Jump to content

Need help removing adware and trojans that keep coming back


Recommended Posts

I have been using the free version of malwarebytes to remove viruses on my computer, but every time i restart or wait for a while they eventually come back. It just slows down my internet and opens up tabs on chrome that can't be closed.

 

Edited by andresanchez
Spelling errors
Link to post
Share on other sites

  • Root Admin

Hello @andresanchez and :welcome:

Please run the following for me.

Please download Malwarebytes Anti-Rootkit from HERE
If needed there is a self help tutorial here: MBAR tutorial

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

 

Link to post
Share on other sites

Scan #1: mbar-log-2017-03-09 (12-40-42)

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.03.09.07
  rootkit: v2017.02.27.01

Windows 10 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.576.14393.0
Andre :: ANDRE-PC [administrator]

3/9/2017 12:40:42 PM
mbar-log-2017-03-09 (12-40-42).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 510167
Time elapsed: 56 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{92889103-ea02-4951-bf2c-7bd255013d66}|NameServer (Trojan.DNSChanger.ACMB2) -> Data: 82.163.143.176 82.163.142.178 -> Delete on reboot. [5e9d844306a2a6909fca27b4cf34817f]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{9b38e1e4-0c41-459e-8a00-d94fa8c79878}|NameServer (Trojan.DNSChanger.ACMB2) -> Data: 82.163.143.176 82.163.142.178 -> Delete on reboot. [c7340eb9a7017fb7c5a4dcff996ae719]

Registry Data Items Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer (Trojan.DNSChanger.ACMB2) -> Bad: (82.163.143.176 82.163.142.178) Good: (8.8.8.8) -> Replace on reboot. [a4577552a503d165410573ba60a448b8]

Folders Detected: 1
C:\ProgramData\{15EDB1DD-A246-0676-00F3-1E72EEAFB15A} (Adware.Agent.Generic) -> Delete on reboot. [e2194d7abdeb1e18f0dd323620e042be]

Files Detected: 2
C:\ProgramData\b227994e\e8d3091a.dll (Adware.Elex) -> Delete on reboot. [55a68443f3b5eb4b2112c73d9c65619f]
C:\ProgramData\{15EDB1DD-A246-0676-00F3-1E72EEAFB15A}\A7E3C713-1048-70B8-96DD-82B496B0ADB0.exe (Adware.Agent.Generic) -> Delete on reboot. [e2194d7abdeb1e18f0dd323620e042be]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

Scan #2: mbar-log-2017-03-09 (13-53-16)

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.03.09.07
  rootkit: v2017.02.27.01

Windows 10 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.576.14393.0
Andre :: ANDRE-PC [administrator]

3/9/2017 1:53:16 PM
mbar-log-2017-03-09 (13-53-16).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 510046
Time elapsed: 56 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

system-log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.576.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.500000 GHz
Memory total: 8565469184, free: 4104523776

Downloaded database version: v2017.03.03.07
Downloaded database version: v2017.02.27.01
Downloaded database version: v2017.02.15.02
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     03/03/2017 01:49:45
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\minbq.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\jeqipx.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Windows\system32\drivers\BSMEM.sys
\??\C:\Windows\system32\drivers\SMIBIOS64.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\evolve.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmpag.sys
\SystemRoot\System32\DriverStore\FileRepository\c0309377.inf_amd64_7ab08912e1e1da0a\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\parport.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\efe5b32e.sys
\SystemRoot\System32\drivers\1394ohci.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\AtihdWT6.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\nvtcam.sys
\SystemRoot\System32\Drivers\STREAM.SYS
\SystemRoot\System32\Drivers\NVTCAMD2.SYS
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\drivers\CM10864.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tsusbhub.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\mqac.sys
\??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.03.03.07
  rootkit: v2017.02.27.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe600746ec060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe6007466cae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe600746ec060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe6007448f9b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe60074493060, DeviceName: \Device\Ide\IdeDeviceP1T1L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4C426083

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 975642624
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 975849472  Numsec = 921600
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507ded2cb4f7f4c\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcr90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscoree.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcr80.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\opengl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\glu32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ddraw.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NapiNSP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpnsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winrnr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mqsvc.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MpCmdRun.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MSASCuiL.exe" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.321_none_baab3cb4359688b4\GdiPlus.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\atlthunk.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptdll.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxva2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dsound.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\avrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hid.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdmo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\traffic.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wmiclnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MFWMAAEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Speech\Common\sapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devenum.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devenum.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ksproxy.ax" is sparse (flags = 32768)
File "C:\Windows\System32\ksproxy.ax" is sparse (flags = 32768)
File "C:\Windows\System32\ksuser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Kswdmcap.ax" is sparse (flags = 32768)
File "C:\Windows\System32\mfc42.dll" is sparse (flags = 32768)
File "C:\Windows\System32\odbc32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\quartz.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wpnapps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rmclient.dll" is sparse (flags = 32768)
File "C:\Windows\System32\xmllite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERMGRCLI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERMGRCLI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mlang.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcGenral.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcGenral.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ninput.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.MEDIA.MEDIACONTROL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.MEDIA.MEDIACONTROL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netprofm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\npmproxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshqos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSHTCPIP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wship6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETWORKEXPLORER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETWORKEXPLORER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcp90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcacli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devrtl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MFREADWRITE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFREADWRITE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\avifil32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvfw32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MFTRANSCODE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFTRANSCODE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mfcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxdiagn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\D3D12.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winbrand.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dinput8.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdmaud.drv" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.drv" is sparse (flags = 32768)
File "C:\Windows\System32\midimap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XINPUT1_4.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XINPUT1_4.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCP47LANGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCP47LANGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fontsub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fontsub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\INSTALLAGENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\INSTALLAGENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\INSTALLAGENTUSERBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\INSTALLAGENTUSERBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthprops.cpl" is sparse (flags = 32768)
File "C:\Windows\System32\winusb.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BITSPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BITSPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\shdocvw.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Windows Defender\MpOAV.dll" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFH264ENC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFH264ENC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVP9DEC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVP9DEC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mstask.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\BACKGROUNDTASKHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\BACKGROUNDTASKHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\COMPATTELRUNNER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\COMPATTELRUNNER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\wab.exe" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppVStrm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\registry.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\csc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssecflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tsusbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tsusbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mqac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UEVAGENTDRIVER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AGENTSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\xusb22.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\xusb22.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appmgmts.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\irmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PEERDISTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\iisw3adm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\w3logsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Users\Andre\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F506E099BCCA6CB0BAAA2BA9C1D38254EA96FBD0.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F506E099BCCA6CB0BAAA2BA9C1D38254EA96FBD0.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F506E099BCCA6CB0BAAA2BA9C1D38254EA96FBD0.bin.83" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-975849472-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 11.576.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.500000 GHz
Memory total: 8565469184, free: 7029157888

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 11.576.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.500000 GHz
Memory total: 8565469184, free: 6983278592

Downloaded database version: v2017.03.09.07
Downloaded database version: v2017.02.27.01
Downloaded database version: v2017.03.05.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     03/09/2017 12:40:31
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\isapnp.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\pcmcia.sys
\SystemRoot\System32\drivers\bxvbda.sys
\SystemRoot\System32\drivers\vmbus.sys
\SystemRoot\System32\drivers\NDIS.SYS
\SystemRoot\System32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\hvsocket.sys
\SystemRoot\System32\drivers\vmbkmcl.sys
\SystemRoot\System32\drivers\winhv.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\intelide.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\sdbus.sys
\SystemRoot\System32\drivers\evbda.sys
\SystemRoot\System32\drivers\nvraid.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorV.sys
\SystemRoot\System32\drivers\vstxraid.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\3ware.sys
\SystemRoot\System32\drivers\amdsata.sys
\SystemRoot\System32\drivers\amdxata.sys
\SystemRoot\System32\drivers\amdsbs.sys
\SystemRoot\System32\drivers\arcsas.sys
\SystemRoot\System32\drivers\iaStorAV.sys
\SystemRoot\System32\drivers\lsi_sas.sys
\SystemRoot\System32\drivers\lsi_sas2i.sys
\SystemRoot\System32\drivers\lsi_sas3i.sys
\SystemRoot\System32\drivers\lsi_sss.sys
\SystemRoot\System32\drivers\megasas.sys
\SystemRoot\System32\drivers\megasr.sys
\SystemRoot\System32\drivers\mvumis.sys
\SystemRoot\System32\drivers\nvstor.sys
\SystemRoot\System32\drivers\percsas2i.sys
\SystemRoot\System32\drivers\percsas3i.sys
\SystemRoot\System32\drivers\SiSRaid2.sys
\SystemRoot\System32\drivers\sisraid4.sys
\SystemRoot\System32\drivers\stexstor.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\vsmraid.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\stornvme.sys
\SystemRoot\System32\drivers\MegaSas2i.sys
\SystemRoot\System32\drivers\ADP80XX.SYS
\SystemRoot\System32\drivers\HpSAMD.sys
\SystemRoot\System32\drivers\EhStorTcgDrv.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\storvsc.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\drivers\vmstorfl.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\System32\drivers\uaspstor.sys
\SystemRoot\System32\drivers\storufs.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\sdstor.sys
\SystemRoot\System32\drivers\scmbus.sys
\SystemRoot\System32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\evolve.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\efe5b32e.sys
\SystemRoot\System32\drivers\1394ohci.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.03.09.07
  rootkit: v2017.02.27.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff8d83cddde060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff8d83cdddf040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff8d83cddde060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffff8d83cda16bb0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff8d83cda45600, DeviceName: \Device\Ide\IdeDeviceP1T1L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4C426083

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 975642624
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 975849472  Numsec = 921600
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507ded2cb4f7f4c\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\ctfmon.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\HelpPane.exe" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcGenral.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcGenral.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ninput.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hid.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\atlthunk.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthprops.cpl" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\shdocvw.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Windows Defender\MpOAV.dll" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Speech\Common\sapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdmo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\avrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdmaud.drv" is sparse (flags = 32768)
File "C:\Windows\System32\ksuser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fontsub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fontsub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dxva2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ddraw.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMSETTINGSBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\msdt.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SDIAGNHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SDIAGNHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MSASCuiL.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\wab.exe" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppVStrm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\registry.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\csc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssecflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tsusbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tsusbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\mqsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mqac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UEVAGENTDRIVER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AGENTSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\xusb22.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\xusb22.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appmgmts.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\irmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PEERDISTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\iisw3adm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\w3logsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Infected: C:\ProgramData\b227994e\e8d3091a.dll --> [Adware.Elex]
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-678EC50CF924992FE9F6E4115A9101B99F657BCF.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-678EC50CF924992FE9F6E4115A9101B99F657BCF.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-678EC50CF924992FE9F6E4115A9101B99F657BCF.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-678EC50CF924992FE9F6E4115A9101B99F657BCF.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-678EC50CF924992FE9F6E4115A9101B99F657BCF.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-678EC50CF924992FE9F6E4115A9101B99F657BCF.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-678EC50CF924992FE9F6E4115A9101B99F657BCF.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-678EC50CF924992FE9F6E4115A9101B99F657BCF.bin.83" is compressed (flags = 1)
Infected: C:\ProgramData\{15EDB1DD-A246-0676-00F3-1E72EEAFB15A}\A7E3C713-1048-70B8-96DD-82B496B0ADB0.exe --> [Adware.Agent.Generic]
Infected: C:\ProgramData\{15EDB1DD-A246-0676-00F3-1E72EEAFB15A} --> [Adware.Agent.Generic]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{92889103-ea02-4951-bf2c-7bd255013d66}|NameServer --> [Trojan.DNSChanger.ACMB2]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{9b38e1e4-0c41-459e-8a00-d94fa8c79878}|NameServer --> [Trojan.DNSChanger.ACMB2]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer --> [Trojan.DNSChanger.ACMB2]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action reg.exe...
Success!
Queuing an action reg.exe
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 11.576.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.500000 GHz
Memory total: 8565469184, free: 7202889728

=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     03/09/2017 13:53:05
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\isapnp.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\pcmcia.sys
\SystemRoot\System32\drivers\bxvbda.sys
\SystemRoot\System32\drivers\vmbus.sys
\SystemRoot\System32\drivers\NDIS.SYS
\SystemRoot\System32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\hvsocket.sys
\SystemRoot\System32\drivers\vmbkmcl.sys
\SystemRoot\System32\drivers\winhv.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\intelide.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\sdbus.sys
\SystemRoot\System32\drivers\evbda.sys
\SystemRoot\System32\drivers\nvraid.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorV.sys
\SystemRoot\System32\drivers\vstxraid.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\3ware.sys
\SystemRoot\System32\drivers\amdsata.sys
\SystemRoot\System32\drivers\amdxata.sys
\SystemRoot\System32\drivers\amdsbs.sys
\SystemRoot\System32\drivers\arcsas.sys
\SystemRoot\System32\drivers\iaStorAV.sys
\SystemRoot\System32\drivers\lsi_sas.sys
\SystemRoot\System32\drivers\lsi_sas2i.sys
\SystemRoot\System32\drivers\lsi_sas3i.sys
\SystemRoot\System32\drivers\lsi_sss.sys
\SystemRoot\System32\drivers\megasas.sys
\SystemRoot\System32\drivers\megasr.sys
\SystemRoot\System32\drivers\mvumis.sys
\SystemRoot\System32\drivers\nvstor.sys
\SystemRoot\System32\drivers\percsas2i.sys
\SystemRoot\System32\drivers\percsas3i.sys
\SystemRoot\System32\drivers\SiSRaid2.sys
\SystemRoot\System32\drivers\sisraid4.sys
\SystemRoot\System32\drivers\stexstor.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\vsmraid.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\stornvme.sys
\SystemRoot\System32\drivers\MegaSas2i.sys
\SystemRoot\System32\drivers\ADP80XX.SYS
\SystemRoot\System32\drivers\HpSAMD.sys
\SystemRoot\System32\drivers\EhStorTcgDrv.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\storvsc.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\drivers\vmstorfl.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\System32\drivers\uaspstor.sys
\SystemRoot\System32\drivers\storufs.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\sdstor.sys
\SystemRoot\System32\drivers\scmbus.sys
\SystemRoot\System32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\evolve.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\efe5b32e.sys
\SystemRoot\System32\drivers\1394ohci.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\drivers\AtihdWT6.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\system32\drivers\CM10864.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-975849472-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
Done!

Scan started
Database versions:
  main:    v2017.03.09.07
  rootkit: v2017.02.27.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffc78e1d70e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffc78e1d70f040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffc78e1d70e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffc78e1d40cbb0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffc78e1d40f060, DeviceName: \Device\Ide\IdeDeviceP1T1L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4C426083

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 975642624
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 975849472  Numsec = 921600
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507ded2cb4f7f4c\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\ctfmon.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\HelpPane.exe" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcGenral.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcGenral.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ninput.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hid.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\atlthunk.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthprops.cpl" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fontsub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fontsub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dxva2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ddraw.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MSASCuiL.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\wab.exe" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppVStrm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\registry.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\csc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssecflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tsusbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tsusbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\mqsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mqac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UEVAGENTDRIVER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AGENTSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\xusb22.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\xusb22.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appmgmts.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\irmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PEERDISTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\iisw3adm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\w3logsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-678EC50CF924992FE9F6E4115A9101B99F657BCF.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-678EC50CF924992FE9F6E4115A9101B99F657BCF.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-678EC50CF924992FE9F6E4115A9101B99F657BCF.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-678EC50CF924992FE9F6E4115A9101B99F657BCF.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-678EC50CF924992FE9F6E4115A9101B99F657BCF.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-678EC50CF924992FE9F6E4115A9101B99F657BCF.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-678EC50CF924992FE9F6E4115A9101B99F657BCF.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-678EC50CF924992FE9F6E4115A9101B99F657BCF.bin.83" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-975849472-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

 

Link to post
Share on other sites

  • Root Admin

Great, okay. Please run the following.

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 10 Pro x64 
Ran by Andre (Limited) on Fri 03/10/2017 at 10:43:30.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 7 

Successfully deleted: C:\end (File) 
Successfully deleted: C:\ProgramData\b227994e (Folder) 
Successfully deleted: C:\ProgramData\microleaves (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\coupons (Folder) 
Successfully deleted: C:\Users\Andre\Appdata\LocalLow\company (Folder) 
Successfully deleted: C:\Users\Andre\AppData\Roaming\microleaves (Folder) 
Successfully deleted: C:\Users\Andre\AppData\Roaming\wyupdate au (Folder) 

Deleted the following from C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\goaab931.default\prefs.js
user_pref(extensions.5E3xGHvWE8K.scode, (function(){try{if(window.location.href.indexOf(\rjg4qTwHpjaHrHn8qTrGpjkEqjk\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.com\
user_pref(extensions.AsMdhAI6.scode, (function(){try{if(window.location.href.indexOf(\rjg4qTwHpjaHrHn8qTrGpjkEqjk\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.com\,\
user_pref(extensions.XRSZZmXpWew.scode, (function(){try{if(window.location.href.indexOf(\rjg4qTwHpjaHrHn8qTrGpjkEqjk\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.com\
user_pref(extensions.sUKDpGSf.scode, (function(){try{if(window.location.href.indexOf(\rjg4qTwHpjaHrHn8qTrGpjkEqjk\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.com\,\

Registry: 1 

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_CDE9B9A3C1D351C05B61B6CB536D0894 (Registry Value) 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/10/2017 at 10:48:55.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

AdwCleaner[C0]:

# AdwCleaner v6.044 - Logfile created 10/03/2017 at 10:53:01
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-10.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Andre - ANDRE-PC
# Running from : C:\Users\Andre\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[-] Folder deleted: C:\Program Files (x86)\Cain
[-] Folder deleted: C:\Program Files (x86)\AnonymizerGadget


***** [ Files ] *****

[-] File deleted: C:\Users\Andre\AppData\Local\Microsoft\Internet Explorer\DOMStore\WUQPOQYN\free.mapsgalaxy[1].xml
[-] File deleted: C:\Users\Andre\AppData\Local\Microsoft\Internet Explorer\DOMStore\WIYEBOBL\mapsgalaxy.dl.myway[1].xml


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\free.mapsgalaxy.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mapsgalaxy.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mapsgalaxy.dl.myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKU\.DEFAULT\Software\Auslogics
[-] Key deleted: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\Software\cain
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Auslogics
[#] Key deleted on reboot: HKCU\Software\cain
[-] Key deleted: HKLM\SOFTWARE\Better Surf Plus
[-] Key deleted: HKLM\SOFTWARE\Better-Surf
[-] Key deleted: HKLM\SOFTWARE\Universal
[-] Key deleted: HKLM\SOFTWARE\MaxPower
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[#] Key deleted on reboot: [x64] HKCU\Software\cain
[-] Key deleted: [x64] HKLM\SOFTWARE\Microleaves
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\connectdlc5.ourtoolbar.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ourtoolbar.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\connectdlc5.ourtoolbar.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ourtoolbar.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [chromebrowser]
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E


***** [ Web browsers ] *****

[-] [C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6] [extension] Deleted: lipgolpfajiadodbcbljdpmbmbdmfcil


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5175 Bytes] - [10/03/2017 10:53:01]
C:\AdwCleaner\AdwCleaner[R0].txt - [16599 Bytes] - [06/01/2015 19:13:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [16239 Bytes] - [06/01/2015 19:15:32]
C:\AdwCleaner\AdwCleaner[S1].txt - [5269 Bytes] - [10/03/2017 10:52:16]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5469 Bytes] ##########
 

Sophos:

NO THREATS FOUND

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
Ran by Andre (administrator) on ANDRE-PC (10-03-2017 19:30:00)
Running from C:\Users\Andre\Desktop
Loaded Profiles: Andre (Available Profiles: Andre & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Spotify Ltd) C:\Users\Andre\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Hammer & Chisel, Inc.) C:\Users\Andre\AppData\Local\Discord\app-0.0.297\Discord.exe
(Spotify Ltd) C:\Users\Andre\AppData\Roaming\Spotify\Spotify.exe
(Hammer & Chisel, Inc.) C:\Users\Andre\AppData\Local\Discord\app-0.0.297\Discord.exe
(Spotify Ltd) C:\Users\Andre\AppData\Roaming\Spotify\Spotify.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Cisco) C:\Users\Andre\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Andre\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
(Spotify Ltd) C:\Users\Andre\AppData\Roaming\Spotify\Spotify.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_ep64.exe
(Hammer & Chisel, Inc.) C:\Users\Andre\AppData\Local\Discord\app-0.0.297\Discord.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5459\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.8423\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8423\Battle.net Helper.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8423\Battle.net Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-17] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-28] (Raptr, Inc)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-04-05] (Plays.tv, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\Run: [Google Update] => C:\Users\Andre\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\Run: [Facebook Update] => C:\Users\Andre\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-07] (Facebook Inc.)
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\Run: [Spotify Web Helper] => C:\Users\Andre\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-09] (Spotify Ltd)
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\Run: [Dropbox Update] => C:\Users\Andre\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\Run: [Discord] => C:\Users\Andre\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\Run: [Spotify] => C:\Users\Andre\AppData\Roaming\Spotify\Spotify.exe [7114352 2017-03-09] (Spotify Ltd)
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-09] (Valve Corporation)
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [4006464 2017-01-31] (GOG.com)
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\Run: [VideoGuardMonitor] => C:\Users\Andre\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [4155656 2016-06-29] (Cisco)
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-07] (Piriform Ltd)
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\Run: [GoogleChromeAutoLaunch_CDE9B9A3C1D351C05B61B6CB536D0894] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)
Startup: C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-06]
ShortcutTarget: Dropbox.lnk -> C:\Users\Andre\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.5.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{92889103-ea02-4951-bf2c-7bd255013d66}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{969000c0-e6d9-40b3-a007-b1b11fc796da}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9b38e1e4-0c41-459e-8a00-d94fa8c79878}: [DhcpNameServer] 192.168.1.254 192.168.5.1

Internet Explorer:
==================
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\goaab931.default [2017-03-10]
FF Extension: (EnjeoyCOuupon) - C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\goaab931.default\Extensions\cfjabzlm@obdeoui.com [2015-08-23] [not signed]
FF Extension: (SNT) - C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\goaab931.default\Extensions\eeiy.0eeya@uaaii-ye.co.uk [2015-08-23] [not signed]
FF Extension: (YoutubeAdblocker) - C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\goaab931.default\Extensions\oeua7a@jt-jt.edu [2015-08-23] [not signed]
FF Extension: (AllSaVeer) - C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\goaab931.default\Extensions\t0u9ra_mjd@yaey-yeou.com [2015-08-23] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha253\ff [not found]
FF Extension: (No Name) - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta422\ff [not found]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1683591815-2567676410-1637038616-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Andre\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1683591815-2567676410-1637038616-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Andre\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1683591815-2567676410-1637038616-1000: @talk.google.com/O1DPlugin -> C:\Users\Andre\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1683591815-2567676410-1637038616-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Andre\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1683591815-2567676410-1637038616-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Andre\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1683591815-2567676410-1637038616-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Andre\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1683591815-2567676410-1637038616-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-02-17] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Andre\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Andre\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Nightly\firefox.exe

Chrome: 
=======
CHR DefaultProfile: Profile 6
CHR Profile: C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6 [2017-03-10]
CHR Extension: (Bejeweled) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2013-08-06]
CHR Extension: (BetterTTV) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-11-26]
CHR Extension: (Google Docs) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-10]
CHR Extension: (Google Drive) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-10-10]
CHR Extension: (Audiotool) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2015-08-05]
CHR Extension: (YouTube) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (uBlock Origin) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-09]
CHR Extension: (Google Search) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-27]
CHR Extension: (A Journey through Middle-earth) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2014-11-22]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\gjknjjomckknofjidppipffbpoekiipm [2017-02-23]
CHR Extension: (WarLight) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\hiikfoplnkjhoiafgmcobenlfnbphbee [2015-10-10]
CHR Extension: (Center'd - Center the new YT) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\kkgjcknlnbcciacdklmnafmfcfjnpcja [2015-10-10]
CHR Extension: (F.B. Purity For Facebook) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2016-07-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Agario) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\opdiopijpijeidpfdflpnjiobiocjldd [2015-10-10]
CHR Extension: (Gmail) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR Extension: (That's Pretty Good (iDubbbzTV)) - C:\Users\Andre\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pnidecdngnainebcfbmebgpkmnmljdng [2016-02-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-13] (Advanced Micro Devices, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-02-23] ()
S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123096 2015-01-19] (altPUG LLC)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-12-06] (Fork Ltd.) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-09] (EasyAntiCheat Ltd)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-07-21] (Echobit LLC)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [284736 2017-01-31] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2017-01-31] (GOG.com)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-10-16] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-10-16] (Electronic Arts)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-04-05] (Plays.tv, LLC)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALSysIO; C:\Users\Andre\AppData\Local\Temp\ALSysIO64.sys [25064 2017-01-14] (Arthur Liberman) <==== ATTENTION
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0311199.inf_amd64_71ef621a77f87d8c\atikmdag.sys [32699288 2017-02-20] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0311199.inf_amd64_71ef621a77f87d8c\atikmpag.sys [525208 2017-02-20] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-12-07] (Advanced Micro Devices)
R1 BIOS_SMI_DRIVER; C:\Windows\system32\drivers\SMIBIOS64.sys [13912 2013-08-31] ()
R1 BSMEM; C:\Windows\system32\drivers\BSMEM.sys [29344 2013-06-13] (BIOSTAR Group)
R1 BSMEM; C:\Windows\SysWOW64\drivers\BSMEM.sys [17024 2013-06-13] (BIOSTAR Group) [File not signed]
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-30] (Windows (R) Win 7 DDK provider)
R3 DCamUSBNovatek; C:\WINDOWS\System32\Drivers\nvtcam.sys [2746624 2010-07-14] (Hewlett-Packard)
R3 E100B; C:\WINDOWS\System32\drivers\efe5b32e.sys [182656 2016-07-16] (Intel Corporation)
R3 EvolveVirtualAdapter; C:\WINDOWS\System32\drivers\evolve.sys [21656 2014-06-27] (Echobit, LLC)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 RZSURROUNDVADService; C:\WINDOWS\System32\drivers\RzSurroundVAD.sys [40640 2015-02-08] (Windows (R) Win 7 DDK provider)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 tapoas; C:\WINDOWS\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
S0 nsxaqyhw; System32\drivers\cpeba.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-10 19:30 - 2017-03-10 19:30 - 00028956 _____ C:\Users\Andre\Desktop\FRST.txt
2017-03-10 19:29 - 2017-03-10 19:30 - 00000000 ____D C:\FRST
2017-03-10 11:32 - 2017-03-10 11:32 - 00000000 ____D C:\ProgramData\Sophos
2017-03-10 11:25 - 2017-03-10 11:25 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-03-10 11:25 - 2017-03-10 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-03-10 11:25 - 2017-03-10 11:25 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-03-10 11:15 - 2017-03-10 11:15 - 00003124 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2017-03-10 11:09 - 2017-03-10 10:53 - 00005604 _____ C:\Users\Andre\Desktop\AdwCleaner[C0].txt
2017-03-10 10:48 - 2017-03-10 10:49 - 163564984 _____ (Sophos Limited) C:\Users\Andre\Desktop\Sophos Virus Removal Tool.exe
2017-03-10 10:48 - 2017-03-10 10:48 - 02423808 _____ (Farbar) C:\Users\Andre\Desktop\FRST64.exe
2017-03-10 10:48 - 2017-03-10 10:48 - 00001943 _____ C:\Users\Andre\Desktop\JRT.txt
2017-03-10 10:47 - 2017-03-10 10:47 - 04031440 _____ C:\Users\Andre\Desktop\AdwCleaner.exe
2017-03-10 10:42 - 2017-03-10 10:42 - 01663736 _____ (Malwarebytes) C:\Users\Andre\Desktop\JRT (1).exe
2017-03-10 00:18 - 2017-03-10 00:18 - 00003972 _____ C:\WINDOWS\System32\Tasks\{D069EF6B-67C2-58C0-7242-43B071524588}
2017-03-10 00:18 - 2017-03-10 00:18 - 00000000 ____D C:\ProgramData\{3875139E-8FDE-A435-5F99-4287C4BF4CA5}
2017-03-09 20:36 - 2017-03-09 20:36 - 00000000 ____D C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-09 12:37 - 2017-03-09 12:37 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Andre\Downloads\mbar-1.09.3.1001 (1).exe
2017-03-05 13:13 - 2017-03-05 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-03-05 13:12 - 2017-03-05 13:12 - 00003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2017-03-05 13:12 - 2017-03-05 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2017-03-05 12:58 - 2017-03-05 13:07 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-03-03 01:58 - 2017-03-03 01:59 - 00845388 _____ C:\Users\Andre\Documents\cc_20170303_015833.reg
2017-03-03 01:49 - 2017-03-10 10:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-03 01:48 - 2017-03-09 14:50 - 00000000 ____D C:\Users\Andre\Desktop\mbar
2017-03-03 01:48 - 2017-03-03 01:48 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Andre\Downloads\mbar-1.09.3.1001.exe
2017-03-03 01:48 - 2017-03-03 01:48 - 00002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-03-03 01:48 - 2017-03-03 01:48 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-03 01:48 - 2017-03-03 01:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-03 01:48 - 2017-03-03 01:48 - 00000000 ____D C:\Program Files\CCleaner
2017-03-03 01:47 - 2017-03-03 01:47 - 09261616 _____ (Piriform Ltd) C:\Users\Andre\Downloads\ccsetup527.exe
2017-03-02 15:17 - 2017-03-02 15:20 - 00002336 _____ C:\Users\Andre\Desktop\Google Chrome.lnk
2017-02-28 00:18 - 2017-03-10 00:18 - 00003882 _____ C:\WINDOWS\System32\Tasks\{A1D0577D-45E3-A7DD-5D8A-33062845F254}
2017-02-20 19:55 - 2017-02-20 19:55 - 00000000 ____D C:\Users\Andre\AppData\Roaming\Trimble Connect for SketchUp
2017-02-20 19:50 - 2017-02-20 19:50 - 00000000 ____D C:\Users\Andre\AppData\Roaming\SketchUp
2017-02-20 19:48 - 2017-02-20 19:48 - 00002235 _____ C:\Users\Public\Desktop\Style Builder 2017.lnk
2017-02-20 19:48 - 2017-02-20 19:48 - 00002149 _____ C:\Users\Public\Desktop\LayOut 2017.lnk
2017-02-20 19:48 - 2017-02-20 19:48 - 00002060 _____ C:\Users\Public\Desktop\SketchUp 2017.lnk
2017-02-20 19:48 - 2017-02-20 19:48 - 00000000 ____D C:\ProgramData\Reprise
2017-02-20 19:48 - 2017-02-20 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2017
2017-02-20 19:47 - 2017-02-20 19:47 - 00000000 ____D C:\ProgramData\SketchUp
2017-02-20 19:47 - 2017-02-20 19:47 - 00000000 ____D C:\Program Files\SketchUp
2017-02-20 19:36 - 2017-02-20 19:37 - 155205312 _____ (Trimble, Inc.) C:\Users\Andre\Downloads\SketchUpMake-en-x64.exe
2017-02-20 03:45 - 2017-02-20 03:45 - 00029080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2017-02-20 03:45 - 2017-02-20 03:45 - 00029080 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2017-02-20 03:44 - 2017-02-20 03:44 - 00924056 _____ (AMD) C:\WINDOWS\system32\coinst_16.60.dll
2017-02-20 03:44 - 2017-02-20 03:44 - 00145304 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2017-02-20 03:44 - 2017-02-20 03:44 - 00119192 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2017-02-20 03:43 - 2017-02-20 03:43 - 02504088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2017-02-20 03:43 - 2017-02-20 03:43 - 00951192 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2017-02-20 03:43 - 2017-02-20 03:43 - 00411032 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2017-02-20 03:43 - 2017-02-20 03:43 - 00149504 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2017-02-20 03:43 - 2017-02-20 03:43 - 00110488 _____ C:\WINDOWS\system32\atidxx64.dll
2017-02-20 03:42 - 2017-02-20 03:42 - 09880984 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2017-02-20 03:42 - 2017-02-20 03:42 - 00121240 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-20 03:42 - 2017-02-20 03:42 - 00112024 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-02-20 03:42 - 2017-02-20 03:42 - 00108440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2017-02-20 03:42 - 2017-02-20 03:42 - 00096152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2017-02-20 03:41 - 2017-02-20 03:41 - 00091544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2017-02-20 03:40 - 2017-02-20 03:40 - 00891800 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2017-02-20 03:40 - 2017-02-20 03:40 - 00716184 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2017-02-20 03:40 - 2017-02-20 03:40 - 00075160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2017-02-20 03:39 - 2017-02-20 03:39 - 00256920 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2017-02-20 03:39 - 2017-02-20 03:39 - 00229784 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2017-02-20 03:39 - 2017-02-20 03:39 - 00119736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2017-02-20 03:38 - 2017-02-20 03:38 - 00474984 _____ C:\WINDOWS\system32\amdmiracast.dll
2017-02-20 03:38 - 2017-02-20 03:38 - 00151448 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2017-02-20 03:38 - 2017-02-20 03:38 - 00124920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2017-02-20 03:38 - 2017-02-20 03:38 - 00119736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2017-02-20 03:38 - 2017-02-20 03:38 - 00112960 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2017-02-20 03:38 - 2017-02-20 03:38 - 00102032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2017-02-19 21:05 - 2017-02-19 21:05 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2017-02-19 21:05 - 2017-02-19 21:05 - 00154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2017-02-19 21:05 - 2017-02-19 21:05 - 00120880 _____ C:\WINDOWS\system32\kapp_ci.sbin
2017-02-19 21:05 - 2017-02-19 21:05 - 00114704 _____ C:\WINDOWS\system32\kapp_si.sbin
2017-02-19 21:05 - 2017-02-19 21:05 - 00020580 _____ C:\WINDOWS\system32\AMDKernelEvents.man
2017-02-19 21:05 - 2017-02-19 21:05 - 00000144 _____ C:\WINDOWS\system32\amd-vulkan64.json
2017-02-17 22:49 - 2017-02-17 22:49 - 07541328 _____ C:\Users\Andre\Downloads\Randall Jumping.mp4
2017-02-16 18:06 - 2017-02-16 18:06 - 00000000 ____D C:\Users\Andre\AppData\LocalLow\Cisco
2017-02-16 18:06 - 2017-02-16 18:06 - 00000000 ____D C:\Users\Andre\AppData\Local\Cisco
2017-02-16 18:04 - 2017-02-16 18:05 - 48275464 _____ (Cisco Systems, Inc) C:\Users\Andre\Downloads\CiscoVideoGuard.6.7.exe
2017-02-14 12:53 - 2017-02-14 12:53 - 00079433 _____ C:\Users\Andre\Documents\JL Essay #1.rar
2017-02-14 12:19 - 2017-02-14 12:19 - 00081416 _____ C:\Users\Andre\Downloads\JL Essay #1 (1).pdf
2017-02-14 12:01 - 2017-02-14 12:01 - 00081416 _____ C:\Users\Andre\Documents\JL Essay #1.pdf
2017-02-14 11:58 - 2017-02-14 11:58 - 00081416 _____ C:\Users\Andre\Downloads\JL Essay #1.pdf
2017-02-13 19:20 - 2017-02-13 19:20 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-02-13 19:20 - 2017-02-13 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-12 17:37 - 2017-02-12 17:37 - 00146234 _____ C:\Users\Andre\Downloads\3RD.pdf
2017-02-12 17:35 - 2017-02-12 17:35 - 00081606 _____ C:\Users\Andre\Downloads\1ST.pdf
2017-02-12 15:02 - 2017-02-12 15:02 - 00000000 ____D C:\Users\Andre\AppData\Local\GalaxyCommunicationService
2017-02-12 14:58 - 2017-02-12 14:58 - 00000000 ____D C:\Users\Andre\AppData\LocalLow\CDProjektRED
2017-02-12 14:58 - 2017-02-12 14:58 - 00000000 ____D C:\ProgramData\CDProjekt RED
2017-02-12 14:15 - 2017-02-16 17:24 - 00001429 _____ C:\Users\Public\Desktop\Gwent.lnk
2017-02-12 14:15 - 2017-02-16 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-02-12 14:15 - 2017-02-12 14:15 - 00001114 _____ C:\Users\Public\Desktop\GOG Galaxy.lnk
2017-02-12 14:15 - 2017-02-12 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gwent [GOG.com]
2017-02-12 14:13 - 2017-02-12 14:15 - 00000000 ____D C:\Program Files (x86)\GOG Galaxy
2017-02-12 14:13 - 2017-02-12 14:13 - 00000000 ____D C:\ProgramData\GOG.com
2017-02-12 14:12 - 2017-02-12 14:13 - 150851336 _____ (GOG.com ) C:\Users\Andre\Downloads\setup_gwent_1.1.27.1_en.exe
2017-02-12 14:12 - 2017-02-12 14:12 - 00000064 _____ C:\Users\Andre\Downloads\gogGalaxy.auth
2017-02-10 19:59 - 2017-02-10 20:01 - 00000000 ____D C:\Users\Andre\Downloads\Game.of.Thrones.S02.720p.BluRay.x264.ShAaNiG

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-10 19:28 - 2014-07-08 19:09 - 00000000 ____D C:\Users\Andre\AppData\Local\Battle.net
2017-03-10 19:03 - 2016-09-17 08:54 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-10 15:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-10 15:28 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-10 12:21 - 2015-04-26 10:51 - 00000000 ____D C:\Users\Andre\AppData\Roaming\Spotify
2017-03-10 12:16 - 2016-04-17 18:34 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-03-10 11:15 - 2014-07-08 19:08 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-10 11:14 - 2016-07-28 00:03 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-10 11:07 - 2015-04-26 10:51 - 00000000 ____D C:\Users\Andre\AppData\Local\Spotify
2017-03-10 11:06 - 2013-12-02 17:22 - 00000000 ____D C:\Users\Andre\AppData\Roaming\Raptr
2017-03-10 11:03 - 2016-09-17 09:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-10 11:02 - 2016-07-15 22:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-03-10 10:59 - 2015-01-06 19:13 - 00000000 ____D C:\AdwCleaner
2017-03-10 10:56 - 2016-11-06 11:08 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-03-10 10:55 - 2016-09-17 08:59 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-03-09 20:36 - 2015-01-05 14:35 - 00000000 ____D C:\Users\Andre\AppData\Roaming\Dropbox
2017-03-09 17:58 - 2015-10-21 16:53 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2017-03-09 13:53 - 2015-01-06 19:34 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-09 13:52 - 2015-01-06 19:33 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-03-09 13:42 - 2014-06-22 07:24 - 00000000 ____D C:\WINDOWS\pss
2017-03-09 12:42 - 2014-03-15 02:11 - 00000000 ____D C:\Users\Andre\AppData\Local\ElevatedDiagnostics
2017-03-05 20:22 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-05 13:13 - 2016-09-17 08:58 - 00000000 ____D C:\Program Files\AMD
2017-03-05 13:12 - 2013-12-02 16:52 - 00000000 ____D C:\ProgramData\AMD
2017-03-05 13:07 - 2016-10-26 17:50 - 00000000 ____D C:\Users\Andre\AppData\LocalLow\AMD
2017-03-05 13:06 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-05 13:04 - 2016-04-25 12:29 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-05 12:56 - 2013-12-02 16:42 - 00000000 ____D C:\AMD
2017-03-05 02:23 - 2016-09-17 09:04 - 00000000 ____D C:\Users\Andre
2017-03-03 18:49 - 2016-09-17 08:54 - 04966960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-03 18:49 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\System
2017-03-03 18:48 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\appcompat
2017-03-02 18:29 - 2016-07-24 22:37 - 00000000 ____D C:\Users\Andre\AppData\Local\HearthSim
2017-03-02 14:29 - 2016-07-16 03:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-03-02 14:29 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\IME
2017-03-02 00:07 - 2016-12-02 17:15 - 00000000 ____D C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
2017-03-02 00:07 - 2016-12-02 17:15 - 00000000 ____D C:\Users\Andre\AppData\Local\HearthstoneDeckTracker
2017-03-02 00:07 - 2016-07-15 00:12 - 00002542 _____ C:\Users\Andre\Desktop\Hearthstone Deck Tracker.lnk
2017-03-02 00:07 - 2016-03-23 17:28 - 00000000 ____D C:\Users\Andre\AppData\Local\SquirrelTemp
2017-03-01 14:29 - 2013-01-30 07:23 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-28 01:20 - 2013-02-19 15:50 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-28 01:19 - 2015-09-10 17:14 - 00000000 ____D C:\WINDOWS\jre
2017-02-27 23:42 - 2016-03-20 10:31 - 00000000 ____D C:\Users\Andre\Desktop\Hearthstone Screenshots
2017-02-22 23:04 - 2015-11-18 13:21 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 19:07 - 2013-09-28 10:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-22 19:03 - 2013-02-02 11:37 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-21 17:44 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-20 03:45 - 2017-01-25 01:29 - 00290712 _____ C:\WINDOWS\system32\dgtrayicon.exe
2017-02-20 03:45 - 2017-01-25 01:29 - 00284056 _____ C:\WINDOWS\system32\GameManager64.dll
2017-02-20 03:45 - 2017-01-25 01:29 - 00276376 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2017-02-20 03:45 - 2017-01-25 01:29 - 00248728 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2017-02-20 03:45 - 2017-01-25 01:29 - 00242072 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2017-02-20 03:45 - 2017-01-25 01:29 - 00169368 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2017-02-20 03:45 - 2017-01-25 01:29 - 00143768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2017-02-20 03:45 - 2017-01-25 01:29 - 00138136 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2017-02-20 03:45 - 2017-01-25 01:29 - 00117656 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2017-02-20 03:44 - 2017-01-25 01:29 - 00277912 _____ C:\WINDOWS\system32\clinfo.exe
2017-02-20 03:44 - 2017-01-25 01:29 - 00211864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2017-02-20 03:44 - 2017-01-25 01:29 - 00185240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2017-02-20 03:44 - 2017-01-25 01:29 - 00126360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2017-02-20 03:44 - 2016-09-13 21:08 - 00298904 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2017-02-20 03:43 - 2017-01-25 01:29 - 02185624 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2017-02-20 03:43 - 2017-01-25 01:29 - 01261976 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2017-02-20 03:43 - 2017-01-25 01:29 - 00951192 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2017-02-20 03:43 - 2017-01-25 01:29 - 00467352 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2017-02-20 03:43 - 2017-01-25 01:29 - 00239000 _____ C:\WINDOWS\system32\atieah64.exe
2017-02-20 03:43 - 2017-01-25 01:29 - 00216984 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2017-02-20 03:43 - 2017-01-25 01:29 - 00145872 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2017-02-20 03:43 - 2017-01-25 01:29 - 00098200 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2017-02-20 03:43 - 2017-01-25 01:29 - 00068504 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2017-02-20 03:43 - 2016-09-13 21:08 - 00535960 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2017-02-20 03:42 - 2017-01-25 01:29 - 07928216 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2017-02-20 03:39 - 2017-01-25 01:28 - 00102032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2017-02-20 03:38 - 2017-01-25 01:28 - 00135280 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2017-02-19 21:05 - 2016-11-21 16:55 - 00782216 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2017-02-19 21:05 - 2016-11-21 16:55 - 00782216 _____ C:\WINDOWS\system32\atiapfxx.blb
2017-02-19 21:05 - 2016-11-21 16:46 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2017-02-19 21:05 - 2015-12-15 12:54 - 00000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json
2017-02-17 23:45 - 2013-03-17 14:15 - 00000000 ____D C:\Users\Andre\AppData\Local\Ubisoft Game Launcher
2017-02-14 11:51 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-14 11:51 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-13 19:20 - 2013-01-30 07:15 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-12 14:40 - 2016-09-17 08:59 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-10 20:46 - 2016-07-25 14:36 - 00000000 ____D C:\Users\Andre\AppData\Roaming\qBittorrent

==================== Files in the root of some directories =======

2015-07-29 12:30 - 2015-07-17 19:21 - 0000336 _____ () C:\Program Files\update-GameOfThrones.bat
2015-07-29 12:30 - 2014-05-25 03:38 - 0000732 _____ () C:\Program Files\visit-www.nosteam.ro.html
2014-02-02 10:26 - 2016-10-09 21:13 - 0000132 _____ () C:\Users\Andre\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-09-22 16:35 - 2014-09-22 16:35 - 0000132 _____ () C:\Users\Andre\AppData\Roaming\Adobe Targa Format CS6 Prefs
2017-01-09 00:08 - 2017-01-09 00:08 - 0000001 _____ () C:\Users\Andre\AppData\Roaming\EXEuPP
2013-03-06 18:56 - 2013-03-06 18:56 - 0703117 _____ () C:\Users\Andre\AppData\Roaming\technic-launcher.jar
2013-07-07 10:41 - 2013-07-07 11:52 - 0000040 _____ () C:\Users\Andre\AppData\Roaming\TheHunterSettings_live.cfg
2013-02-01 20:55 - 2015-11-26 21:13 - 0010752 _____ () C:\Users\Andre\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-22 22:23 - 2014-07-22 22:24 - 1065984 _____ () C:\Users\Andre\AppData\Local\file__0.localstorage
2014-11-08 16:50 - 2014-11-08 16:50 - 0000000 ___SH () C:\Users\Andre\AppData\Local\LumaEmu
2013-12-07 22:07 - 2013-12-07 22:07 - 0000218 _____ () C:\Users\Andre\AppData\Local\recently-used.xbel
2013-07-26 12:20 - 2013-07-26 12:20 - 0007605 _____ () C:\Users\Andre\AppData\Local\Resmon.ResmonCfg
2015-05-13 15:23 - 2015-05-15 14:21 - 0002079 _____ () C:\ProgramData\HirezPipeError.txt
2015-01-06 17:16 - 2015-01-06 17:16 - 0001697 _____ () C:\ProgramData\tempimage.bmp

Some files in TEMP:
====================
2017-01-09 00:14 - 2017-01-09 00:14 - 0458745 _____ () C:\Users\Andre\AppData\Local\Temp\component.exe
2017-01-09 00:08 - 2017-01-09 00:10 - 1851678 _____ () C:\Users\Andre\AppData\Local\Temp\cpa.exe
2017-01-09 00:13 - 2017-01-09 00:13 - 0016384 _____ (DoxX) C:\Users\Andre\AppData\Local\Temp\cubecc.exe
2017-01-09 01:57 - 2017-01-09 00:14 - 11581544 _____ (SurfRight B.V.) C:\Users\Andre\AppData\Local\Temp\HitmanPro.exe
2016-10-19 17:29 - 2016-10-19 17:29 - 0737856 _____ (Oracle Corporation) C:\Users\Andre\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-19 17:46 - 2017-01-19 17:47 - 0739904 _____ (Oracle Corporation) C:\Users\Andre\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-02-04 15:30 - 2017-02-04 15:30 - 6441176 _____ (Black Tree Gaming                                           ) C:\Users\Andre\AppData\Local\Temp\Nexus Mod Manager-0.63.13.exe
2016-12-11 12:51 - 2016-12-11 12:53 - 6453608 _____ (Black Tree Gaming                                           ) C:\Users\Andre\AppData\Local\Temp\Nexus Mod Manager-0.63.9.exe
2017-01-09 00:08 - 2017-01-09 00:08 - 0020480 _____ (PixelPower) C:\Users\Andre\AppData\Local\Temp\wait.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-10 10:17

==================== End of FRST.txt ============================

Additions:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017
Ran by Andre (10-03-2017 19:39:10)
Running from C:\Users\Andre\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-17 17:37:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1683591815-2567676410-1637038616-500 - Administrator - Disabled)
Andre (S-1-5-21-1683591815-2567676410-1637038616-1000 - Administrator - Enabled) => C:\Users\Andre
DefaultAccount (S-1-5-21-1683591815-2567676410-1637038616-503 - Limited - Disabled)
Guest (S-1-5-21-1683591815-2567676410-1637038616-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1683591815-2567676410-1637038616-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield™ 1 Open Beta (HKLM-x32\...\{F9E19363-7B10-4F8A-8640-945C36D4B504}) (Version: 1.0.8.10777 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty: Black Ops II - Multiplayer (HKLM\...\Steam App 202990) (Version:  - Treyarch)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
CEVO CS:GO Client Beta version 1.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 1.0 - )
Cisco VideoGuard Player (HKLM-x32\...\{28145961-299d-4f61-88d6-ff9ea46bd919}) (Version: 6.7 - Cisco Systems, Inc)
Cobalt (HKLM-x32\...\Cobalt) (Version:  - )
Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Discord (HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Dropbox (HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
Dxtory version 2.0.112 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.112 - Dxtory Software)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fallout 4 (HKLM\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Fallout Shelter (HKLM-x32\...\Fallout Shelter) (Version:  - Bethesda Softworks)
Fallout: New Vegas (HKLM\...\Steam App 22380) (Version:  - Obsidian Entertainment)
ForceBindIP (HKLM-x32\...\ForceBindIP) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free MKV Player version 1.0 (HKLM-x32\...\{138FE2EF-B1A5-40E1-A385-B771BF75E86D}_is1) (Version: 1.0 - mkvcodec.com)
Game Dev Tycoon version 1.4.5 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.4.5 - Greenheart Games Pty. Ltd.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GRID 2 (HKLM\...\Steam App 44350) (Version:  - Codemasters Racing)
Gwent (HKLM-x32\...\1971477531_is1) (Version: 2.0.0.0 - GOG.com)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\HearthstoneDeckTracker) (Version: 1.1.7 - HearthSim)
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
JC2-MP version 0.0.15 (Build 493) (HKLM-x32\...\{7F12FECB-1D75-42D7-9074-D6FEA6D91E65}_is1) (Version: 0.0.15 (Build 493) - )
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech)
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
Logitech SetPoint 5.20 (HKLM\...\{D3120436-1358-4253-9EB2-257FFE8CE1D9}) (Version: 5.20 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Matroska Pack (HKLM-x32\...\Matroska Pack) (Version:  - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 22.0a1 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
MSI Afterburner 2.1.0 (HKLM-x32\...\Afterburner) (Version: 2.1.0 - MSI Co., LTD)
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
Next Video Converter version 4.0.3 (HKLM-x32\...\{752EC6FD-1CEB-409B-AEF5-A297943102EA}_is1) (Version: 4.0.3 - NextVideoSoft Inc.)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.13 - Black Tree Gaming)
Nightly 22.0a1 (x86 en-US) (HKLM-x32\...\Nightly 22.0a1 (x86 en-US)) (Version: 22.0a1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{ed403d2f-05b4-4365-92bc-76d34cb0e5c9}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PlanetSide 2 (HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.9.2-r111395-release - Plays.tv, LLC)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
qBittorrent 3.3.9 (HKLM-x32\...\qBittorrent) (Version: 3.3.9 - The qBittorrent project)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
Rust (HKLM\...\Steam App 252490) (Version:  - Facepunch Studios)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Sid Meiers Civilization VI Proper (HKLM\...\c2lkbWVpZXJzY2l2aWxpemF0aW9udmk_is1) (Version: 1 - )
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\Spotify) (Version: 1.0.50.41368.gbd68dbef - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{F3AD20BF-50E0-41F0-9A2D-D88F87DF6E30}) (Version: 6.1.6.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (x32 Version: 14.102.25619 - Microsoft) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Elder Scrolls Legends (HKLM-x32\...\The Elder Scrolls Legends) (Version:  - Bethesda Softworks)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version:  - Bethesda Game Studios)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
This War of Mine (HKLM-x32\...\aa864570-a5e4-4ace-97f6-175079665488) (Version:  - 11BJ1)
Tseries BIOS Update (HKLM-x32\...\{E8626A59-FD0E-449C-A23A-C52FC0733629}) (Version:  - )
Twitch Launcher (HKLM-x32\...\Twitch Launcher 1.0.0) (Version: 1.0.0 - Twitch)
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.36.0 - Microsoft Corporation) Hidden
Unity Web Player (HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
USB PnP Sound Device (HKLM\...\C-Media CM108 Like Sound Driver) (Version:  - )
User's Guides (HKLM\...\{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}) (Version: 1.20.0000 - Logitech)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
VTFEdit 1.2.5 (HKLM-x32\...\VTFEdit_is1) (Version:  - Neil Jedrzejewski & Ryan Gregg)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.3 - Wrye & Wrye Bash Development Team)
x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) (HKLM-x32\...\x264vfw64) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andre\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Andre\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andre\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Andre\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {004614A6-3B23-4FAC-A733-EE484E0C861B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {01F2E85A-5ED1-4CAC-908C-88366B1A191A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683591815-2567676410-1637038616-1000UA1d1e92b2dbaf58e => C:\Users\Andre\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {04F1AF62-40AA-4041-9AD3-07BC27D59AC0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683591815-2567676410-1637038616-1000Core => C:\Users\Andre\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {06B37191-1D82-47C8-B36B-1F2159A6C7A1} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {081D0FF2-693C-4C53-8AA9-E3F5F93B419F} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {0C01B387-CF94-4C80-A484-9C34CBF46DAD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683591815-2567676410-1637038616-1000UA1d257e7b311f1d9 => C:\Users\Andre\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {0CE6C0D5-10CA-4B74-A554-6ED1D799FAAC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683591815-2567676410-1637038616-1000Core1d1e92b2d964447 => C:\Users\Andre\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {0D27C111-801D-4D14-A2A8-CBD60D169AA4} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {10CCF457-41C3-4E2B-82D9-FDD6AD926120} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {130B7F47-DFFD-4F47-883D-333E347EC9BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1321E592-6052-45F6-BA70-7FD0E1A33610} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)
Task: {29701C10-6ED5-4FC5-BFD4-E75FE361F8D1} - System32\Tasks\{BB78E5AE-43A8-42E3-98C2-EB086954FC14} => pcalua.exe -a C:\Users\Andre\Downloads\gfwlivesetup.exe -d C:\Users\Andre\Downloads
Task: {2F10BB68-D09C-4D70-A5E8-3AE9BCA27763} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {347E170F-DBA4-471D-9E57-B147BDF440BA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {35BBB142-D6B3-4E1A-86FC-7CF85951C03B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {39DB40FE-3C7B-415A-B9CC-0B024C96B609} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe 
Task: {39EE8B21-70E2-4CEC-BDA4-9CAA0895FF5A} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {3B29375E-DCE5-442B-9F68-2419A2B7F0DE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1683591815-2567676410-1637038616-1000Core => C:\Users\Andre\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-07] (Facebook Inc.)
Task: {3D989348-0B1C-420F-9C8D-B1632273760A} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {3F62C5E8-5DA1-453F-A0A9-C01340FA0986} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {448B9108-B610-4219-98CE-5F67543A8720} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-02-10] (Advanced Micro Devices, Inc.)
Task: {482BB315-A9E6-4EA3-BFB8-1E10182D2500} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4C234A97-FB1B-4416-97C1-EBC2C2715AF1} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2011-02-15] ()
Task: {4E7A2314-97E2-4FC8-ADAD-256002931684} - System32\Tasks\{33DA5B83-9F2A-4A28-854D-D0ED72C0252C} => pcalua.exe -a "C:\Users\Andre\Downloads\Worms Armageddon v3.7.2.1.exe" -d C:\Users\Andre\Downloads
Task: {4F6EF41C-0947-4364-93F5-A66304F67C9E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {55B7AD34-947E-4092-94F3-9B237ED2390F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1683591815-2567676410-1637038616-1000UA1d236e9610b3f87 => C:\Users\Andre\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {5D7F982A-02DD-4F65-A027-7B70AA741F71} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {5E5FAD49-4A18-4E60-A2E0-3783560F5A77} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1683591815-2567676410-1637038616-1000Core1d236e95fd62f58 => C:\Users\Andre\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {6083FEDE-D5F9-4397-986C-116FCFE69426} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {611D5580-F310-4119-995A-1CC64DA16156} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {63BF6809-A5DF-4422-827C-5A2269A73DCD} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {6418DAE3-DEBA-4844-AF19-302A2DB71AB9} - System32\Tasks\{F6011F00-CE1A-4308-82E7-4DC7C3A3E73B} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/202990
Task: {654C2BD8-BB10-4974-AB2A-64A5C0317103} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {68EEAC89-6B02-4C59-9011-C3ECEE424950} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {6B59405B-0F03-4764-BD6F-485846CD1EEA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe 
Task: {76761CC9-B509-4079-98AB-53BDBB626071} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7860E9BD-9936-4FBE-A081-0C9DCB894915} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe 
Task: {8996EA91-4006-4812-A075-2E0F36B19B3A} - System32\Tasks\{A1D0577D-45E3-A7DD-5D8A-33062845F254} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\b227994e\e8d3091a.dll" <==== ATTENTION
Task: {8EB246B9-EEF5-42FD-8AA1-50C4A1E38FF0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe 
Task: {92C8B99B-4F23-4387-824E-4F40BF466664} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {94AA1DE3-643B-4031-9280-8773ACC71F2C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1683591815-2567676410-1637038616-1000UA => C:\Users\Andre\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-07] (Facebook Inc.)
Task: {986E6E4F-9B6A-45CC-8715-CF5CB85E0F9E} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {AD73D1D6-C451-43E1-A404-E105DEE9B0A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B4FBFFD0-BEF5-41B0-B18B-F3C92623DBC7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {BBBB0C94-03CB-4F9E-AC3E-3B603ABFE105} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {C429531A-58D3-426F-A870-43B82764651D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {C4471793-8A87-43E3-A58C-CB064DDA105F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {C4BEDE9A-6720-46C0-8530-B2E772F442B1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe 
Task: {C8F9B6EC-3451-4DDA-ADBD-FF6E047A5F9D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CB8BB28D-E22E-4E15-8247-BC6224D7020A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683591815-2567676410-1637038616-1000Core1d257e7b300b2e4 => C:\Users\Andre\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {CCF30E21-0288-402B-8370-07F14256C6F7} - System32\Tasks\{63D038E3-652E-48B8-92FE-09D7E45ED069} => pcalua.exe -a C:\Users\Andre\Documents\Transistor\TransistorVideoSetup.exe -d C:\Users\Andre\Documents\Transistor
Task: {D1B10503-2587-46D5-AA80-DB8D75DD4FCA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D1B84006-F7E1-4758-B5E9-C6E8FCF80A78} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {D3BC54AA-E18E-4F09-9B04-F153FC643221} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe 
Task: {D43867E4-17B9-4363-A869-593A86AA4472} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D7A40A61-04A6-4A2E-8C80-A1035B4B4B26} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {D7E3A2C1-DD99-4A0E-BC0F-736408E449F5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {E7C0E78D-04D3-4F8B-BC8B-9FFEAC1A8ADD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E93EA0ED-BB64-4012-AD2A-435240E83C45} - System32\Tasks\{D069EF6B-67C2-58C0-7242-43B071524588} => C:\ProgramData\{3875139E-8FDE-A435-5F99-4287C4BF4CA5}\92571D09-25FC-AAA2-2B0E-8F04478CBAC0.exe [2017-03-10] () <==== ATTENTION
Task: {EADD84D8-2506-4058-B612-E0D6E6BC6B07} - System32\Tasks\{F7F1B18E-4163-400F-BA94-F22BC5A1A4C1} => pcalua.exe -a "C:\Users\Andre\Downloads\Call of Duty World at War multiplayer + singleplayer ^^nosTEAM^^\COD-WAW full game.part1.exe" -d "C:\Users\Andre\Downloads\Call of Duty World at War multiplayer + singleplayer ^^nosTEAM^^"
Task: {F39C49DA-3093-41C5-A95F-4C5A86D97F28} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {F60183F8-E673-4F1D-BC96-14D005CEBBBC} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {F6DB89BC-9BF2-44D4-B3A5-31C32BB758BE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F8100EC3-6059-4F3D-8EA2-6333A8583498} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1683591815-2567676410-1637038616-1000UA => C:\Users\Andre\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {F83BBCAE-8435-412C-87E4-E0E141F3ADC2} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {FB3F8223-1A31-4F31-8696-1891EC782C3A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {FC27F916-648D-4DA4-BEC9-27926795000B} - \{7D0C0C47-0508-0F0A-0E11-79057D081104} -> No File <==== ATTENTION
Task: {FEEAFAF8-5AC6-4E47-8674-275A605A38E4} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1683591815-2567676410-1637038616-1000Core1d236e95fd62f58.job => C:\Users\Andre\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1683591815-2567676410-1637038616-1000UA1d236e9610b3f87.job => C:\Users\Andre\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1683591815-2567676410-1637038616-1000Core.job => C:\Users\Andre\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1683591815-2567676410-1637038616-1000UA.job => C:\Users\Andre\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1683591815-2567676410-1637038616-1000Core.job => C:\Users\Andre\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1683591815-2567676410-1637038616-1000Core1d1e92b2d964447.job => C:\Users\Andre\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1683591815-2567676410-1637038616-1000UA.job => C:\Users\Andre\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1683591815-2567676410-1637038616-1000UA1d1e92b2dbaf58e.job => C:\Users\Andre\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 15:10 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-13 16:01 - 2015-11-13 16:01 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2016-12-13 15:10 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-17 09:47 - 2016-09-17 09:47 - 00959168 _____ () C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2016-05-17 14:42 - 2016-05-17 14:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-09-17 09:46 - 2016-09-17 09:46 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 18:57 - 2016-12-20 23:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 18:55 - 2016-12-20 22:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 18:55 - 2016-12-20 22:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 18:55 - 2016-12-20 22:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 18:55 - 2016-12-20 22:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 18:55 - 2016-12-20 22:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 18:55 - 2016-12-20 22:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-09-17 23:23 - 2014-09-17 23:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-03-12 10:23 - 2015-03-12 10:23 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-17 23:23 - 2014-09-17 23:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-03-12 10:23 - 2015-03-12 10:23 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 00191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-11-04 14:14 - 2016-11-04 14:15 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-04 14:14 - 2016-11-04 14:15 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-04 14:14 - 2016-11-04 14:15 - 41608704 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-24 00:21 - 2017-02-24 00:21 - 01457128 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\Battle.net Helper.exe
2016-10-16 18:22 - 2016-10-16 18:21 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2015-11-24 12:48 - 2015-11-24 12:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-24 12:46 - 2015-11-24 12:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-24 12:48 - 2015-11-24 12:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-24 12:48 - 2015-11-24 12:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-24 12:43 - 2015-11-24 12:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-24 12:48 - 2015-11-24 12:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-24 12:48 - 2015-11-24 12:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-24 12:48 - 2015-11-24 12:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-24 12:43 - 2015-11-24 12:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-24 12:43 - 2015-11-24 12:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-24 12:43 - 2015-11-24 12:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-24 12:46 - 2015-11-24 12:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-24 12:48 - 2015-11-24 12:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-24 12:47 - 2015-11-24 12:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-12-07 12:57 - 2015-12-07 12:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-24 12:47 - 2015-11-24 12:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-24 12:47 - 2015-11-24 12:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-24 12:47 - 2015-11-24 12:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-24 12:43 - 2015-11-24 12:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-11 15:23 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\Andre\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-11 15:25 - 2017-01-11 15:25 - 01082880 _____ () \\?\C:\Users\Andre\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-11 15:25 - 2017-01-11 15:25 - 03750400 _____ () \\?\C:\Users\Andre\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-11 15:25 - 2017-01-11 15:25 - 00914432 _____ () \\?\C:\Users\Andre\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-11 15:25 - 2017-01-11 15:25 - 01127424 _____ () \\?\C:\Users\Andre\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2015-04-26 10:51 - 2017-03-09 10:44 - 67725936 _____ () C:\Users\Andre\AppData\Roaming\Spotify\libcef.dll
2016-10-26 13:32 - 2017-03-09 10:44 - 00110192 _____ () C:\Users\Andre\AppData\Roaming\Spotify\SpotifyWinRT.dll
2017-01-11 15:23 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\Andre\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-11 15:23 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\Andre\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-02-07 20:56 - 2017-02-01 01:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 20:56 - 2017-02-01 01:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2015-04-26 10:51 - 2017-03-09 10:44 - 01929840 _____ () C:\Users\Andre\AppData\Roaming\Spotify\libglesv2.dll
2015-04-26 10:51 - 2017-03-09 10:44 - 00087152 _____ () C:\Users\Andre\AppData\Roaming\Spotify\libegl.dll
2010-11-22 14:56 - 2010-11-22 14:56 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ctypes.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_socket.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_ssl.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 05812736 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtGui.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 00067584 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sip.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 01662464 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtCore.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 00494592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32api.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pywintypes26.dll
2010-11-22 14:56 - 2010-11-22 14:56 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\select.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_hashlib.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32process.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32file.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\_sqlite3.pyd
2011-02-15 10:17 - 2011-02-15 10:17 - 00417501 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\sqlite3.dll
2010-11-22 14:57 - 2010-11-22 14:57 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32gui.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 00313856 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00127488 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pyexpat.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00009216 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\winsound.pyd
2015-10-21 12:29 - 2015-10-21 12:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlc.dll
2015-10-21 12:29 - 2015-10-21 12:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libvlccore.dll
2010-11-22 14:56 - 2010-11-22 14:56 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\unicodedata.pyd
2016-09-28 13:53 - 2016-09-28 13:53 - 02620112 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\ltc_host_ex.DLL
2010-11-22 14:56 - 2010-11-22 14:56 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\pythoncom26.dll
2010-11-22 14:57 - 2010-11-22 14:57 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\win32com.shell.shell.pyd
2015-06-26 15:09 - 2015-06-26 15:09 - 00271872 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\amd_ags.dll
2010-11-22 14:57 - 2010-11-22 14:57 - 00141312 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\gobject._gobject.pyd
2016-04-19 09:08 - 2016-04-19 09:08 - 02717595 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\heliotrope._purple.pyd
2011-02-15 10:17 - 2011-02-15 10:17 - 01213633 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libxml2-2.dll
2010-11-22 15:06 - 2010-11-22 15:06 - 00055808 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\zlib1.dll
2013-05-09 15:52 - 2013-05-09 15:52 - 00495680 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libaim.dll
2013-05-09 15:52 - 2013-05-09 15:52 - 01183699 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\liboscar.dll
2013-05-09 15:52 - 2013-05-09 15:52 - 00483306 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libicq.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00655356 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libirc.dll
2013-05-03 10:56 - 2013-05-03 10:56 - 01306387 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libmsn.dll
2013-05-03 10:56 - 2013-05-03 10:56 - 00565461 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libxmpp.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 01640221 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libjabber.dll
2013-05-03 10:56 - 2013-05-03 10:56 - 00506276 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoo.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 01053730 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\libymsg.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00497782 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\libyahoojp.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00603326 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl-nss.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00474199 _____ () C:\Program Files (x86)\Raptr Inc\Raptr\plugins\ssl.dll
2017-03-10 11:08 - 2017-03-10 11:08 - 00148992 _____ () \\?\C:\Users\Andre\AppData\Local\Temp\26B9.tmp.node
2017-01-11 15:25 - 2017-01-11 15:25 - 02658304 _____ () \\?\C:\Users\Andre\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-01-11 15:25 - 2017-01-11 15:25 - 02130432 _____ () \\?\C:\Users\Andre\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2016-07-28 00:07 - 2017-02-02 17:42 - 00668960 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-07-28 00:07 - 2016-08-31 17:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-07-28 00:07 - 2017-03-09 14:37 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2016-07-28 00:07 - 2016-01-26 23:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-07-28 00:07 - 2016-01-26 23:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-07-28 00:07 - 2016-01-26 23:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-07-28 00:07 - 2016-01-26 23:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-07-28 00:07 - 2016-01-26 23:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-07-28 00:07 - 2016-08-31 17:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-07-28 00:07 - 2016-08-31 17:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-07-28 00:07 - 2017-03-09 14:37 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-07-28 00:07 - 2016-07-04 14:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-12 12:31 - 2017-01-30 13:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-07-28 00:07 - 2017-03-09 14:37 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2017-02-24 00:21 - 2017-02-24 00:21 - 37247976 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libcef.dll
2017-02-24 00:21 - 2017-02-24 00:21 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\ortp.dll
2017-02-24 00:21 - 2017-02-24 00:21 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libEGL.dll
2017-02-24 00:21 - 2017-02-24 00:21 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libGLESv2.dll
2017-02-24 00:21 - 2017-02-24 00:21 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libglesv2.dll
2017-02-24 00:21 - 2017-02-24 00:21 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libegl.dll
2017-02-24 00:21 - 2017-02-24 00:21 - 00990696 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\ffmpegsumo.dll
2016-07-28 00:07 - 2015-09-24 15:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Sound, video and game controllers"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\sony.com -> sony.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-09-22 15:39 - 2014-09-22 15:39 - 00001016 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 ood.opsource.net ereg.wip4.adobe.com ereg.wip.adobe.com activate-sjc0.adobe.com practivate.adobe.ipp activate.wip4.adobe.com 3dns-1.adobe.com activate.wip1.adobe.com 3dns.adobe.com 
127.0.0.1 practivate.adobe.ntp activate.wip.adobe.com wip1.adobe.com 3dns-4.adobe.com activate.wip2.adobe.com practivate.adobe 3dns-2.adobe.com www.wip4.adobe.com 3dns-3.adobe.com 
127.0.0.1 crl.verisign.net adobe-dns-4.adobe.com adobe-dns-1.adobe.com adobe-dns.adobe.com ereg.adobe.com wip4.adobe.com lm.licenses.adobe.com wip3.adobe.com na2m-pr.licenses.adobe.com 
127.0.0.1 www.wip1.adobe.com adobeereg.com lmlicenses.wip4.adobe.com www.wip2.adobe.com ereg.wip2.adobe.com www.wip.adobe.com wip2.adobe.com practivate.adobe.newoa wwis-dubc1-vip60.adobe.com 
127.0.0.1 wip.adobe.com adobe-dns-3.adobe.com www.adobeereg.com practivate.adobe.com activate-sea.adobe.com activate.wip3.adobe.com activate.adobe.com adobe-dns-2.adobe.com www.wip3.adobe.com 
127.0.0.1 hl2rcv.adobe.com ereg.wip3.adobe.com ereg.wip1.adobe.com 

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andre\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{799bf4ca-de86-4250-9d63-50a33b19998c}.JPG
DNS Servers: 192.168.1.254 - 192.168.5.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPointII.lnk => C:\Windows\pss\SetPointII.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: uTorrent => "C:\Users\Andre\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Cm108Sound"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKLM\...\StartupApproved\Run32: => "MapsGalaxy"
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\StartupApproved\Run: => "Xvid"
HKU\S-1-5-21-1683591815-2567676410-1637038616-1000\...\StartupApproved\Run: => "GalaxyClient"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{7EE39108-3306-400B-8893-638C1073CDEB}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{ED1E3FE9-17AF-45A5-A0D0-1D34074B2F2A}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{5C048D99-9CEE-4769-870A-9FF5B5C68EE3}] => (Allow) LPort=1542
FirewallRules: [{B0C0093D-85C2-4A3D-B9F4-8547A87B08E6}] => (Allow) LPort=1542
FirewallRules: [{4CE72DB1-F49D-4F33-9D0D-3A8D211CD61E}] => (Allow) LPort=53
FirewallRules: [{FE015F22-0113-4B5B-A812-B550F55B8A3B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D77A366F-6D5B-48BE-B67C-57A49DD2D3A2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BA2F355E-0051-4063-BAF6-F98C8F7F8013}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{C7A9BEB7-B2AF-4632-B3D5-5FE1B393677F}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{4B221BD6-E6AA-47C7-A0EF-26953F7696DE}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [{9F459092-E109-4E4A-96C3-559FA911F7C1}] => (Allow) LPort=53
FirewallRules: [{EC89E79E-3C73-4B66-83FD-5B3296DA8514}] => (Allow) LPort=67
FirewallRules: [{54E71595-06B6-4E6A-8C3E-812C9569644B}] => (Allow) LPort=68
FirewallRules: [{7AE69F61-5EC0-4DC9-B334-68A14DD90DD5}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{7A8D33BC-EA8F-4096-8A67-F8F0007351BB}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{7DFD00C6-6F33-4AB2-8DCA-D0101016FB66}C:\program files\java\jdk1.7.0_25\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_25\jre\bin\javaw.exe
FirewallRules: [UDP Query User{CD4376A9-E0B8-4FE2-9022-A20125D2CDFE}C:\program files\java\jdk1.7.0_25\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_25\jre\bin\javaw.exe
FirewallRules: [{30F71F17-ED4C-4D5A-B4BF-46F74C54C414}] => (Block) C:\program files\java\jdk1.7.0_25\jre\bin\javaw.exe
FirewallRules: [{D406DD7D-B65E-4F7C-901A-17AF94440BB5}] => (Block) C:\program files\java\jdk1.7.0_25\jre\bin\javaw.exe
FirewallRules: [{E5A61F54-895E-4B74-8A62-71E5B7996D60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{2132D1AF-D1EA-4DCE-A459-4A6963DF4287}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [TCP Query User{D8FF50F1-0F5A-489D-9D97-9FFBD7728CCE}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{DAE4976D-A599-49A9-ACED-AD92B48AC55B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{FF026BB5-20B6-4853-B39E-DDC4658A2526}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{AC7EA96F-A076-44F8-B8E5-2DFF9CE8D69D}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{15BCD0A7-9312-404F-9B6B-579A79D34B3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{66C2BBAF-D25C-4DC0-8F62-0F0C2E016476}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{54A36E01-9B98-4018-A608-0C22BEF45146}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D4ED3E5E-1FFE-418E-A8D4-3FB234172067}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{05E36756-DB85-4756-8EAE-C45E03823BE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{0BD73C9C-097D-4D2A-B328-215B44FD23A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4E4B0109-5B75-457D-89BC-F1458D20751D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1AF7825A-C720-4905-B281-123460D6E0D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1A0B41AB-043E-40B6-97A1-4F6A7ED4B490}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{1BCDA55D-BE2C-4B06-A4E6-876437A0AB01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{77E10B0F-7168-419F-8049-BA0DD796F65A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\rust.exe
FirewallRules: [{C7B36B22-7DA7-4D02-BEA5-2196FD34C0BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rust\rust.exe
FirewallRules: [TCP Query User{F6B6B95A-729F-4AF2-9A34-6F123889BBD4}C:\users\andre\documents\dolphin-x64\dolphin.exe] => (Allow) C:\users\andre\documents\dolphin-x64\dolphin.exe
FirewallRules: [UDP Query User{5EAA5540-570E-48ED-9327-1C8FDC3D5F60}C:\users\andre\documents\dolphin-x64\dolphin.exe] => (Allow) C:\users\andre\documents\dolphin-x64\dolphin.exe
FirewallRules: [{9D882292-6493-4AAC-A914-7B68414C9BC0}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{B12275EF-5166-4BE9-B64F-7F95D52A92E0}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{1F62F877-CD50-48A0-9624-3E85CE09B1CC}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{FC7D32BA-5FE4-4B9F-886A-0A24C045F34E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{CB1C465A-F3EB-4713-AA2E-0CE9BEDD7B55}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{9AA87B71-B52D-467D-8DE8-E4808A9E9117}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{C8FF0E4F-5CCD-450B-A6A8-00B381CF2D83}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [UDP Query User{C4C80A2F-9AE3-4C24-902F-F60FCCFA30FE}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{88688119-86F2-475F-A2A4-6058B2738108}] => (Allow) C:\Users\Andre\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{1F003BC7-6B36-4FAC-B30B-18DC371E1A1B}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{F8A6E52B-B4C1-465E-8B10-3C55CA38131D}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{F4F3E441-9210-4045-AC0D-B8CBBEFCBB4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FD989979-FF0D-42C9-887D-53BA63116293}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{5051CE77-791B-4B72-807E-015B77D208C9}C:\program files (x86)\worms armageddon v3.7.2.1\wa.exe] => (Block) C:\program files (x86)\worms armageddon v3.7.2.1\wa.exe
FirewallRules: [UDP Query User{74558447-D121-476A-91FE-7D609F7C9646}C:\program files (x86)\worms armageddon v3.7.2.1\wa.exe] => (Block) C:\program files (x86)\worms armageddon v3.7.2.1\wa.exe
FirewallRules: [{F3FF5817-1CE1-4817-AE1A-49F4FCAC6458}] => (Allow) C:\Users\Andre\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1CA3B95D-37F1-4275-84A1-345A94661330}] => (Allow) C:\Users\Andre\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B5F4F4B9-A694-4821-AF5C-9AB09BBFBB63}] => (Allow) C:\Users\Andre\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4B14A97B-44CB-4197-9385-BFC558F1B701}] => (Allow) C:\Users\Andre\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{6A332C0D-E3A1-45C9-9F4C-2FB593B7A68E}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{FF68FACD-B498-4C68-B040-654F5BA1E7E0}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{D940CA4B-8ACF-4D6D-9256-5EF29CD4EF2B}C:\users\andre\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andre\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B7186A5C-8117-4C12-9F4D-21C72370A970}C:\users\andre\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\andre\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C97D68C9-F61C-4C94-93B3-A34FF95BD1BC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7A341DA1-7D85-4148-9A5C-DBB00696FF6C}] => (Allow) LPort=2869
FirewallRules: [{A8D8347F-393D-41A1-B503-A8311F2B6290}] => (Allow) LPort=1900
FirewallRules: [{81677BEF-6DE5-4349-A333-4A31D5FF9F1C}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{38EB5460-9248-4971-BA74-775C4A30FF61}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{967C9E7C-5AA6-4CEF-871C-C8A3033C4B8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3E9E333A-DBC9-4081-976E-F254B20EB1ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC807D3E-D7F4-4C4C-B958-2B74F739C03F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9A536211-D8E7-47AA-ABB9-2D6D82C69645}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{612127DB-8A8E-4A47-8820-66BC218804F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{82127C99-7CB2-4490-9413-A1D082682A8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [TCP Query User{2917576A-F7B2-4705-85CD-BEBD9DFE98DD}C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{8B44C347-4249-418F-B360-633B3DE4185D}C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{CB0C5EF1-D71E-4437-8703-41A3D8DC25A5}] => (Allow) C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{1F198828-411F-4F61-839A-1C40AA001EFD}] => (Allow) C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{0F817298-1A35-42AE-9A7D-CCCF77257562}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{5EDF28B8-83B8-477F-9535-ED05D0AA30DC}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [TCP Query User{FF19C764-07AE-4F2D-8B80-78CF06FBE392}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{19BDBA0B-E475-4A8D-8464-4E4C6AB6185E}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{0ECEB5B6-593E-4BCB-9CAC-AFF1C183F39A}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{18234E6F-CC0D-44AE-9FF5-CC5BE7988F5E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{6568C94E-5AA5-42B0-A7E9-8034CBD519A6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{9D4D11C1-D4FC-4910-9CF0-7A89DBC51E62}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{9206FE76-2DD4-4470-A5ED-3CBED8ACECE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{B690D7DD-2FED-406F-8C36-DEFD332A798F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{461F350C-7B36-4078-921E-051D1DEB38E7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1B36C469-7E9E-4ACB-985A-FCD9A51AAA03}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FF512DD7-EE20-46C3-8872-EB1557001158}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{68FBB7A1-B1FC-4D2C-955C-68E8E0E0D3FF}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{24879794-C795-472F-B68D-632FB53001C8}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{6123E813-9BDB-465E-87C9-9CE281169D1D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{000748DA-F112-4031-9596-A0D90205187A}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{00A4538B-52D6-41BE-92FF-608D39B3319C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grid 2\grid2.exe
FirewallRules: [{F2085437-D7D5-4851-83FC-761B81EB915B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\grid 2\grid2.exe
FirewallRules: [{2FAB1E7B-5893-4691-9E8A-558A3448FAE4}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{8F7358BE-D5A5-4D70-8CCA-D9EA3939F6C5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{662FCEF9-BA61-4E54-B09A-4CCB3FD15358}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{D7DCADD8-31E3-428F-9F58-57D4F875480A}C:\program files (x86)\gog galaxy\games\gwent\gwent.exe] => (Allow) C:\program files (x86)\gog galaxy\games\gwent\gwent.exe
FirewallRules: [UDP Query User{8534AE2B-6D20-4794-87A3-72812BB86E2D}C:\program files (x86)\gog galaxy\games\gwent\gwent.exe] => (Allow) C:\program files (x86)\gog galaxy\games\gwent\gwent.exe

==================== Restore Points =========================

27-02-2017 23:55:20 Scheduled Checkpoint
08-03-2017 11:10:16 Scheduled Checkpoint
10-03-2017 11:13:02 Installed Sophos Virus Removal Tool.
10-03-2017 11:17:43 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2017 11:18:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/10/2017 11:14:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/10/2017 10:43:34 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Andre\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

Error: (03/10/2017 01:03:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16250

Error: (03/10/2017 01:03:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16250

Error: (03/10/2017 01:03:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/10/2017 01:03:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14250

Error: (03/10/2017 01:03:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14250

Error: (03/10/2017 01:03:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/10/2017 01:03:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12218


System errors:
=============
Error: (03/10/2017 11:11:22 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (03/10/2017 11:09:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (03/10/2017 11:09:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (03/10/2017 11:09:37 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (03/10/2017 11:07:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error

Error: (03/10/2017 11:03:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/10/2017 11:03:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/10/2017 11:02:25 AM) (Source: DCOM) (EventID: 10010) (User: Andre-PC)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (03/10/2017 11:02:23 AM) (Source: DCOM) (EventID: 10005) (User: Andre-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/10/2017 11:02:19 AM) (Source: DCOM) (EventID: 10005) (User: Andre-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


CodeIntegrity:
===================================
  Date: 2017-03-10 10:17:48.730
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-09 23:32:35.057
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-09 23:32:35.056
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-09 19:33:07.460
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-09 19:33:07.459
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-09 15:49:49.575
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-09 15:49:49.571
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-09 10:51:20.143
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-09 10:51:20.139
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-08 23:50:09.332
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD FX(tm)-8320 Eight-Core Processor 
Percentage of memory in use: 46%
Total physical RAM: 8168.67 MB
Available physical RAM: 4397.51 MB
Total Virtual: 16360.67 MB
Available Virtual: 10351.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.22 GB) (Free:70.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4C426083)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • Root Admin

Please run the following and attach your logs.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 10 Pro x64 
Ran by Andre (Administrator) on Sun 03/12/2017 at 20:19:35.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 1 

Successfully deleted: C:\ProgramData\b227994e (Folder) 

Deleted the following from C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\goaab931.default\prefs.js
user_pref(extensions.5E3xGHvWE8K.scode, (function(){try{if(window.location.href.indexOf(\rjg4qTwHpjaHrHn8qTrGpjkEqjk\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.com\
user_pref(extensions.AsMdhAI6.scode, (function(){try{if(window.location.href.indexOf(\rjg4qTwHpjaHrHn8qTrGpjkEqjk\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.com\,\
user_pref(extensions.XRSZZmXpWew.scode, (function(){try{if(window.location.href.indexOf(\rjg4qTwHpjaHrHn8qTrGpjkEqjk\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.com\
user_pref(extensions.sUKDpGSf.scode, (function(){try{if(window.location.href.indexOf(\rjg4qTwHpjaHrHn8qTrGpjkEqjk\)>-1){return;}}catch(e){}try{var d=[[\www.ebay.com\,\

Registry: 1 

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_CDE9B9A3C1D351C05B61B6CB536D0894 (Registry Value) 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/12/2017 at 20:23:04.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

AdwCleaner[C2]:

# AdwCleaner v6.044 - Logfile created 12/03/2017 at 20:36:46
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-12.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Andre - ANDRE-PC
# Running from : C:\Users\Andre\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E


***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5604 Bytes] - [10/03/2017 11:53:01]
C:\AdwCleaner\AdwCleaner[C2].txt - [1032 Bytes] - [12/03/2017 20:36:46]
C:\AdwCleaner\AdwCleaner[R0].txt - [16599 Bytes] - [06/01/2015 20:13:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [16239 Bytes] - [06/01/2015 20:15:32]
C:\AdwCleaner\AdwCleaner[S1].txt - [5269 Bytes] - [10/03/2017 11:52:16]
C:\AdwCleaner\AdwCleaner[S2].txt - [1597 Bytes] - [12/03/2017 20:25:26]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1399 Bytes] ##########
 

SophosVirusRemovalTool:

2017-03-10 19:32:28.772    Sophos Virus Removal Tool version 2.5.6
2017-03-10 19:32:28.773    Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2017-03-10 19:32:28.773    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-03-10 19:32:28.773    Windows version 6.2 SP 0.0  build 9200 SM=0x100 PT=0x1 WOW64
2017-03-10 19:32:28.773    Checking for updates...
2017-03-10 19:32:29.101    Update progress: proxy server not available
2017-03-10 19:32:37.668    Option all = no
2017-03-10 19:32:37.668    Option recurse = yes
2017-03-10 19:32:37.695    Option archive = no
2017-03-10 19:32:37.695    Option service = yes
2017-03-10 19:32:37.695    Option confirm = yes
2017-03-10 19:32:37.695    Option sxl = yes
2017-03-10 19:32:37.695    Option max-data-age = 35
2017-03-10 19:32:37.695    Option vdl-logging = yes
2017-03-10 19:32:37.703    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-03-10 19:32:37.703    Machine ID:    e1dbe2a77b084510845009e4ca5bbe66
2017-03-10 19:32:37.704    Component SVRTcli.exe version 2.5.6
2017-03-10 19:32:37.704    Component control.dll version 2.5.6
2017-03-10 19:32:37.704    Component SVRTservice.exe version 2.5.6
2017-03-10 19:32:37.704    Component engine\osdp.dll version 1.44.1.2280
2017-03-10 19:32:37.704    Component engine\veex.dll version 3.68.0.2280
2017-03-10 19:32:37.704    Component engine\savi.dll version 9.0.7.2280
2017-03-10 19:32:37.705    Component rkdisk.dll version 1.5.31.1
2017-03-10 19:32:37.705    Version info:    Product version    2.5.6
2017-03-10 19:32:37.705    Version info:    Detection engine    3.68.0
2017-03-10 19:32:37.705    Version info:    Detection data    5.36
2017-03-10 19:32:37.705    Version info:    Build date    2/7/2017
2017-03-10 19:32:37.705    Version info:    Data files added    274
2017-03-10 19:32:37.705    Version info: