x8024001e
 
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 8076.9 MB
Available physical RAM: 6104.46 MB
Total Virtual: 16151.99 MB
Available Virtual: 14075.07 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.57 GB) (Free:28.11 GB) NTFS
Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:164.89 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (LastResort) (Fixed) (Total:15.54 GB) (Free:15.45 GB) NTFS
Drive h: () (Fixed) (Total:273.3 GB) (Free:202.08 GB) NTFS
Drive i: (Windows 7) (Fixed) (Total:307.23 GB) (Free:186.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AAD9AF44)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 27964956)
Partition 1: (Not Active) - (Size=15.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=273.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=307.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:18 PM

Posted 25 July 2017 - 11:42 AM

  • Highlight the entire content of the quote box below.

Start::  
Task: {E657A2C0-B30C-4A23-AD9E-87FE909B25C6} - \PastaQuotes -> No File <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers04: [WMPShellExt] -> {A2CF4243-6525-4764-B3F5-2FCDE2F47989} =>  -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {E657A2C0-B30C-4A23-AD9E-87FE909B25C6} - \PastaQuotes -> No File <==== ATTENTION
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
65MBhLLb.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

Edited by JSntgRvr, 25 July 2017 - 12:03 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 redflgslooklikeflgs

redflgslooklikeflgs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 25 July 2017 - 02:38 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017
Ran by Luke (25-07-2017 15:12:00) Run:2
Running from E:\Desktop
Loaded Profiles: Luke (Available Profiles: Luke)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
  
Task: {E657A2C0-B30C-4A23-AD9E-87FE909B25C6} - \PastaQuotes -> No File <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers04: [WMPShellExt] -> {A2CF4243-6525-4764-B3F5-2FCDE2F47989} =>  -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
Task: {E657A2C0-B30C-4A23-AD9E-87FE909B25C6} - \PastaQuotes -> No File <==== ATTENTION
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
 
*****************
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E657A2C0-B30C-4A23-AD9E-87FE909B25C6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E657A2C0-B30C-4A23-AD9E-87FE909B25C6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes => key not found. 
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\WMPShellExt => key removed successfully
HKLM\Software\Classes\CLSID\{A2CF4243-6525-4764-B3F5-2FCDE2F47989} => key not found. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found. 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E657A2C0-B30C-4A23-AD9E-87FE909B25C6} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PastaQuotes => key not found. 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= RemoveProxy: =========
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2829323167-97675127-1012005819-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {C67512EF-DE5F-42CB-8354-6CDA5A72A7AE}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4419200 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 81306 B
Edge => 0 B
Chrome => 23173440 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 15622 B
Luke => 3145353 B
 
RecycleBin => 0 B
EmptyTemp: => 37.4 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:12:15 ====
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64 
Ran by Luke (Administrator) on Tue 07/25/2017 at 15:16:36.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/25/2017 at 15:19:06.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner 7.0.0.0 - Logfile created on Tue Jul 25 19:23:01 2017
# Updated on 2017/17/07 by Malwarebytes 
# Running on Windows 7 Professional (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
No malicious registry entries deleted.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: AOL - aol.com
SearchProvider deleted: Ask - ask.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [2871 B] - [2017/7/24 3:23:56]
C:/AdwCleaner/AdwCleaner[C1].txt - [1452 B] - [2017/7/25 4:49:44]
C:/AdwCleaner/AdwCleaner[S0].txt - [3136 B] - [2017/7/24 3:22:30]
C:/AdwCleaner/AdwCleaner[S1].txt - [1433 B] - [2017/7/25 4:49:30]
C:/AdwCleaner/AdwCleaner[S2].txt - [1401 B] - [2017/7/25 19:22:22]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########
 
My google searches in Chrome are still being redirected to Yahoo. Other than that, things seem to be ok, about how they were after I ran the first set of scans.


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:18 PM

Posted 25 July 2017 - 05:43 PM

In your position I would remove and reinstall chrome. Let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 redflgslooklikeflgs

redflgslooklikeflgs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 25 July 2017 - 07:03 PM

I reinstalled Chrome and it's still redirecting my searches. 



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:18 PM

Posted 26 July 2017 - 09:48 AM

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.
  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.
Post the ESET log.txt report.

Don't forget to re-enable previously switched-off protection software!

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:18 PM

Posted 28 July 2017 - 09:49 AM

Are you still with us?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 redflgslooklikeflgs

redflgslooklikeflgs
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 28 July 2017 - 12:51 PM

I'm sorry, I thought I had replied. I ran ESET, but accidentally got ahead of myself and went through the list and cleaned out the unwanted files. My computer seems to be working now though, no browser redirects, and no strange processes running.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users