CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://mail.google.com; hxxps://maranhesduve.club; hxxps://photos.google.com; hxxps://robotcaptcha2.info; hxxps://web.whatsapp.com; hxxps://www.instagram.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1425245053&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX91A743J2453J245
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1425245053&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX91A743J2453J245","hxxp://www.mystartsearch.com/?type=hppp&ts=1425245075&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX91A743J2453J245","hxxps://www.google.com/"
REG: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}\0003\Ndi\IHVExtensions" /v ExtensibilityDLL /f
REG: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}\0003" /s
CMD: sc config ClickToRunSvc start= disabled
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: