UC Chinese Virus

**Iaro96** · 11-29-2016, 06:48 PM

[HEADING=1]Zemana AntiMalware 2.70.2.25 (Installed)[/HEADING]
[HEADING=1]Scan Result : Completed
Scan Date : 2016/11/29
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core™ i3-3130M CPU @ 2.60GHz
BIOS Mode : UEFI
CUID : 1203285F630FDF1F3D8882
Scan Type : Custom Scan
Duration : 264m 45s
Scanned Objects : 633644
Detected Objects : 13
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
Detected Objects[/HEADING]
MSIDF4E.tmp
Status : Scanned
Object : %systemroot%\installer\msidf4e.tmp
MD5 : 5ACE47563F8492D21BD564B827A7814D
Publisher : APN LLC
Size : 108616
Version : 1.0.0.1
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %systemroot%\installer\msidf4e.tmp
adobe.snr.patch-painter.exe
Status : Scanned
Object : %userprofile%\documents\adobe cc 2015 universal patcher 1.5\adobe.snr.patch-painter.exe
MD5 : 0D9B7ABE952D6C1DC24750BF47969132
Publisher : -
Size : 631808
Version : 1.5.0.0
Detection : PUA:Win32/SoftCrack.Gen
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\documents\adobe cc 2015 universal patcher 1.5\adobe.snr.patch-painter.exe
DBUpdater.exe
Status : Scanned
Object : %localappdata%\temp\dbupdater.exe
MD5 : 7C175093AA098F61B7E3D94CF558A1B0
Publisher : -
Size : 434692
Version : -
Detection : Downloader:Win32/Banload.Variant
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\temp\dbupdater.exe
DBUpdater[1].exe
Status : Scanned
Object : %localappdata%\microsoft\windows\inetcache\ie\simu n470\dbupdater[1].exe
MD5 : 0B51F61452FFC527BBA4189A3BB6BD4C
Publisher : -
Size : 434688
Version : -
Detection : Downloader:Win32/Banload.Variant
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\microsoft\windows\inetcache\ie\simu n470\dbupdater[1].exe
ucguard.sys.xBAD
Status : Scanned
Object : %homedrive%\frst\quarantine\c\windows\system32\dri vers\ucguard.sys.xbad
MD5 : EB482DBC9786F1A9E3ED5AB6864794FA
Publisher : TAOBAO (CHINA) SOFTWARE CO.,LTD.
Size : 81792
Version : 0.1.0.85
Detection : Adware:Win32/UCBrowser-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\windows\system32\dri vers\ucguard.sys.xbad
ucwifi_compat.dll
Status : Scanned
Object : %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\ucbrowser\user data\ucwifi\1.0.0.8\ucwifi_compat.dll
MD5 : 59520CC7DAC73C37A02ADEDAED870D76
Publisher : TAOBAO (CHINA) SOFTWARE CO.,LTD.
Size : 364144
Version : 1.0.0.0
Detection : Adware:Win32/UCBrowser-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\ucbrowser\user data\ucwifi\1.0.0.8\ucwifi_compat.dll
UCWiFi.exe
Status : Scanned
Object : %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\ucbrowser\user data\ucwifi\1.0.0.8\ucwifi.exe
MD5 : 260402E5F4C9EE3CA15C7AADE09EF6EA
Publisher : TAOBAO (CHINA) SOFTWARE CO.,LTD.
Size : 6635632
Version : 1.0.0.1
Detection : Adware:Win32/UCBrowser-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\ucbrowser\user data\ucwifi\1.0.0.8\ucwifi.exe
libEGL.dll
Status : Scanned
Object : %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\ucbrowser\user data\ucwifi\1.0.0.8\libegl.dll
MD5 : EF07C80D0099C80A73832D0E655FF8CF
Publisher : TAOBAO (CHINA) SOFTWARE CO.,LTD.
Size : 88736
Version : 2.1.0.0
Detection : Adware:Win32/UCBrowser-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\ucbrowser\user data\ucwifi\1.0.0.8\libegl.dll
libGLESv2.dll
Status : Scanned
Object : %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\ucbrowser\user data\ucwifi\1.0.0.8\libglesv2.dll
MD5 : 5C071CAAB5CFD60432902BCBDC14AB6F
Publisher : TAOBAO (CHINA) SOFTWARE CO.,LTD.
Size : 2081440
Version : 2.1.0.0
Detection : Adware:Win32/UCBrowser-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\ucbrowser\user data\ucwifi\1.0.0.8\libglesv2.dll
ucbrabs.exe.xBAD
Status : Scanned
Object : %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\temp\ucbrabs.exe.xbad
MD5 : 712F8A5EE24FA94450C8A86B29860296
Publisher : -
Size : 1441792
Version : -
Detection : Adware:Win32/Tazzi.A!Kaaa
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\temp\ucbrabs.exe.xbad
DBUpdater.exe.xBAD
Status : Scanned
Object : %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\temp\dbupdater.exe.xbad
MD5 : DECA5304043B116C977B5FA93F63FD91
Publisher : -
Size : 434692
Version : -
Detection : Downloader:Win32/Banload.Variant
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\temp\dbupdater.exe.xbad
DriverBoosterSetup.exe.xBAD
Status : Scanned
Object : %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\temp\driverboostersetup.exe.x bad
MD5 : E01015617CE39022F9FF8BFB410ADA37
Publisher : -
Size : 89088
Version : -
Detection : Malware:Win32/Tazzi.A!Keke
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\temp\driverboostersetup.exe.x bad
Browser_V5.7.15319.5_r_4670_(Build1608291541).exe. xBAD
Status : Scanned
Object : %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\temp\browser_v5.7.15319.5_r_4 670_(build1608291541).exe.xbad
MD5 : 9534DAE671B92610585578D911C654D7
Publisher : TAOBAO (CHINA) SOFTWARE CO.,LTD.
Size : 51562496
Version : 5.7.15319.5
Detection : Adware:Win32/UCBrowser-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\temp\browser_v5.7.15319.5_r_4 670_(build1608291541).exe.xbad
[HEADING=1]Cleaning Result[/HEADING]
Cleaned : 13
Reported as safe : 0
Failed : 0

**Iaro96** · 11-29-2016, 07:18 PM

~ ZHPDiag v2016.11.29.233 By Nicolas Coolman (2016/11/29)
~ Run by Ivan Reyes Ortega (Administrator) (2016/11/29 14:51:33)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook: ZHP
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\Ivan Reyes Ortega\Desktop\ZHPDiag.txt
~ Report: C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 10 Home, 64-bit (Build 14393) =>.Microsoft Corporation
—\ Internet Browsers (1) - 0s
~ MSIE: Internet Explorer v11.447.14393.0
—\ Windows Product Information (3) - 4s
~ Windows Server License Manager Script : OK
System - VBScript Engine not found
Windows Automatic Updates : OK
—\ System protection software (2) - 46s
Malwarebytes Anti-Malware version 2.2.1.1043 (Protection)
Windows Defender (Activate) (Protection)
—\ System protection software (Superfluous) (1) - 46s
~ Zemana AntiMalware v2.70.25 (Superfluous)
—\ Surveillance software (1) - 47s
~ Adobe Reader XI (Surveillance)
—\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 6173.832 MB (50% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 384 GB (41%) free of 926 GB : OK =>.Disk Space
—\ Connection to the system mode (3) - 0s
~ Computer Name: HOMEPC
~ User Name: Ivan Reyes Ortega
~ Logged in as Administrator
—\ Enumeration of the disk units (1) - 0s
~ Drive C: has 384 GB free of 926 GB (System)
—\ State of the Windows Security Center (7) - 0s
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
—\ Search Generic System Files (24) - 7s
[MD5.43BF96FCF50945BE35C22206980C9068] - 02/11/2016 - (.Microsoft Corporation - Windows Explorer.) – C:\WINDOWS\Explorer.exe [4673304] =>.Microsoft Windows®
[MD5.C7645D43451C6D94D87F4D07BDE59C89] - 16/07/2016 - (.Microsoft Corporation - Windows host process (Rundll32).) – C:\WINDOWS\System32\rundll32.exe [69632] =>.Microsoft Corporation
[MD5.99A19C9A74E2F9820E501DCE77F84F70] - 16/07/2016 - (.Microsoft Corporation - Windows Start-Up Application.) – C:\WINDOWS\System32\Wininit.exe [304240] =>.Microsoft Windows Publisher®
[MD5.7F08626131800B977DE92B7C0DF481A1] - 02/11/2016 - (.Microsoft Corporation - Internet Extensions for Win32.) – C:\WINDOWS\System32\wininet.dll [2669056] =>.Microsoft Corporation
[MD5.D243745884BCBC21E91AB569A0AD514E] - 14/10/2016 - (.Microsoft Corporation - Windows Logon Application.) – C:\WINDOWS\System32\Winlogon.exe [673792] =>.Microsoft Corporation
[MD5.9600B7F2F89DE60A80D13DE42F672834] - 16/07/2016 - (.Microsoft Corporation - Software Licensing Library.) – C:\WINDOWS\System32\sppcomapi.dll [402432] =>.Microsoft Corporation
[MD5.96B8A433F6407DE34850927C96C6CE9B] - 01/10/2016 - (.Microsoft Corporation - DNS Client API DLL.) – C:\WINDOWS\System32\dnsapi.dll [646136] =>.Microsoft Windows®
[MD5.227CFE3EDA82029AAC1C088A16297CD7] - 01/10/2016 - (.Microsoft Corporation - DNS Client API DLL.) – C:\WINDOWS\Syswow64\dnsapi.dll [496872] =>.Microsoft Windows®
[MD5.323AA1953ED9C01E23F740FA891FE064] - 15/10/2016 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) – C:\WINDOWS\System32\drivers\AFD.sys [584032] =>.Microsoft Windows®
[MD5.A10F989A812B57B9695F6C305907C9C6] - 16/07/2016 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) – C:\WINDOWS\System32\drivers\atapi.sys [28512] =>.Microsoft Windows®
[MD5.F8FB51B9EF6372610E9B31A1D86B62FC] - 16/07/2016 - (.Microsoft Corporation - CD-ROM File System Driver.) – C:\WINDOWS\System32\drivers\Cdfs.sys [92160] =>.Microsoft Corporation
[MD5.613D0137C269187FA298A157E3D14A18] - 16/07/2016 - (.Microsoft Corporation - SCSI CD-ROM Driver.) – C:\WINDOWS\System32\drivers\Cdrom.sys [173056] =>.Microsoft Corporation
[MD5.0D1D392ED2597F295956D058D33BD7C3] - 05/10/2016 - (.Microsoft Corporation - DFS Namespace Client Driver.) – C:\WINDOWS\System32\drivers\DfsC.sys [144896] =>.Microsoft Corporation
[MD5.10E3515FE5DBA6656FA62C29342EC4A1] - 16/07/2016 - (.Microsoft Corporation - High Definition Audio Bus Driver.) – C:\WINDOWS\System32\drivers\HDAudBus.sys [83456] =>.Microsoft Corporation
[MD5.B54B30992620C97230013A74461C8517] - 16/07/2016 - (.Microsoft Corporation - i8042 Port Driver.) – C:\WINDOWS\System32\drivers\i8042prt.sys [114176] =>.Microsoft Corporation
[MD5.F1DAECC3B3D6399875D4F10529D6A77C] - 16/07/2016 - (.Microsoft Corporation - IP Network Address Translator.) – C:\WINDOWS\System32\drivers\IpNat.sys [212480] =>.Microsoft Corporation
[MD5.E671EDAB0726E05ECEF4058B4CD73C4D] - 01/10/2016 - (.Microsoft Corporation - Windows NT SMB Minirdr.) – C:\WINDOWS\System32\drivers\MRxSmb.sys [450392] =>.Microsoft Windows®
[MD5.6FEBB0A847FFD5F057B9AC8889F1B9A7] - 16/07/2016 - (.Microsoft Corporation - MBT Transport driver.) – C:\WINDOWS\System32\drivers\netBT.sys [279040] =>.Microsoft Corporation
[MD5.DB69C6DA8B3DDFDC547D455CA23A8250] - 02/11/2016 - (.Microsoft Corporation - NT File System Driver.) – C:\WINDOWS\System32\drivers\ntfs.sys [2255712] =>.Microsoft Windows®
[MD5.6B81BF7853D161DB8AC62CD8B9C2DE6B] - 16/07/2016 - (.Microsoft Corporation - Parallel Port Driver.) – C:\WINDOWS\System32\drivers\Parport.sys [96768] =>.Microsoft Corporation
[MD5.17E565710172ED71B8531D8822E1C5D1] - 16/07/2016 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) – C:\WINDOWS\System32\drivers\Rasl2tp.sys [104960] =>.Microsoft Corporation
[MD5.7135785C21CA79D270D11037C43D3F19] - 16/07/2016 - (.Microsoft Corporation - Microsoft RDP Device redirector.) – C:\WINDOWS\System32\drivers\rdpdr.sys [177152] =>.Microsoft Corporation
[MD5.9D2DD64A0B51C56285512DC9454340F6] - 16/07/2016 - (.Microsoft Corporation - TDI Translation Driver.) – C:\WINDOWS\System32\drivers\tdx.sys [118112] =>.Microsoft Windows®
[MD5.BF2546583BB75F01DDA60A7921DFB230] - 16/07/2016 - (.Microsoft Corporation - Volume Shadow Copy driver.) – C:\WINDOWS\System32\drivers\volsnap.sys [391520] =>.Microsoft Windows®
—\ Non Microsoft non disabled Windows Services (32) - 7s
O23 - Service: Autodesk Application Manager Service (AdAppMgrSvc) . (.Autodesk Inc. - Autodesk Application Manager.) - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe =>.Autodesk, Inc®
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) . (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe =>.Adobe Systems Incorporated®
O23 - Service: Apple Mobile Device Service (Apple Mobile Device Service) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe =>.Apple Inc.®
O23 - Service: Autodesk Content Service (Autodesk Content Service) . (.Autodesk, Inc. - AutoCAD component.) - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe =>.Autodesk, Inc®
O23 - Service: @oem30.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Man (BcmBtRSupport) . (.Broadcom Corporation. - Bluetooth Radio Management Support.) - C:\WINDOWS\system32\BtwRSupportService.exe =>.Broadcom Corporation.
O23 - Service: Bonjour Service (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe =>.Apple Inc.®
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) - C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe =>.BlueStack Systems, Inc.®
O23 - Service: Dragon Assistant Core (DACoreService) . (.Nuance Communications, Inc. - DACore.) - C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe =>.Nuance Communications, Inc.®
O23 - Service: Epson Scanner Service (EpsonScanSvc) . (.Seiko Epson Corporation - Epson Scanner Service (64bit).) - C:\WINDOWS\system32\EscSvc64.exe =>.Seiko Epson Corporation
O23 - Service: Everything (Everything) . (.Copyright (C) 2014 David Carpenter - Everything.) - C:\Program Files\Everything\Everything.exe =>.Copyright (c) 2014 David Carpenter
O23 - Service: Garmin Device Interaction Service (Garmin Device Interaction Service) . (.Garmin Ltd. or its subsidiaries - Garmin Service.) - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe =>.Garmin International, Inc.®
O23 - Service: GoPro Device Detection Service (GoProDeviceDetectionService) . (…) - C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe =>.GoPro, Inc.®
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) . (.LogMeIn Inc. - Hamachi Client Tunneling Engine.) - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe =>.LogMeIn, Inc.®
O23 - Service: HP CUE DeviceDiscovery Service (hpqddsvc) . (.Hewlett-Packard Co. - HP CUE DeviceDiscovery Service.) - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqddsvc.dll =>.Hewlett Packard®
O23 - Service: HP Network Devices Support (HPSLPSVC) . (.Hewlett-Packard Co. - HP Network Devices Support.) - C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL =>.Hewlett-Packard Co.
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company - SolutionsFrameworkService.) - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService .exe =>.Hewlett-Packard Company®
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation - IAStorDataSvc.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe =>.Intel Corporation - Intel® Rapid Storage Technology®
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) . (.Intel Corporation - igfxCUIService Module.) - C:\WINDOWS\system32\igfxCUIService.exe =>.Intel Corporation
O23 - Service: Intel(R) Capability Licensing Service Interface (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation - Intel(R) Capability Licensing Service Inter.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe =>.Intel® Upgrade Service®
O23 - Service: Intel(R) ME Service (Intel(R) ME Service) . (.Intel Corporation - Intel(R) ME Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe =>.Intel Corporation®
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe =>.Intel Corporation®
O23 - Service: LMIGuardianSvc (LMIGuardianSvc) . (.LogMeIn, Inc. - LMIGuardianSvc.) - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe =>.LogMeIn, Inc.®
O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation®
O23 - Service: Net Driver HPZ12 (Net Driver HPZ12) . (.Hewlett-Packard - Dot4Net Module.) - C:\Windows\System32\HPZinw12.dll =>.Hewlett-Packard
O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) . (.Nitro PDF Software - Nitro PDF Spool Service.) - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe =>.Nitro PDF Software®
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) . (.Nalpeiron Ltd. - This service enables products that use the.) - C:\Windows\SysWOW64\NLSSRV32.EXE =>.Nitro PDF Software®
O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) . (.Hewlett-Packard - PmlDrv Module.) - C:\Windows\System32\HPZipm12.dll =>.Hewlett-Packard
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) . (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe =>.DEVGURU CO LTD®
O23 - Service: Intel(R) Management and Security Application User Notificat (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe =>.Intel Corporation®
O23 - Service: ZAM Controller Service (ZAMSvc) . (.Zemana Ltd. - ZAM.) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
—\ Services not Microsoft (SR=Run, SS=Stop) (42) - 30s
SR - Auto [04/12/2014] [ 599944] Autodesk Application Manager Service (AdAppMgrSvc) . (.Autodesk Inc..) - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe =>.Autodesk, Inc®
SR - Auto [21/10/2016] [ 82128] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
SR - Auto [26/09/2016] [ 2207960] Adobe Genuine Software Integrity Service (AGSService) . (.Adobe Systems, Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe =>.Adobe Systems Incorporated®
SR - Auto [02/03/2016] [ 83768] Apple Mobile Device Service (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe =>.Apple Inc.®
SR - Auto [05/02/2015] [ 31160] Autodesk Content Service (Autodesk Content Service) . (.Autodesk, Inc..) - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe =>.Autodesk, Inc®
SR - Auto [20/08/2015] [ 2278152] @oem30.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Man (BcmBtRSupport) . (.Broadcom Corporation..) - C:\WINDOWS\system32\BtwRSupportService.exe =>.Broadcom Corporation®
SR - Auto [12/08/2015] [ 462096] Bonjour Service (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe =>.Apple Inc.®
SS - Demand [21/07/2016] [ 445976] BlueStacks Android Service (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\Bluestacks\HD-Service.exe =>.BlueStack Systems, Inc.®
SR - Auto [21/07/2016] [ 425496] BlueStacks Log Rotator Service (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe =>.BlueStack Systems, Inc.®
SS - Demand [21/07/2016] [ 462360] BlueStacks Plus Android Service (BstHdPlusAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe =>.BlueStack Systems, Inc.®
SS - Demand [03/05/2016] [ 299488] Intel(R) Content Protection HECI Service (cphs) . (.Intel Corporation.) - C:\Windows\SysWOW64\IntelCpHeciSvc.exe =>.Intel(R) pGFX®
SR - Auto [22/02/2013] [ 430480] Dragon Assistant Core (DACoreService) . (.Nuance Communications, Inc..) - C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe =>.Nuance Communications, Inc.®
SR - Auto [17/05/2012] [ 144560] Epson Scanner Service (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\WINDOWS\system32\EscSvc64.exe =>.SEIKO EPSON Corporation®
SR - Auto [05/08/2014] [ 1441792] Everything (Everything) . (.Copyright (C) 2014 David Carpenter.) - C:\Program Files\Everything\Everything.exe =>.Copyright (c) 2014 David Carpenter
SS - Demand [05/05/2015] [ 1369856] FlexNet Licensing Service 64 (FlexNet Licensing Service 64) . (.Flexera Software LLC.) - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe =>.Flexera Software LLC®
SR - Auto [25/10/2016] [ 985616] Garmin Device Interaction Service (Garmin Device Interaction Service) . (.Garmin Ltd. or its subsidiaries.) - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe =>.Garmin International, Inc.®
SR - Auto [11/10/2016] [ 37808] GoPro Device Detection Service (GoProDeviceDetectionService) . (…) - C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe =>.GoPro, Inc.®
SR - Auto [11/11/2016] [ 2627080] LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe =>.LogMeIn, Inc.®
SR - Demand [20/09/2011] [ 254824] hpqcxs08 (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqcxs08.dll =>.Hewlett Packard®
SR - Auto [29/04/2011] [ 138600] HP CUE DeviceDiscovery Service (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqddsvc.dll =>.Hewlett Packard®
SR - Auto [18/08/2011] [ 1039360] HP Network Devices Support (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL =>.Hewlett-Packard Co.
SR - Auto [17/12/2013] [ 46904] HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService .exe =>.Hewlett-Packard Company®
SR - Auto [31/01/2013] [ 15344] Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe =>.Intel Corporation - Intel® Rapid Storage Technology®
SS - Demand [04/04/2005] [ 69632] InstallDriver Table Manager (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe =>.Macrovision Corporation
SR - Auto [03/05/2016] [ 337888] Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\WINDOWS\system32\igfxCUIService.exe =>.Intel(R) pGFX®
SR - Auto [20/04/2012] [ 635104] Intel(R) Capability Licensing Service Interface (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe =>.Intel® Upgrade Service®
SR - Auto [26/07/2012] [ 128896] Intel(R) ME Service (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe =>.Intel Corporation®
SR - Demand [26/07/2016] [ 651576] iPod Service (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe =>.Apple Inc.®
SS - Demand [12/08/2016] [ 177376] Intel(R) Update Manager (iumsvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe =>.Intel(R) Update Manager®
SR - Auto [26/07/2012] [ 165760] Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe =>.Intel Corporation®
SR - Auto [11/11/2016] [ 419248] LMIGuardianSvc (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe =>.LogMeIn, Inc.®
SR - Auto [26/07/2012] [ 276864] Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation®
SR - Auto [06/08/2010] [ 71680] Net Driver HPZ12 (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\HPZinw12.dll =>.Hewlett-Packard
SR - Auto [14/12/2012] [ 230408] NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) . (.Nitro PDF Software.) - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe =>.Nitro PDF Software®
SR - Auto [14/12/2012] [ 70152] Nalpeiron Licensing Service (nlsX86cc) . (.Nalpeiron Ltd..) - C:\Windows\SysWOW64\NLSSRV32.EXE =>.Nitro PDF Software®
SR - Auto [06/08/2010] [ 89600] Pml Driver HPZ12 (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\HPZipm12.dll =>.Hewlett-Packard
SS - Auto [20/09/2016] [ 324224] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®
SR - Auto [20/09/2016] [ 324224] SAMSUNG Mobile Connectivity Service (ss_conn_service) . (.DEVGURU Co., LTD..) - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe =>.DEVGURU CO LTD®
SS - Demand [20/09/2016] [ 324224] Steam Client Service (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe =>.Valve®
SS - Demand [20/09/2016] [ 324224] Adobe SwitchBoard (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe =>.Adobe Systems Incorporated
SR - Auto [20/09/2016] [ 324224] Intel(R) Management and Security Application User Notificat (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe =>.Intel Corporation®
SR - Auto [20/09/2016] [ 324224] ZAM Controller Service (ZAMSvc) . (.Zemana Ltd..) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
—\ Task Planned Automatically (28) - 16s
[MD5.220ADB2D8475CF40556F61688D3A3EA3] [APT] [Adobe Acrobat Update Task] (.Adobe Systems Incorporated.) – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [324224] (.Activate.) =>.Adobe Systems, Incorporated®
[MD5.1315C5C5C54CE2AA37A155F97027DB59] [APT] [AdobeAAMUpdater-1.0-MicrosoftAccount...reor@gmail.com] (.Adobe Systems Incorporated.) – C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe [324224] (.Activate.) =>.Adobe Systems Incorporated®
[MD5.E516D7811B24812819A3BAC8AD350510] [APT] [Apple Diagnostics] (.Apple Inc..) – C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [324224] (.Activate.) =>.Apple Inc.®
[MD5.1DB1806B64366ECE281B672AA52D6380] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) – C:\Program Files\CCleaner\CCleaner.exe [324224] (.Activate.) =>.Piriform Ltd®
[MD5.26502493132A7924466D091C540584F0] [APT] [EPSON Perfection V19 Update] (.SEIKO EPSON CORPORATION.) – C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe [324224] (.Activate.) =>.SEIKO EPSON CORPORATION®
[MD5.5AE19E6010B893B65840E8C2E3427314] [APT] [GarminUpdaterTask] (.Copyright © 2015.) – C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [324224] (.Activate.) =>.Garmin International, Inc.®
[MD5.622BF9C46A47CF17608C501320E8EFBD] [APT] [IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473] (.Intel Corporation.) – C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [324224] (.Activate.) =>.Intel(R) Update Manager®
[MD5.622BF9C46A47CF17608C501320E8EFBD] [APT] [IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon] (.Intel Corporation.) – C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [324224] (.Activate.) =>.Intel(R) Update Manager®
[MD5.A1741C3B79F9DF8895E05EF43579E74B] [APT] [MirageAgent] (.CyberLink.) – C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [324224] (.Activate.) =>.CyberLink®
[MD5.00000000000000000000000000000000] [APT] [{8DD3EE36-D507-432E-A9B1-FA7778A3BE83}] (…) – D:\setup.exe (.not file.) [324224] (.Activate.)
[MD5.00000000000000000000000000000000] [APT] [{DB50062B-1108-4516-B07E-CB933EB55684}] (…) – C:\Users\Ivan Reyes Ortega\AppData\Local\Akamai\uninstall.exe (.not file.) [324224] (.Activate.) =>.Superfluous.AkamaiHD
[MD5.23985274780D27117C470AA259B79B30] [APT] [Apple\AppleSoftwareUpdate] (.Apple Inc..) – C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [324224] (.Activate.) =>.Apple Inc.®
[MD5.00000000000000000000000000000000] [APT] [Lenovo\Lenovo-31886] (…) – C:\ProgramData\Lenovo-31886.vbs (.not file.) [324224] (.Activate.)
[MD5.00000000000000000000000000000000] [APT] [Lenovo\Lenovo-31951] (…) – C:\ProgramData\Lenovo-31951.vbs (.not file.) [324224] (.Activate.)
O39 - APT: EPSON Perfection V19 Update - (.SEIKO EPSON CORPORATION.) – C:\WINDOWS\Tasks\EPSON Perfection V19 Update.job [324224] =>.SEIKO EPSON CORPORATION®
O39 - APT: Unknown - (…) – C:\WINDOWS\Tasks\MATLAB R2015a Startup Accelerator.job [324224]
O39 - APT: Adobe Acrobat Update Task - (.Adobe Systems Incorporated.) – C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task [324224] =>.Adobe Systems, Incorporated®
O39 - APT: AdobeAAMUpdater-1.0-MicrosoftAccount...reor@gmail.com - (.Adobe Systems Incorporated.) – C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount...reor@gmail.com [324224] =>.Adobe Systems Incorporated®
O39 - APT: Apple Diagnostics - (.Apple Inc..) – C:\WINDOWS\System32\Tasks\Apple Diagnostics [324224] =>.Apple Inc.®
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) – C:\WINDOWS\System32\Tasks\CCleanerSkipUAC [324224] =>.Piriform Ltd®
O39 - APT: EPSON Perfection V19 Update - (.SEIKO EPSON CORPORATION.) – C:\WINDOWS\System32\Tasks\EPSON Perfection V19 Update [324224] =>.SEIKO EPSON CORPORATION®
O39 - APT: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - (.Intel Corporation.) – C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 [324224] =>.Intel(R) Update Manager®
O39 - APT: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon - (.Intel Corporation.) – C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon [324224] =>.Intel(R) Update Manager®
O39 - APT: MirageAgent - (.CyberLink.) – C:\WINDOWS\System32\Tasks\MirageAgent [324224] =>.CyberLink®
O39 - APT: Unknown - (.Microsoft Corporation.) – C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task [324224] =>.Microsoft Corporation
O39 - APT: Unknown - (…) – C:\WINDOWS\System32\Tasks{7C134AF1-A52C-45FB-A769-590205637799} [324224]
O39 - APT: {8DD3EE36-D507-432E-A9B1-FA7778A3BE83} - (.False.) – C:\WINDOWS\System32\Tasks{8DD3EE36-D507-432E-A9B1-FA7778A3BE83} [324224] (.Orphan.) =>.Superfluous.Orphan
O39 - APT: {DB50062B-1108-4516-B07E-CB933EB55684} - (.False.) – C:\WINDOWS\System32\Tasks{DB50062B-1108-4516-B07E-CB933EB55684} [324224] (.Orphan.) =>.Superfluous.AkamaiHD
—\ Auto loading programs from Registry and folders (42) - 5s
O4 - HKLM..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio Manager.) – C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp®
O4 - HKLM..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) – C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe =>.Realtek Semiconductor Corp®
O4 - HKLM..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) – C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe =>.Intel Corporation
O4 - HKLM..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) – C:\Program Files\iTunes\iTunesHelper.exe =>.Apple Inc.®
O4 - HKLM..\Run: [WindowsDefender] . (.Microsoft Corporation - Windows Defender notification icon.) – C:\Program Files\Windows Defender\MSASCuiL.exe =>.Microsoft Corporation
O4 - HKLM..\Run: [GoPro Tray App] . (.Copyright © 2015 - GoProDesktopSystemTray.) – C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe =>.GoPro, Inc.®
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) – C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe =>.Adobe Systems Incorporated®
O4 - HKLM..\Run: [ZAM] . (.Zemana Ltd. - ZAM.) – C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
O4 - HKCU..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) – C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe =>.Apple Inc.®
O4 - HKCU..\Run: [ApplePhotoStreams] . (.Apple Inc. - iCloud Photos.) – C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe =>.Apple Inc.®
O4 - HKCU..\Run: [AppleIEDAV] . (.Apple Inc. - Apple IE DAV.) – C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe =>.Apple Inc.®
O4 - HKCU..\Run: [iCloudDrive] . (.Apple Inc. - iCloud Drive.) – C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe =>.Apple Inc.®
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Ivan Reyes Ortega\AppData\Local\Akamai\netsession_win.exe (.not file.) =>.Superfluous.AkamaiHD
O4 - HKCU..\Run: [Autodesk Sync] . (.Autodesk, Inc. - A360.) – C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe =>.Autodesk, Inc®
O4 - HKCU..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) – C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\OneDrive.e xe =>.Microsoft Corporation®
O4 - HKCU..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\SpotifyWebHelper.ex e =>.Spotify AB®
O4 - HKCU..\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) – C:\Program Files (x86)\Bluestacks\HD-Agent.exe =>.BlueStack Systems, Inc.®
O4 - HKCU..\Run: [Discord] . (.Hammer & Chisel, Inc. - Discord.) – C:\Users\Ivan Reyes Ortega\AppData\Local\Discord\app-0.0.296\Discord.exe =>.Hammer & Chisel Inc.®
O4 - HKCU..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) – C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - HKLM..\Wow6432Node\Run: [OSD Utility] . (.Quanta Computer Inc. - Lenovo Brightness & Volume OSD Service.) – C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe
O4 - HKLM..\Wow6432Node\Run: [Lenovo Silver Silk Wireless Keyboard] . (.Lenovo - Lenovo Silver Silk Keyboard Software.) – C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe =>.Lenovo
O4 - HKLM..\Wow6432Node\Run: [YouCam Mirage] . (.CyberLink - YouCam Mirage.) – C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe =>.CyberLink®
O4 - HKLM..\Wow6432Node\Run: [YouCam Tray] . (.CyberLink Corp. - CyberLink YouCam Tray.) – C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe =>.CyberLink®
O4 - HKLM..\Wow6432Node\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) – C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe =>.CyberLink®
O4 - HKLM..\Wow6432Node\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) – C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe =>.CyberLink®
O4 - HKLM..\Wow6432Node\Run: [Intel AppUp(SM) center] . (.Intel Corporation - Intel Services Manager.) – C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe =>.Intel® Services Manager®
O4 - HKLM..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) – C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe =>.CyberLink®
O4 - HKLM..\Wow6432Node\Run: [LVT] . (.Lenovo - Lenovo.) – C:\Program Files\Lenovo\LVT\LJYZ.exe =>.Lenovo (Beijing) Limited®
O4 - HKLM..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) – C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe =>.Apple Inc.®
O4 - HKLM..\Wow6432Node\Run: [Nikon Message Center 2] . (.Nikon Corporation - Nikon Message Center 2.) – C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe =>.Nikon Corporation
O4 - HKLM..\Wow6432Node\Run: [ADSKAppManager] . (.Autodesk Inc. - Autodesk Application Manager.) – C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe =>.Autodesk, Inc®
O4 - HKLM..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) – C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle America, Inc.®
O4 - HKLM..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) – C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe =>.SEIKO EPSON CORPORATION®
O4 - HKLM..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) – C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe =>.Adobe Systems Incorporated
O4 - HKLM..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) – C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e =>.Adobe Systems Incorporated®
O4 - HKLM..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) – C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe =>.LogMeIn, Inc.®
O4 - HKUS.DEFAULT..\Run: [GarminExpressTrayApp] . (.Garmin Ltd. or its subsidiaries - Garmin Express Tray.) – C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe =>.Garmin International, Inc.®
O4 - HKUS\S-1-5-18..\Run: [GarminExpressTrayApp] . (.Garmin Ltd. or its subsidiaries - Garmin Express Tray.) – C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe =>.Garmin International, Inc.®
O4 - HKUS\S-1-5-19..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) – C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-20..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) – C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-21-2198469641-46685643-2895634536-1002..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) – C:\Users\Joanne\AppData\Local\Microsoft\OneDrive\O neDrive.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-21-2198469641-46685643-2895634536-1002..\Run: [GarminExpressTrayApp] . (.Garmin Ltd. or its subsidiaries - Garmin Express Tray.) – C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe =>.Garmin International, Inc.®
—\ Process running (65) - 5s
[MD5.00000000000000000000000000000000] - (.Intel Corporation - igfxCUIService Module.) – C:\WINDOWS\system32\igfxCUIService.exe [0] [PID.1640] =>.Intel Corporation
[MD5.C92B0A0957ACAD3CEEF502A2CA10ACB8] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [82128] [PID.2208] =>.Adobe Systems, Incorporated®
[MD5.B52F9B2C63DF84B58E59016FE25648C0] - (.Autodesk, Inc. - AutoCAD component.) – C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160] [PID.2216] =>.Autodesk, Inc®
[MD5.41C684B6229B8F0C2EAEF4A2251DFAE4] - (.LogMeIn Inc. - Hamachi Client Tunneling Engine.) – C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080] [PID.2224] =>.LogMeIn, Inc.®
[MD5.FCE361409964B71918D0D04CC26F8BD8] - (.Microsoft - DdMgr.) – C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [24880] [PID.2236] =>.Microsoft
[MD5.AE0F49596EE37F284D4477A0BE4B8655] - (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) – C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496] [PID.2252] =>.BlueStack Systems, Inc.®
[MD5.B5C2F92EE1106DFE7BB1CCE4D35B6037] - (.Apple Inc. - Bonjour Service.) – C:\Program Files\Bonjour\mDNSResponder.exe [462096] [PID.2264] =>.Apple Inc.®
[MD5.021D06851E7AFF5C314039DF813608F3] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) – C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960] [PID.2272] =>.Adobe Systems Incorporated®
[MD5.3B3774C868868257533EC7E715BB6D53] - (.Apple Inc. - MobileDeviceService.) – C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768] [PID.2280] =>.Apple Inc.®
[MD5.00000000000000000000000000000000] - (.Seiko Epson Corporation - Epson Scanner Service (64bit).) – C:\WINDOWS\system32\EscSvc64.exe [0] [PID.2292] =>.Seiko Epson Corporation
[MD5.13B46C5D8AC698E7E5C46620516F03AC] - (.Garmin Ltd. or its subsidiaries - Garmin Service.) – C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [985616] [PID.2304] =>.Garmin International, Inc.®
[MD5.0340E468988DBAFF5049B548EFDD78AA] - (.Nuance Communications, Inc. - DACore.) – C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [430480] [PID.2312] =>.Nuance Communications, Inc.®
[MD5.974A1F783ED34588B45FAD6375077BA6] - (.Hewlett-Packard Company - SolutionsFrameworkService.) – C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService .exe [46904] [PID.2344] =>.Hewlett-Packard Company®
[MD5.CBDF353624D1744734F2FD13B4786F90] - (.Autodesk Inc. - Autodesk Application Manager.) – C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944] [PID.2352] =>.Autodesk, Inc®
[MD5.00000000000000000000000000000000] - (.Broadcom Corporation. - Bluetooth Radio Management Support.) – C:\WINDOWS\system32\BtwRSupportService.exe [0] [PID.2360] =>.Broadcom Corporation.
[MD5.97E5D62965DE167388B9C5D08665FE43] - (.Microsoft - IdeaTouchDataServer.EducationPortal.) – C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.Lo calDataServer.Education.exe [7680] [PID.2400] =>.Microsoft
[MD5.31EB577BC7744FC784D93B264E93142F] - (.Microsoft - IdeaTouchDataServer.GamePortal.) – C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDa taServer.Game.exe [7680] [PID.2428] =>.Microsoft
[MD5.C99F8E90DE4B8F0C7FE15BB1CBCD29DC] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Inter.) – C:\Program Files\Intel\iCLS Client\HeciServer.exe [635104] [PID.2464] =>.Intel® Upgrade Service®
[MD5.3C4002D339491AF73D663FFC7F6E5ECB] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760] [PID.2496] =>.Intel Corporation®
[MD5.0554F3B69D39D175DD110D765C11347A] - (.LogMeIn, Inc. - LMIGuardianSvc.) – C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248] [PID.2536] =>.LogMeIn, Inc.®
[MD5.FC91D7804B8FE5C2F0B12585C612F592] - (.Nitro PDF Software - Nitro PDF Spool Service.) – C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408] [PID.2552] =>.Nitro PDF Software®
[MD5.21D28C3448983A072B907E9BAC93D223] - (.Nalpeiron Ltd. - This service enables products that use the.) – C:\Windows\SysWOW64\NLSSRV32.EXE [70152] [PID.2604] =>.Nitro PDF Software®
[MD5.9DA3B55B17B54789AFB8C657D4ACE4D7] - (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) – C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688] [PID.2764] =>.DEVGURU CO LTD®
[MD5.00000000000000000000000000000000] - (.Intel Corporation - igfxEM Module.) – C:\WINDOWS\system32\igfxEM.exe [0] [PID.6028] =>.Intel Corporation
[MD5.00000000000000000000000000000000] - (.Intel Corporation - igfxHK Module.) – C:\WINDOWS\system32\igfxHK.exe [0] [PID.5900] =>.Intel Corporation
[MD5.00000000000000000000000000000000] - (.Intel Corporation - igfxTray Module.) – C:\WINDOWS\system32\igfxTray.exe [0] [PID.6320] =>.Intel Corporation
[MD5.B0666DF6D554879AE8A7C91E26A5972F] - (.Realtek Semiconductor - Realtek HD Audio Manager.) – C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872] [PID.472] =>.Realtek Semiconductor Corp®
[MD5.5E53A66C680A06E26B1234CB0C3CD99B] - (.Realtek Semiconductor - HD Audio Background Process.) – C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608] [PID.3688] =>.Realtek Semiconductor Corp®
[MD5.ADEA393B2B49EB25578702F4F5525E93] - (.Apple Inc. - iTunesHelper.) – C:\Program Files\iTunes\iTunesHelper.exe [176952] [PID.880] =>.Apple Inc.®
[MD5.89CF513A77CAF5AB1737D188D46D2719] - (.Copyright © 2015 - GoProDesktopSystemTray.) – C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224] [PID.1328] =>.GoPro, Inc.®
[MD5.EECB45F889E99174DA56FBDF37962D25] - (.Apple Inc. - iPodService Module (64-bit).) – C:\Program Files\iPod\bin\iPodService.exe [651576] [PID.3036] =>.Apple Inc.®
[MD5.005B2B63719E6B3E8E2E1446A9278F8E] - (.Spotify Ltd - SpotifyWebHelper.) – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\SpotifyWebHelper.ex e [2018360] [PID.5108] =>.Spotify AB®
[MD5.A1741C3B79F9DF8895E05EF43579E74B] - (.CyberLink - YouCam Mirage.) – C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488] [PID.6828] =>.CyberLink®
[MD5.90087B948BC6AF690040B07AD6E57F66] - (.BlueStack Systems, Inc. - BlueStacks Agent.) – C:\Program Files (x86)\Bluestacks\HD-Agent.exe [974360] [PID.3232] =>.BlueStack Systems, Inc.®
[MD5.EC58C1A9A3281CE0C8FCC05BDBFECB37] - (.Apple Inc. - iCloud.) – C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816] [PID.4320] =>.Apple Inc.®
[MD5.26846FB768E1B9CEAE80BBA9DDB1BEF6] - (.Apple Inc. - Apple Push.) – C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384] [PID.4496] =>.Apple Inc.®
[MD5.63A2D767B9261B4F33F97BF88F2FB197] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) – C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [276328] [PID.872] =>.Hewlett Packard®
[MD5.2D6F4F038602470653CF5D27A05B913C] - (.Quanta Computer Inc. - Lenovo Brightness & Volume OSD Service.) – C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe [18276352] [PID.7244]
[MD5.637509EA9CE862DFCE59E80B9FB1957D] - (.Lenovo - Lenovo Silver Silk Keyboard Software.) – C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe [392192] [PID.7364] =>.Lenovo
[MD5.A1741C3B79F9DF8895E05EF43579E74B] - (.CyberLink - YouCam Mirage.) – C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488] [PID.7388] =>.CyberLink®
[MD5.79EDDBCBFFC23585BC1495AFC03CC4D7] - (.CyberLink Corp. - CyberLink YouCam Tray.) – C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024] [PID.7416] =>.CyberLink®
[MD5.0B427D9943C838620AFA30CBB24A6D77] - (.CyberLink - CyberLink MediaLibray Service.) – C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720] [PID.7492] =>.CyberLink®
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] - (.CyberLink Corp. - PowerDVD RC Service.) – C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432] [PID.7652] =>.CyberLink®
[MD5.4F9DD96AECDC12373D4203253D665C6D] - (.Oracle Corporation - Java Update Scheduler.) – C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896] [PID.7916] =>.Oracle America, Inc.®
[MD5.0B5C25E963B1475EDDBEE458F4C01ECE] - (.Piriform Ltd - CCleaner.) – C:\Program Files\CCleaner\CCleaner64.exe [9105112] [PID.8024] =>.Piriform Ltd®
[MD5.BD0A0131D76DFD35B0C8A769C6AE1E74] - (.SEIKO EPSON CORPORATION - EEventManager Application.) – C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968] [PID.8044] =>.SEIKO EPSON CORPORATION®
[MD5.0EC980270F8B08C472B9BBCB59714C15] - (…) – C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x6 4__kzf8qxf38zg5c\SkypeHost.exe [72192] [PID.6052] =>.Skype Technologies
[MD5.D342CD9148D4F9BC75304C658D52C25E] - (.Intel Corporation - IAStorIcon.) – C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192] [PID.7092] =>.Intel Corporation - Intel® Rapid Storage Technology®
[MD5.134520D3D071880B4C398FE2FFEB6088] - (…) – C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808] [PID.2016] =>.GoPro, Inc.®
[MD5.D5854F77CEEAFC5A8405F8ECCBEC09DF] - (.Intel Corporation - IAStorDataSvc.) – C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344] [PID.2424] =>.Intel Corporation - Intel® Rapid Storage Technology®
[MD5.30E9FAC23E2537D82F2836CB81AEE186] - (.Intel Corporation - Intel(R) ME Service.) – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896] [PID.4640] =>.Intel Corporation®
[MD5.4269D44BB47A6DA5D80B11F4C8536458] - (.Intel Corporation - Local Manageability Service.) – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [276864] [PID.6572] =>.Intel Corporation®
[MD5.DBE2E6388379D5CC78099650541E9566] - (.Intel Corporation - User Notification Service.) – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [364416] [PID.8312] =>.Intel Corporation®
[MD5.907FF261297C196A84C1EE3D7807F90D] - (.Zemana Ltd. - ZAM.) – C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888] [PID.8224] =>.Zemana Ltd.®
[MD5.907FF261297C196A84C1EE3D7807F90D] - (.Zemana Ltd. - ZAM.) – C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888] [PID.6356] =>.Zemana Ltd.®
[MD5.105C276BB7B43501225C419B062096D0] - (.Apple Inc. - iCloud Photos.) – C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816] [PID.10328] =>.Apple Inc.®
[MD5.9252A687BD9F43A5F738C652B00CAF0A] - (.Apple Inc. - iCloud Photos Downloader.) – C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe [43816] [PID.6832] =>.Apple Inc.®
[MD5.FE18DDEA98D90DBF850AFCA0158ABEC8] - (.Copyright (C) 2014 David Carpenter - Everything.) – C:\Program Files\Everything\Everything.exe [1441792] [PID.900] =>.Copyright (c) 2014 David Carpenter
[MD5.FE18DDEA98D90DBF850AFCA0158ABEC8] - (.Copyright (C) 2014 David Carpenter - Everything.) – C:\Program Files\Everything\Everything.exe [1441792] [PID.4468] =>.Copyright (c) 2014 David Carpenter
[MD5.7E0B4C8EFEDDEBE87D2A1F5A33B965B5] - (.Apple Inc. - Apple IE DAV.) – C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104] [PID.12260] =>.Apple Inc.®
[MD5.5E5B1694E918A1739D46BDF45F437465] - (.Adobe Systems Incorporated - Adobe InDesign CS6.) – C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe [4103312] [PID.8936] =>.Adobe Systems Incorporated®
[MD5.6A289BCAE430A22E342435B45BA5A950] - (.Nicolas Coolman - ZHPDiag.) – C:\Users\Ivan Reyes Ortega\Downloads\ZHPDiag3.exe [2511360] [PID.9604] =>.Nicolas Coolman
[MD5.8FE651ACBA3344E645CFEB6286FFF6B8] - (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) – C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e [1073312] [PID.6244] =>.Adobe Systems Incorporated®
[MD5.8C6BE2C144CC5C378FAD7273EDDFD10D] - (.Adobe Systems Incorporated - Adobe® Flash® Player Utility.) – C:\Windows\System32\Macromed\Flash\FlashUtil_Activ eX.exe [1296888] [PID.1632] =>.Microsoft Windows Third Party Application Component®
[MD5.05C67ADE5DA4325000EAC64C0C6D13D3] - (.Adobe Systems Incorporated - Adobe Application Manager.) – C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe [2114208] [PID.6952] =>.Adobe Systems Incorporated®
—\ Google Chrome, Start,Search,Extensions (2) - 0s
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.
—\ Mozilla Firefox,Plugins,Start,Search,Extensions (1) - 1s
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Apple Inc..) – C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll =>.Apple Inc.
—\ Internet Explorer Extensions, Start, Search (17) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com =>.Lenovo Group Limited
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer
—\ Internet Explorer, Proxy Management (5) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride =
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigProxy = wininet.dll
—\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=
—\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)
—\ Global shortcuts Startup (139) - 19s
O4 - GS\Desktop [Administrator]: Adobe Illustrator CS6.lnk . (.Adobe Systems Inc. - Adobe Illustrator CS6.) C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\Illustrator.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Administrator]: Adobe InDesign CS6.lnk . (.Adobe Systems Incorporated - Adobe InDesign CS6.) C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Administrator]: Adobe Photoshop CS6 (64 Bit).lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS6.) C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Administrator]: Discord.lnk . (.GitHub - Update.) C:\Users\Ivan Reyes Ortega\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
O4 - GS\Desktop [Administrator]: iTunes.lnk . (.Apple Inc. - .) C:\Program Files (x86)\iTunes\iTunes.exe =>.Apple Inc.
O4 - GS\Desktop [Administrator]: MATLAB.lnk . (.The MathWorks Inc. - MATLAB Starter Application.) C:\Program Files\MATLAB\MATLAB Production Server\R2015a\bin\matlab.exe =>.The MathWorks Inc.
O4 - GS\Desktop [Administrator]: Nеxon Launcher.lnk . (…) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.rehcnual_noxen .bat
O4 - GS\Desktop [Administrator]: Skype.lnk . (…) C:\WINDOWS\Installer{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe
O4 - GS\Desktop [Administrator]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Administrator]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\Desktop [Administrator]: ViewNX 2.lnk . (.Nikon Corporation - ViewNX 2.) C:\Program Files (x86)\Nikon\ViewNX 2\ViewNX2.exe =>.Nikon Corporation
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (…) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Quicklaunch [Administrator]: Gоogle Chrоmе.lnk . (…) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat
O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Administrator]: Lаunch Intеrnet Exрlorеr Вrowsеr.lnk . (…) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.erolpxei.bat
O4 - GS\Quicklaunch [Administrator]: Samsung Kies 3.lnk . (.Samsung - Kies.) C:\Program Files (x86)\Samsung\Kies3\Kies3.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [Administrator]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\TaskBar [Administrator]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\Startup [Administrator]: Monitor Ink Alerts - HP DeskJet 1110 series.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\WINDOWS\system32\RunDll32.exe “C:\Program Files\HP\HP DeskJet 1110 series\bin\HPStatusBL.dll”,RunDLLEntry SERIALNUMBER=CN634281GF065S;CONNECTION=USB;MONITOR =1; =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\OneDrive.e xe =>.Microsoft Corporation®
O4 - GS\Programs [Administrator]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Guest]: Adobe Illustrator CS6.lnk . (.Adobe Systems Inc. - Adobe Illustrator CS6.) C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\Illustrator.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Guest]: Adobe InDesign CS6.lnk . (.Adobe Systems Incorporated - Adobe InDesign CS6.) C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Guest]: Adobe Photoshop CS6 (64 Bit).lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS6.) C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Guest]: Discord.lnk . (.GitHub - Update.) C:\Users\Ivan Reyes Ortega\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
O4 - GS\Desktop [Guest]: iTunes.lnk . (.Apple Inc. - .) C:\Program Files (x86)\iTunes\iTunes.exe =>.Apple Inc.
O4 - GS\Desktop [Guest]: MATLAB.lnk . (.The MathWorks Inc. - MATLAB Starter Application.) C:\Program Files\MATLAB\MATLAB Production Server\R2015a\bin\matlab.exe =>.The MathWorks Inc.
O4 - GS\Desktop [Guest]: Nеxon Launcher.lnk . (…) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.rehcnual_noxen .bat
O4 - GS\Desktop [Guest]: Skype.lnk . (…) C:\WINDOWS\Installer{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe
O4 - GS\Desktop [Guest]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Guest]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\Desktop [Guest]: ViewNX 2.lnk . (.Nikon Corporation - ViewNX 2.) C:\Program Files (x86)\Nikon\ViewNX 2\ViewNX2.exe =>.Nikon Corporation
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (…) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Quicklaunch [Guest]: Gоogle Chrоmе.lnk . (…) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat
O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Guest]: Lаunch Intеrnet Exрlorеr Вrowsеr.lnk . (…) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.erolpxei.bat
O4 - GS\Quicklaunch [Guest]: Samsung Kies 3.lnk . (.Samsung - Kies.) C:\Program Files (x86)\Samsung\Kies3\Kies3.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [Guest]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\TaskBar [Guest]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\Startup [Guest]: Monitor Ink Alerts - HP DeskJet 1110 series.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\WINDOWS\system32\RunDll32.exe “C:\Program Files\HP\HP DeskJet 1110 series\bin\HPStatusBL.dll”,RunDLLEntry SERIALNUMBER=CN634281GF065S;CONNECTION=USB;MONITOR =1; =>.Microsoft Corporation
O4 - GS\Programs [Guest]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\OneDrive.e xe =>.Microsoft Corporation®
O4 - GS\Programs [Guest]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Ivan Reyes Ortega]: Adobe Illustrator CS6.lnk . (.Adobe Systems Inc. - Adobe Illustrator CS6.) C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\Illustrator.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Ivan Reyes Ortega]: Adobe InDesign CS6.lnk . (.Adobe Systems Incorporated - Adobe InDesign CS6.) C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Ivan Reyes Ortega]: Adobe Photoshop CS6 (64 Bit).lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS6.) C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Ivan Reyes Ortega]: Discord.lnk . (.GitHub - Update.) C:\Users\Ivan Reyes Ortega\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
O4 - GS\Desktop [Ivan Reyes Ortega]: iTunes.lnk . (.Apple Inc. - .) C:\Program Files (x86)\iTunes\iTunes.exe =>.Apple Inc.
O4 - GS\Desktop [Ivan Reyes Ortega]: MATLAB.lnk . (.The MathWorks Inc. - MATLAB Starter Application.) C:\Program Files\MATLAB\MATLAB Production Server\R2015a\bin\matlab.exe =>.The MathWorks Inc.
O4 - GS\Desktop [Ivan Reyes Ortega]: Nеxon Launcher.lnk . (…) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.rehcnual_noxen .bat
O4 - GS\Desktop [Ivan Reyes Ortega]: Skype.lnk . (…) C:\WINDOWS\Installer{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe
O4 - GS\Desktop [Ivan Reyes Ortega]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Ivan Reyes Ortega]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\Desktop [Ivan Reyes Ortega]: ViewNX 2.lnk . (.Nikon Corporation - ViewNX 2.) C:\Program Files (x86)\Nikon\ViewNX 2\ViewNX2.exe =>.Nikon Corporation
O4 - GS\Desktop [Ivan Reyes Ortega]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Ivan Reyes Ortega]: Google Chrome.lnk . (…) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Quicklaunch [Ivan Reyes Ortega]: Gоogle Chrоmе.lnk . (…) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat
O4 - GS\Quicklaunch [Ivan Reyes Ortega]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Ivan Reyes Ortega]: Lаunch Intеrnet Exрlorеr Вrowsеr.lnk . (…) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.erolpxei.bat
O4 - GS\Quicklaunch [Ivan Reyes Ortega]: Samsung Kies 3.lnk . (.Samsung - Kies.) C:\Program Files (x86)\Samsung\Kies3\Kies3.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\sendTo [Ivan Reyes Ortega]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Ivan Reyes Ortega]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Ivan Reyes Ortega]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [Ivan Reyes Ortega]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\TaskBar [Ivan Reyes Ortega]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\Startup [Ivan Reyes Ortega]: Monitor Ink Alerts - HP DeskJet 1110 series.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\WINDOWS\system32\RunDll32.exe “C:\Program Files\HP\HP DeskJet 1110 series\bin\HPStatusBL.dll”,RunDLLEntry SERIALNUMBER=CN634281GF065S;CONNECTION=USB;MONITOR =1; =>.Microsoft Corporation
O4 - GS\Programs [Ivan Reyes Ortega]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\OneDrive.e xe =>.Microsoft Corporation®
O4 - GS\Programs [Ivan Reyes Ortega]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Joanne]: Adobe Illustrator CS6.lnk . (.Adobe Systems Inc. - Adobe Illustrator CS6.) C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\Illustrator.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Joanne]: Adobe InDesign CS6.lnk . (.Adobe Systems Incorporated - Adobe InDesign CS6.) C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Joanne]: Adobe Photoshop CS6 (64 Bit).lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS6.) C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Joanne]: Discord.lnk . (.GitHub - Update.) C:\Users\Ivan Reyes Ortega\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
O4 - GS\Desktop [Joanne]: iTunes.lnk . (.Apple Inc. - .) C:\Program Files (x86)\iTunes\iTunes.exe =>.Apple Inc.
O4 - GS\Desktop [Joanne]: MATLAB.lnk . (.The MathWorks Inc. - MATLAB Starter Application.) C:\Program Files\MATLAB\MATLAB Production Server\R2015a\bin\matlab.exe =>.The MathWorks Inc.
O4 - GS\Desktop [Joanne]: Nеxon Launcher.lnk . (…) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.rehcnual_noxen .bat
O4 - GS\Desktop [Joanne]: Skype.lnk . (…) C:\WINDOWS\Installer{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe
O4 - GS\Desktop [Joanne]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Joanne]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\Desktop [Joanne]: ViewNX 2.lnk . (.Nikon Corporation - ViewNX 2.) C:\Program Files (x86)\Nikon\ViewNX 2\ViewNX2.exe =>.Nikon Corporation
O4 - GS\Desktop [Joanne]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Joanne]: Google Chrome.lnk . (…) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Quicklaunch [Joanne]: Gоogle Chrоmе.lnk . (…) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat
O4 - GS\Quicklaunch [Joanne]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Joanne]: Lаunch Intеrnet Exрlorеr Вrowsеr.lnk . (…) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.erolpxei.bat
O4 - GS\Quicklaunch [Joanne]: Samsung Kies 3.lnk . (.Samsung - Kies.) C:\Program Files (x86)\Samsung\Kies3\Kies3.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\sendTo [Joanne]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Joanne]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Joanne]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [Joanne]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\TaskBar [Joanne]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\Startup [Joanne]: Monitor Ink Alerts - HP DeskJet 1110 series.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\WINDOWS\system32\RunDll32.exe “C:\Program Files\HP\HP DeskJet 1110 series\bin\HPStatusBL.dll”,RunDLLEntry SERIALNUMBER=CN634281GF065S;CONNECTION=USB;MONITOR =1; =>.Microsoft Corporation
O4 - GS\Programs [Joanne]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\OneDrive.e xe =>.Microsoft Corporation®
O4 - GS\Programs [Joanne]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\CommonDesktop [Public]: Adobe Reader XI.lnk . (.Adobe Systems Incorporated - Adobe Reader.) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe =>.Adobe Systems, Incorporated®
O4 - GS\CommonDesktop [Public]: AutoCAD.lnk . (.Autodesk, Inc. - .) C:\Program Files (x86)\Autodesk\AutoCAD 2016\acad.exe /product ACAD /language “en-US” =>.Autodesk, Inc.
O4 - GS\CommonDesktop [Public]: Autodesk ReCap.lnk . (.Autodesk - .) C:\Program Files (x86)\Autodesk\Autodesk ReCap 2016\recap.exe =>.Autodesk
O4 - GS\CommonDesktop [Public]: Quik.lnk . (…) C:\Program Files (x86)\GoPro\GoPro Desktop App\Quik.exe
O4 - GS\CommonDesktop [Public]: Zemana AntiMalware.lnk . (.Zemana Ltd. - ZAM.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
O4 - GS\CommonDesktop [Public]: Ваttle.nеt.lnk . (…) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.rehcnual ten.elttab.bat
O4 - GS\Programs [Public]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\OneDrive.e xe =>.Microsoft Corporation®
O4 - GS\Programs [Public]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Startup [Public]: GoPro Importer.lnk . (…) C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe =>.Hewlett Packard®
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\WINDOWS\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Quick Assist.lnk . (.Microsoft Corporation - Quick Assist.) C:\WINDOWS\system32\quickassist.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\WINDOWS\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Steps Recorder.) C:\WINDOWS\system32\psr.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\WINDOWS\system32\xpsrchvw.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\WINDOWS\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Adobe Help.lnk . (…) C:\Program Files (x86)\Adobe\Adobe Help\Adobe Help.exe
O4 - GS\ProgramsCommon [Public]: Adobe Reader XI.lnk . (…) C:\WINDOWS\Installer{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
O4 - GS\ProgramsCommon [Public]: Apple Software Update.lnk . (…) C:\WINDOWS\Installer{56EC47AA-5813-4FF6-8E75-544026FBEA83}\AppleSoftwareUpdateIco.exe
O4 - GS\ProgramsCommon [Public]: Gооgle Chrоmе.lnk . (…) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat
O4 - GS\ProgramsCommon [Public]: I.R.I.S. OCR Registration.lnk . (.I.R.I.S. Image Recognition Integarted Systems - Registration Wizard.) C:\Program Files (x86)\HP\Digital Imaging\DocProc\regipe.exe =>.IMAGE RECOGNITION INTEGRATED SYSTEMS SA®
O4 - GS\ProgramsCommon [Public]: Immersive Control Panel.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\WINDOWS\System32\Control.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Lenovo Cloud Storage by SugarSync.lnk . (.SugarSync, Inc. - SugarSync Manager.) C:\Program Files (x86)\SugarSync\SugarSyncManager.exe =>.SugarSync, Inc.®
O4 - GS\ProgramsCommon [Public]: MATLAB R2015a.lnk . (.The MathWorks Inc. - .) C:\Program Files (x86)\MATLAB\MATLAB Production Server\R2015a\bin\matlab.exe =>.The MathWorks Inc.
O4 - GS\ProgramsCommon [Public]: MiracastView.lnk . (.Microsoft Corporation - MiracastView.) C:\WINDOWS\MiracastView\MiracastView.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: Movie Maker.lnk . (.Microsoft Corporation - Movie Maker.) C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Nitro Pro 8.lnk . (…) C:\windows\Installer{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}\Professional.ico
O4 - GS\ProgramsCommon [Public]: Photo Gallery.lnk . (.Microsoft Corporation - Photo Gallery.) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: PrintDialog.lnk . (.Microsoft Corporation - Print Dialog.) C:\WINDOWS\PrintDialog\PrintDialog.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Live Messenger.lnk . (.Microsoft Corporation - Windows Live Messenger.) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
—\ Lop.com/Domain Hijackers (1) - 0s
O17 - HKLM\System\CCS\Services\Tcpip..{0d7355bc-6532-4c94-b735-8764407bd143}: DhcpNameServer = 10.0.0.1
—\ Extra protocols (27) - 1s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: livecall [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) – C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll =>.Microsoft Corporation®
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) – C:\Windows\SysWOW64\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: msnim [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) – C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll =>.Microsoft Corporation®
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: skype4com [64Bits] - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype4COM.) – C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll =>.Skype Software Sarl®
O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) – C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) – C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) – C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation®
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) – C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation®
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
—\ Software installed (202) - 31s
O42 - Logiciel: 1500 - (.Hewlett-Packard.) [HKLM][64Bits] – {427385C9-AC30-484B-AC63-94A8B37225D0} =>.Hewlett-Packard
O42 - Logiciel: 1500_Help - (.Hewlett-Packard.) [HKLM][64Bits] – {A2101ACC-DC36-42AA-A576-6FD6A8D466DA} =>.Hewlett-Packard
O42 - Logiciel: 1500Trb - (.Hewlett-Packard.) [HKLM][64Bits] – {A4C6B32D-5088-40AF-B74D-CDABEF144F04} =>.Hewlett-Packard
O42 - Logiciel: 64 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM][64Bits] – {FF21C3E6-97FD-474F-9518-8DCBE94C2854} =>.Hewlett-Packard
O42 - Logiciel: A360 Desktop - (.Autodesk.) [HKLM][64Bits] – {B209E611-5511-4AD6-B4B3-9D36F93DBCD4} =>.Autodesk
O42 - Logiciel: ACA & MEP 2016 Object Enabler - (.Autodesk.) [HKLM][64Bits] – {5783F2D7-F004-0000-5102-0060B0CE6BBA} =>.Autodesk
O42 - Logiciel: ACAD Private - (.Autodesk.) [HKLM][64Bits] – {5783F2D7-F001-0000-3102-0060B0CE6BBA} =>.Autodesk
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {FE23D063-934D-4829-A0D8-00634CE79B4A} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] – Adobe AIR =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Creative Suite 6 Master Collection - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0} =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Help Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {AF37176A-78CA-545B-34EF-8B6A21514DD1} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Help Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] – chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Reader XI (11.0.14) - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {AC76BA86-7AD7-1033-7B44-AB0000000001} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {AC76BA86-0804-1033-1959-001824205020} =>.Adobe Systems Incorporated
O42 - Logiciel: AIO_CDB_ProductContext - (.Hewlett-Packard.) [HKLM][64Bits] – {D5045A94-1D46-44A7-9C4F-7D05B40D82EC} =>.Hewlett-Packard
O42 - Logiciel: AIO_CDB_Software - (.Hewlett-Packard.) [HKLM][64Bits] – {2DFDE21D-AFFE-4CDD-BBD4-3B7832BEC036} =>.Hewlett-Packard
O42 - Logiciel: AIO_Scan - (.Hewlett-Packard.) [HKLM][64Bits] – {104066F4-5897-4067-85D3-4C88B67CCF75} =>.Hewlett-Packard
O42 - Logiciel: ANT Drivers Installer x64 - (.Garmin Ltd or its subsidiaries.) [HKLM][64Bits] – {CAED120A-1F05-4B8F-B76E-A3EA5C328AB8} =>.Garmin Ltd or its subsidiaries
O42 - Logiciel: Apple Application Support (32-bit) - (.Apple Inc..) [HKLM][64Bits] – {D4B07658-F443-4445-A261-E643996E139D} =>.Apple Inc.
O42 - Logiciel: Apple Application Support (64-bit) - (.Apple Inc..) [HKLM][64Bits] – {A6B0442B-E159-444B-B49D-6B9AC531EAE3} =>.Apple Inc.
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM][64Bits] – {2E4AF2A6-50EA-4260-9BA4-5E582D11879A} =>.Apple Inc.
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] – {56EC47AA-5813-4FF6-8E75-544026FBEA83} =>.Apple Inc.
O42 - Logiciel: aTube Catcher - (.DsNET Corp.) [HKLM][64Bits] – aTube Catcher =>.DsNET Corp
O42 - Logiciel: aTube Catcher version 3.8 - (.DsNET Corp.) [HKLM][64Bits] – {D43B360E-722D-421B-BC77-20B9E0F8B6CD}is1 =>.DsNET Corp
O42 - Logiciel: AutoCAD 2016 - (.Autodesk.) [HKLM][64Bits] – {5783F2D7-F001-0000-0102-0060B0CE6BBA} =>.Autodesk
O42 - Logiciel: AutoCAD 2016 - English - (.Autodesk.) [HKLM][64Bits] – {5783F2D7-F001-0409-2102-0060B0CE6BBA} =>.Autodesk, Inc®
O42 - Logiciel: AutoCAD 2016 Language Pack - English - (.Autodesk.) [HKLM][64Bits] – {5783F2D7-F001-0409-1102-0060B0CE6BBA} =>.Autodesk
O42 - Logiciel: Autodesk Advanced Material Library Image Library 2016 - (.Autodesk.) [HKLM][64Bits] – {94AD53E7-493B-4291-8714-7A3B761D2783} =>.Autodesk
O42 - Logiciel: Autodesk App Manager 2016 - (.Autodesk.) [HKLM][64Bits] – {4ECF9E00-2978-46AF-BD80-455EFEAB7A93} =>.Autodesk
O42 - Logiciel: Autodesk Application Manager - (.Autodesk.) [HKLM][64Bits] – Autodesk Application Manager =>.Autodesk, Inc®
O42 - Logiciel: Autodesk AutoCAD 2016 - English - (.Autodesk.) [HKLM][64Bits] – AutoCAD 2016 - English =>.Autodesk, Inc®
O42 - Logiciel: Autodesk AutoCAD Performance Feedback Tool 1.2.4 - (.Autodesk.) [HKLM][64Bits] – {4E20873D-BC20-495C-AFD9-B18877B7F9BB} =>.Autodesk
O42 - Logiciel: Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit - (.Autodesk.) [HKLM][64Bits] – {4BEE127E-95C4-434D-ABAC-65155192BB24} =>.Autodesk
O42 - Logiciel: Autodesk Content Service - (.Autodesk.) [HKLM][64Bits] – {A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F} =>.Autodesk
O42 - Logiciel: Autodesk Content Service - (.Autodesk.) [HKLM][64Bits] – Autodesk Content Service =>.Autodesk, Inc®
O42 - Logiciel: Autodesk Content Service Language Pack - (.Autodesk.) [HKLM][64Bits] – {A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F} =>.Autodesk
O42 - Logiciel: Autodesk Design Review 2013 - (.Autodesk, Inc..) [HKLM][64Bits] – {153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB} =>.Autodesk, Inc.
O42 - Logiciel: Autodesk Design Review 2013 - (.Autodesk, Inc..) [HKLM][64Bits] – Autodesk Design Review 2013 =>.Autodesk, Inc®
O42 - Logiciel: Autodesk Featured Apps 2016 - (.Autodesk.) [HKLM][64Bits] – {D42F37CD-9AF9-4435-A474-B387C5BB6B47} =>.Autodesk
O42 - Logiciel: Autodesk Material Library 2016 - (.Autodesk.) [HKLM][64Bits] – {29A7D6EC-63C2-42FD-8143-5812ABD2923F} =>.Autodesk
O42 - Logiciel: Autodesk Material Library Base Resolution Image Library 2016 - (.Autodesk.) [HKLM][64Bits] – {6B4CFC6E-ECB0-47FE-95D3-65C680ED0687} =>.Autodesk
O42 - Logiciel: Autodesk Material Library Medium Resolution Image Library 2016 - (.Autodesk.) [HKLM][64Bits] – {415A5A54-325E-4815-9940-62A889CA3877} =>.Autodesk
O42 - Logiciel: Autodesk ReCap 2016 - (.Autodesk.) [HKLM][64Bits] – {F6FD1651-0000-1033-0102-387BAF9B3B0A} =>.Autodesk
O42 - Logiciel: Autodesk ReCap 2016 - (.Autodesk.) [HKLM][64Bits] – Autodesk ReCap 2016 =>.Autodesk, Inc®
O42 - Logiciel: Battle.net - (.Blizzard Entertainment.) [HKLM][64Bits] – Battle.net =>.Blizzard Entertainment, Inc.®
O42 - Logiciel: BattleBlock Theater - (.The Behemoth.) [HKLM][64Bits] – Steam App 238460 =>.Valve®
O42 - Logiciel: BlueStacks App Player - (.BlueStack Systems, Inc..) [HKLM][64Bits] – BlueStacks =>.BlueStack Systems, Inc.®
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM][64Bits] – {56DDDFB8-7F79-4480-89D5-25E1F52AB28F} =>.Apple Inc.
O42 - Logiciel: Brawlhalla - (.Blue Mammoth Games.) [HKLM][64Bits] – Steam App 291550 =>.Valve®
O42 - Logiciel: Broforce - (.Free Lives.) [HKLM][64Bits] – Steam App 274190 =>.Valve®
O42 - Logiciel: BufferChm - (.Hewlett-Packard.) [HKLM][64Bits] – {FA0FF682-CC70-4C57-93CD-E276F3E7537E} =>.Hewlett-Packard
O42 - Logiciel: Castle Crashers - (.The Behemoth.) [HKLM][64Bits] – Steam App 204360 =>.Valve®
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] – CCleaner =>.Piriform Ltd®
O42 - Logiciel: Copy - (.Hewlett-Packard.) [HKLM][64Bits] – {9BE466FF-70B7-4DA8-807C-DB4C3610FDAA} =>.Hewlett-Packard
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] – {E09C4DB7-630C-4F06-A631-8EA7239923AF} =>.Microsoft
O42 - Logiciel: Destinations - (.Hewlett-Packard.) [HKLM][64Bits] – {BD7204BA-DD64-499E-9B55-6A282CDF4FA4} =>.Hewlett-Packard
O42 - Logiciel: DeviceDiscovery - (.Hewlett-Packard.) [HKLM][64Bits] – {1458BB78-1DC5-4BC0-B9A3-2B644F5A8105} =>.Hewlett-Packard
O42 - Logiciel: Discord - (.Hammer & Chisel, Inc..) [HKCU][64Bits] – Discord =>.Hammer & Chisel Inc.®
O42 - Logiciel: DocProc - (.Hewlett-Packard.) [HKLM][64Bits] – {9B362566-EC1B-4700-BB9C-EC661BDE2175} =>.Hewlett-Packard
O42 - Logiciel: Dolby Home Theater v4 - (.Dolby Laboratories Inc.) [HKLM][64Bits] – {B26438B4-BF51-49C3-9567-7F14A5E40CB9} =>.Dolby Laboratories Inc
O42 - Logiciel: Don’t Starve Together Beta - (.Klei Entertainment.) [HKLM][64Bits] – Steam App 322330 =>.Valve®
O42 - Logiciel: Dragon Assistant Application en-US version 1.5.0 - (.Nuance Communications, Inc..) [HKLM][64Bits] – {1CCBE73F-4948-4711-8D12-22E2FD65D706}is1 =>.Nuance Communications, Inc.®
O42 - Logiciel: Dragon Assistant Core Recognition Service version 1.1.4 - (.Nuance Communications, Inc..) [HKLM][64Bits] – {E97BA7A6-46FC-4EBF-B24A-B8362948C696}is1 =>.Nuance Communications, Inc.®
O42 - Logiciel: Dragon Assistant Language Data en-US version 1.1.1 - (.Nuance Communications, Inc..) [HKLM][64Bits] – {4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}is1 =>.Nuance Communications, Inc.®
O42 - Logiciel: Dragon Assistant version 1.5.0 - (.Nuance Communications, Inc..) [HKLM][64Bits] – {D57A8269-3BE5-4D10-B882-64D0F2D448BF}is1 =>.Nuance Communications, Inc.®
O42 - Logiciel: Driver & Application Installation - (.Lenovo.) [HKLM][64Bits] – {BFECCF2A-F094-4066-8BFA-29CCBB7F6602} =>.Macrovision Corporation®
O42 - Logiciel: Easy Photo Scan - (.Seiko Epson Corporation.) [HKLM][64Bits] – {1A6DED1E-A024-455D-AA82-203D6B3B0CBC} =>.Seiko Epson Corporation
O42 - Logiciel: EducationPortal - (.Lenovo.) [HKLM][64Bits] – {65487538-FF20-421B-91DB-F6634B8D264C} =>.Lenovo
O42 - Logiciel: Elevated Installer - (.Garmin Ltd or its subsidiaries.) [HKLM][64Bits] – {A53F1B50-A664-4D28-92FE-DD5F507F34BC} =>.Garmin Ltd or its subsidiaries
O42 - Logiciel: Epson Copy Utility 4 - (.Seiko Epson Corporation.) [HKLM][64Bits] – {06A7E8AB-2856-4490-BAA9-F338ABE7695A} =>.Seiko Epson Corporation
O42 - Logiciel: Epson Event Manager - (.Seiko Epson Corporation.) [HKLM][64Bits] – {17FA0444-A025-43B9-862C-81AE6307C2F2} =>.Seiko Epson Corporation
O42 - Logiciel: EPSON Scan - (.Seiko Epson Corporation.) [HKLM][64Bits] – EPSON Scanner =>.SEIKO EPSON CORPORATION®
O42 - Logiciel: EPSON Scan OCR Component - (.SEIKO EPSON Corp..) [HKLM][64Bits] – {563B99D8-8895-4E3E-AE8D-15BE8C05F1C1} =>.Macrovision Corporation®
O42 - Logiciel: Everything 1.3.4.686 (x64) - (..) [HKLM][64Bits] – Everything
O42 - Logiciel: Ezvid - (.Ezvid, inc..) [HKLM][64Bits] – {F96D619D-99D6-4C9C-A393-0CD22DE1CA66}is1 =>.Ezvid, inc.
O42 - Logiciel: FARO LS 1.1.502.0 (64bit) - (.FARO Scanner Production.) [HKLM][64Bits] – {66D83FE0-D798-4B38-86FE-FB48151E5AEF} =>.FARO Scanner Production
O42 - Logiciel: Fax - (.Hewlett-Packard.) [HKLM][64Bits] – {9294F169-72EE-4D74-AE92-CA25F64B4FF8} =>.Hewlett-Packard
O42 - Logiciel: Find the Differences - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] – {65F9B587-24A7-466A-999A-9C5F9D452400} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: Find the Differences - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] – InstallShield{65F9B587-24A7-466A-999A-9C5F9D452400} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: Finding the Letters - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] – {535FB733-FFCF-4460-8694-664A2F6C53B4} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: Finding the Letters - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] – InstallShield{535FB733-FFCF-4460-8694-664A2F6C53B4} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: FreeRide Games - (.Exent Technologies.) [HKLM][64Bits] – {6C26A305-4549-4A8A-9F03-25719C03B0FB}
O42 - Logiciel: Fruits - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] – {AA39BFDE-71E5-46A6-A10B-44C2F45A341E} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: Fruits - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] – InstallShield{AA39BFDE-71E5-46A6-A10B-44C2F45A341E} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: GamePortal - (.Lenovo.) [HKLM][64Bits] – {530A0CD0-4158-45BE-AD45-8DC7019C597F} =>.Lenovo
O42 - Logiciel: Garmin Express - (.Garmin Ltd or its subsidiaries.) [HKLM][64Bits] – {D1B261D6-EBAE-4129-8EFB-C04E14DCEF6A} =>.Garmin Ltd or its subsidiaries
O42 - Logiciel: Garmin Express - (.Garmin Ltd or its subsidiaries.) [HKLM][64Bits] – {d74c733b-9216-49f5-ae3a-14bf3a3d66f5} =>.Garmin International, Inc.®
O42 - Logiciel: Garmin Express Tray - (.Garmin Ltd or its subsidiaries.) [HKLM][64Bits] – {5250BDEA-3EA9-441C-8233-9CBEC6A799BD} =>.Garmin Ltd or its subsidiaries
O42 - Logiciel: GoPro Studio - (.GoPro, Inc..) [HKLM][64Bits] – {7BDB9575-D4C8-42B0-84EA-1CD654F63637} =>.GoPro, Inc.
O42 - Logiciel: Grow Home - (.Reflections, a Ubisoft Studio.) [HKLM][64Bits] – Steam App 323320 =>.Valve®
O42 - Logiciel: Guacamelee! Gold Edition - (.DrinkBox Studios.) [HKLM][64Bits] – Steam App 214770 =>.Valve®
O42 - Logiciel: HP DeskJet 1110 series Basic Device Software - (.Hewlett-Packard Co..) [HKLM][64Bits] – {87DEBE9C-FD90-4E36-8AD8-608F871B9BD9} =>.Hewlett-Packard Co.
O42 - Logiciel: HP Imaging Device Functions 14.0 - (.HP.) [HKLM][64Bits] – HP Imaging Device Functions =>.Hewlett Packard®
O42 - Logiciel: HP Photo Creations - (.HP Photo Creations Powered by RocketLife.) [HKLM][64Bits] – HP Photo Creations =>.Visan Industries®
O42 - Logiciel: HP Photosmart Officejet and Deskjet All-In-One Driver Software - (.HP.) [HKLM][64Bits] – {6F5B70F0-EA6C-4A5B-BB16-8390BD66B251} =>.Hewlett Packard®
O42 - Logiciel: HPPhotoGadget - (.Hewlett-Packard.) [HKLM][64Bits] – {CAE4213F-F797-439D-BD9E-79B71D115BE3} =>.Hewlett-Packard
O42 - Logiciel: HPSSupply - (.Hewlett-Packard.) [HKLM][64Bits] – {AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3} =>.Hewlett-Packard
O42 - Logiciel: iCloud - (.Apple Inc..) [HKLM][64Bits] – {309768A4-A2BB-4930-A5A2-8169678C9B4C} =>.Apple Inc.
O42 - Logiciel: Intel AppUp(SM) center - (.Intel.) [HKLM][64Bits] – Intel AppUp(SM) center 33057 =>.Intel AppUp(SM) center®
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] – {65153EA5-8B6E-43B6-857B-C6E4FC25798A} =>.Intel Corporation®
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] – {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} =>.Intel Corporation - pGFX®
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] – {409CB30E-E457-4008-9B1A-ED1B9EA21140} =>.Intel Corporation
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] – {7629623D-F0D0-4AC6-A763-FBE06ED8288C} =>.Intel Corporation
O42 - Logiciel: Intel(R) SDK for OpenCL - CPU Only Runtime Package - (.Intel Corporation.) [HKLM][64Bits] – {FCB3772C-B7D0-4933-B1A9-3707EBACC573} =>.Intel Corporation
O42 - Logiciel: Intel(R) Update Manager - (.Intel Corporation.) [HKLM][64Bits] – {7224B7CE-196C-4E2A-A1AE-1D7BF259FD36} =>.Intel Corporation
O42 - Logiciel: Intel® Trusted Connect Service Client - (.Intel Corporation.) [HKLM][64Bits] – {F4404AFD-2EF3-40C1-8C09-29E5F3B6972B} =>.Intel Corporation
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM][64Bits] – {955524E7-79EB-4CA9-BA4D-FD2DF587651B} =>.Apple Inc.
O42 - Logiciel: Java 8 Update 51 - (.Oracle Corporation.) [HKLM][64Bits] – {26A24AE4-039D-4CA4-87B4-2F83218051F0} =>.Oracle Corporation
O42 - Logiciel: Java Auto Updater - (.Oracle Corporation.) [HKLM][64Bits] – {4A03706F-666A-4037-7777-5F2748764D10} =>.Oracle Corporation
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] – {0BE9E708-5DC0-4963-9CFD-0AA519090E79} =>.Microsoft Corporation
O42 - Logiciel: Lenovo Bluetooth with Enhanced Data Rate Software - (.Broadcom Corporation.) [HKLM][64Bits] – {C6D9ED03-6FCF-4410-9CB7-45CA285F9E11} =>.Broadcom Corporation
O42 - Logiciel: Lenovo BrgVolOSD - (.Lenovo.) [HKLM][64Bits] – {B0CAB976-C41D-4800-A7BA-CBD4BF4EA920} =>.Lenovo
O42 - Logiciel: Lenovo Dashboard - (.Lenovo.) [HKLM][64Bits] – {FEF1833C-244C-4DF2-AB67-1E1D26921ED8} =>.Lenovo
O42 - Logiciel: Lenovo Photos - (.CEWE COLOR AG u Co. OHG.) [HKLM][64Bits] – Lenovo Photos =>.CEWE COLOR AG u Co. OHG
O42 - Logiciel: Lenovo Power2Go - (.CyberLink Corp..) [HKLM][64Bits] – {40BF1E83-20EB-11D8-97C5-0009C5020658} =>.CyberLink®
O42 - Logiciel: Lenovo Power2Go - (.CyberLink Corp..) [HKLM][64Bits] – InstallShield{40BF1E83-20EB-11D8-97C5-0009C5020658} =>.CyberLink®
O42 - Logiciel: Lenovo PowerDVD10 - (.CyberLink Corp..) [HKLM][64Bits] – {DEC235ED-58A4-4517-A278-C41E8DAEAB3B} =>.CyberLink®
O42 - Logiciel: Lenovo PowerDVD10 - (.CyberLink Corp..) [HKLM][64Bits] – InstallShield{DEC235ED-58A4-4517-A278-C41E8DAEAB3B} =>.CyberLink®
O42 - Logiciel: Lenovo Rescue System - (.CyberLink Corp..) [HKLM][64Bits] – {46F4D124-20E5-4D12-BE52-EC177A7A4B42} =>.CyberLink®
O42 - Logiciel: Lenovo Rescue System - (.CyberLink Corp..) [HKLM][64Bits] – InstallShield{46F4D124-20E5-4D12-BE52-EC177A7A4B42} =>.CyberLink®
O42 - Logiciel: Lenovo Silver Silk Wireless Keyboard - (.Lenovo.) [HKLM][64Bits] – {B88AD4F5-58A6-425D-9282-92228FEB7067} =>.Lenovo
O42 - Logiciel: Lenovo Silver Silk Wireless Keyboard - (.Lenovo.) [HKLM][64Bits] – InstallShield_{B88AD4F5-58A6-425D-9282-92228FEB7067} =>.Lenovo
O42 - Logiciel: Lenovo USB2.0 UVC Camera - (.Vimicro Corporation.) [HKLM][64Bits] – {70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B} =>.Macrovision Corporation®
O42 - Logiciel: Lenovo YouCam - (.CyberLink Corp..) [HKLM][64Bits] – {01FB4998-33C4-4431-85ED-079E3EEFE75D} =>.CyberLink®
O42 - Logiciel: Lenovo YouCam - (.CyberLink Corp..) [HKLM][64Bits] – InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} =>.CyberLink®
O42 - Logiciel: LenovoUtility version 1.0 - (.Lenovo.) [HKLM][64Bits] – {4F949BD9-1E99-40C7-9102-C67E2D384995}is1 =>.Lenovo
O42 - Logiciel: LogMeIn Hamachi - (.LogMeIn, Inc..) [HKLM][64Bits] – {91B5DF26-717A-4A5F-AB10-CD450FAD428C} =>.LogMeIn, Inc.
O42 - Logiciel: LogMeIn Hamachi - (.LogMeIn, Inc..) [HKLM][64Bits] – LogMeIn Hamachi =>.LogMeIn, Inc.
O42 - Logiciel: LVT - (.Lenovo.) [HKLM][64Bits] – {9E3469A6-443A-452C-BF44-8D7CE3A9A7E2} =>.Macrovision Corporation®
O42 - Logiciel: Malwarebytes Anti-Malware version 2.2.1.1043 - (.Malwarebytes.) [HKLM][64Bits] – Malwarebytes Anti-Malware_is1 =>.Malwarebytes
O42 - Logiciel: Manual Perfection V19_V39 versión 1.0 - (..) [HKLM][64Bits] – UsersGuideManual Perfection V19_V39_is1 =>.Epson America, Inc.®
O42 - Logiciel: MapleStory - (..) [HKLM][64Bits] – MapleStory =>.NEXON Korea Corporation.®
O42 - Logiciel: Mark of the Ninja - (.Klei Entertainment.) [HKLM][64Bits] – Steam App 214560 =>.Valve®
O42 - Logiciel: Matching Roles - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] – {92736E44-7608-4D80-9333-E40C82B7E8B3} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: Matching Roles - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] – InstallShield{92736E44-7608-4D80-9333-E40C82B7E8B3} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: MATLAB R2015a - (.MathWorks.) [HKLM][64Bits] – Matlab R2015a =>.The MathWorks, Inc.®
O42 - Logiciel: Microsoft Application Error Reporting - (.Microsoft Corporation.) [HKLM][64Bits] – {95120000-00B9-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] – {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
O42 - Logiciel: Microsoft XNA Framework Redistributable 4.0 Refresh - (.Microsoft Corporation.) [HKLM][64Bits] – {D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F} =>.Microsoft Corporation
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] – {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} =>.Microsoft
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] – {D0B44725-3666-492D-BEF6-587A14BD9BD9} =>.Microsoft
O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM][64Bits] – {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA} =>.Microsoft
O42 - Logiciel: MSVCRT110_amd64 - (.Microsoft.) [HKLM][64Bits] – {E9FA781F-3E80-4399-825A-AD3E11C28C77} =>.Microsoft
O42 - Logiciel: Network64 - (.Hewlett-Packard.) [HKLM][64Bits] – {6BFAB6C1-6D46-46DB-A538-A269907C9F2F} =>.Hewlett-Packard
O42 - Logiciel: Nexon Game Manager - (..) [HKLM][64Bits] – {EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E} =>.NEXON Korea Corporation.®
O42 - Logiciel: Nexon Launcher - (.Nexon.) [HKLM][64Bits] – Nexon Nexon Launcher =>.Nexon
O42 - Logiciel: Nikon File Uploader 2 - (.Nikon.) [HKLM][64Bits] – {D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599} =>.Nikon
O42 - Logiciel: Nikon Message Center 2 - (.Nikon.) [HKLM][64Bits] – {B014EE44-9197-4513-9613-71E6EB1B514E} =>.Nikon
O42 - Logiciel: Nitro Pro 8 - (.Nitro.) [HKLM][64Bits] – {34BE77EE-B563-49D7-A8A0-FFD76D29BBD3} =>.Nitro
O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM][64Bits] – {B455E95A-B804-439F-B533-336B1635AE97} =>.NVIDIA Corporation
O42 - Logiciel: OCR Software by I.R.I.S. 14.0 - (.HP.) [HKLM][64Bits] – HPOCR =>.Hewlett Packard®
O42 - Logiciel: OpenAL - (..) [HKLM][64Bits] – OpenAL =>.Creative Labs Inc®
O42 - Logiciel: PDF Settings CS6 - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {BFEAAE77-BD7F-4534-B286-9C5CB4697EB1} =>.Adobe Systems Incorporated
O42 - Logiciel: Picture Control Utility - (.Nikon.) [HKLM][64Bits] – {87441A59-5E64-4096-A170-14EFE67200C3} =>.Nikon
O42 - Logiciel: Portal - (.Valve.) [HKLM][64Bits] – Steam App 400 =>.Valve®
O42 - Logiciel: Puzzle - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] – {6EB7ECE3-E3BE-481D-821B-F1AFFA244D64} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: Puzzle - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] – InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM][64Bits] – {28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} =>Riskware.QuickTime
O42 - Logiciel: Quik - (.GoPro, Inc..) [HKLM][64Bits] – {0d91b40f-e179-491c-a726-cd71dc297e8a} =>.GoPro, Inc.®
O42 - Logiciel: Quik - (.GoPro, Inc..) [HKLM][64Bits] – {6249867C-ACE2-4400-AD50-4D6945A8EA8A} =>.GoPro, Inc.
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] – {8833FFB6-5B0C-4764-81AA-06DFEED9A476} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] – {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Realtek PCIE Card Reader - (.Realtek Semiconductor Corp..) [HKLM][64Bits] – {C1594429-8296-4652-BF54-9DBE4932A44C} =>.Realtek Semiconductor Corp®
O42 - Logiciel: REALTEK Wireless LAN Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] – {B20F9D1C-A0A5-4cd8-8306-DA03872311B1} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Relic Hunters Zero - (.Rogue Snail.) [HKLM][64Bits] – Steam App 382490 =>.Valve®
O42 - Logiciel: Risk of Rain - (..) [HKLM][64Bits] – Steam App 248820 =>.Valve®
O42 - Logiciel: Rocket League - (.Psyonix.) [HKLM][64Bits] – Steam App 252950 =>.Valve®
O42 - Logiciel: Samsung Kies3 - (.Samsung Electronics Co., Ltd..) [HKLM][64Bits] – {88547073-C566-4895-9005-EBE98EA3F7C7} =>.Samsung Electronics Co., Ltd.
O42 - Logiciel: Samsung Kies3 - (.Samsung Electronics Co., Ltd..) [HKLM][64Bits] – InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7} =>.Samsung Electronics Co., Ltd.
O42 - Logiciel: SAMSUNG USB Driver for Mobile Phones - (.SAMSUNG Electronics Co., Ltd..) [HKLM][64Bits] – {D0795B21-0CDA-4a92-AB9E-6E92D8111E44} =>.DEVGURU CO LTD®
O42 - Logiciel: Scan - (.Hewlett-Packard.) [HKLM][64Bits] – {06A1D88C-E102-4527-AF70-29FFD7AF215A} =>.Hewlett-Packard
O42 - Logiciel: Shared C Run-time for x64 - (.McAfee.) [HKLM][64Bits] – {EF79C448-6946-4D71-8134-03407888C054} =>.McAfee
O42 - Logiciel: Shop for HP Supplies - (.HP.) [HKLM][64Bits] – Shop for HP Supplies =>.Hewlett Packard®
O42 - Logiciel: SketchUp Import 2016 - (.Autodesk.) [HKLM][64Bits] – {C769FB7C-1F55-4B31-9A2A-21CEC50F4F92} =>.Autodesk
O42 - Logiciel: Skype™ 7.30 - (.Skype Technologies S.A..) [HKLM][64Bits] – {FC965A47-4839-40CA-B618-18F486F042C6} =>.Skype Technologies S.A.
O42 - Logiciel: Snowflake Suite - (.Natural User Interface Technologies AB.) [HKLM][64Bits] – {E03B9D73-3806-4466-97B1-75C4486F65DF} =>.Natural User Interface Technologies AB
O42 - Logiciel: Software Updater - (.SEIKO EPSON CORPORATION.) [HKLM][64Bits] – {8DBC5A0A-31C4-46C7-B252-6B593EA11A87} =>.Seiko Epson Corporation
O42 - Logiciel: Spotify - (.Spotify AB.) [HKCU][64Bits] – Spotify =>.Spotify AB®
O42 - Logiciel: StageLight version 1.0.0.3497 - (.Open Labs, LLC..) [HKLM][64Bits] – StageLight =>.Open Labs, LLC.
O42 - Logiciel: Starbound - (..) [HKLM][64Bits] – Steam App 211820 =>.Valve®
O42 - Logiciel: Stardew Valley - (.ConcernedApe.) [HKLM][64Bits] – Steam App 413150 =>.Valve®
O42 - Logiciel: Status - (.Hewlett-Packard.) [HKLM][64Bits] – {5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D} =>.Hewlett-Packard
O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM][64Bits] – Steam =>.Valve®
O42 - Logiciel: SugarSync Manager - (.SugarSync, Inc..) [HKLM][64Bits] – SugarSync =>.SugarSync, Inc.
O42 - Logiciel: System Requirements Lab Detection - (.Husdawg, LLC.) [HKLM][64Bits] – {06A5D553-A6B5-481C-958E-53C79C1AC3CB} =>.Husdawg, LLC
O42 - Logiciel: Terraria - (.Re-Logic.) [HKLM][64Bits] – Steam App 105600 =>.Valve®
O42 - Logiciel: timer - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] – {9CC4B8EE-A96B-4800-B674-0CF8B4560F45} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: timer - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] – InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: Toolbox - (.Hewlett-Packard.) [HKLM][64Bits] – {292F0F52-B62D-4E71-921B-89A682402201} =>.Hewlett-Packard
O42 - Logiciel: TrayApp - (.Hewlett-Packard.) [HKLM][64Bits] – {CD31E63D-47FD-491C-8117-CF201D0AFAB5} =>.Hewlett-Packard
O42 - Logiciel: Unity Web Player - (.Unity Technologies ApS.) [HKCU][64Bits] – UnityWebPlayer =>.Unity Technologies ApS
O42 - Logiciel: VFW_Codec32 - (.GoPro, Inc..) [HKLM][64Bits] – {FCA86F94-8BCA-491D-AFF9-90921796FCD8} =>.GoPro, Inc.
O42 - Logiciel: VFW_Codec64 - (.GoPro, Inc..) [HKLM][64Bits] – {341735D3-32CF-41BC-8C9B-FDE3975452DB} =>.GoPro, Inc.
O42 - Logiciel: Video Viewer - (.AVTECH Corporation, Inc..) [HKLM][64Bits] – Video Viewer =>.AVTECH Corporation, Inc.
O42 - Logiciel: ViewNX 2 - (.Nikon.) [HKLM][64Bits] – {DDD62492-32A7-412B-8AF1-2CF032AD42E3} =>.Nikon
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] – VLC media player =>.VideoLAN
O42 - Logiciel: WebReg - (.Hewlett-Packard.) [HKLM][64Bits] – {8EE94FD8-5F52-4463-A340-185D16328158} =>.Hewlett-Packard
O42 - Logiciel: Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (0 - (.Dynastream Innovations, Inc..) [HKLM][64Bits] – F9D2A789F9CFF8CEC36B544F53877C80F1F73C46 =>.Microsoft Windows®
O42 - Logiciel: Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/0 - (.GoPro.) [HKLM][64Bits] – 0B624A43DD66DBF5CF3EDFA9741A364E688062A4 =>.Microsoft Windows®
O42 - Logiciel: Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/0 - (.Silicon Labs Software.) [HKLM][64Bits] – D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2 =>.Microsoft Windows®
O42 - Logiciel: WinRAR 5.21 (32-bit) - (.win.rar GmbH.) [HKLM][64Bits] – WinRAR archiver =>.win.rar GmbH®
O42 - Logiciel: Zemana AntiMalware - (.Zemana Ltd..) [HKLM][64Bits] – {8F0CD7D1-42F3-4195-95CD-833578D45057}_is1 =>.Zemana Ltd.®
—\ HKCU & HKLM Software Keys (144) - 31s
HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
HKLM\SOFTWARE\Wow6432Node\Adware Removal Tool by TSA
HKLM\SOFTWARE\Wow6432Node\AGEIA Technologies =>.AGEIA Technologies
HKLM\SOFTWARE\Wow6432Node\Apple Computer, Inc. =>.Apple Computer, Inc.
HKLM\SOFTWARE\Wow6432Node\Apple Inc. =>.Apple Inc.
HKLM\SOFTWARE\Wow6432Node\aTube Catcher
HKLM\SOFTWARE\Wow6432Node\Autodesk =>.Autodesk
HKLM\SOFTWARE\Wow6432Node\AVTECH
HKLM\SOFTWARE\Wow6432Node\Blizzard Entertainment =>.Blizzard Entertainment
HKLM\SOFTWARE\Wow6432Node\BlueStacks =>.BlueStack Systems, Inc.
HKLM\SOFTWARE\Wow6432Node\Caphyon =>.Caphyon
HKLM\SOFTWARE\Wow6432Node\CyberLink =>.CyberLink
HKLM\SOFTWARE\Wow6432Node\EPSON =>.EPSON
HKLM\SOFTWARE\Wow6432Node\Exent =>.Exent Technologies Ltd.
HKLM\SOFTWARE\Wow6432Node\Faasoft =>.Faasoft
HKLM\SOFTWARE\Wow6432Node\Garmin =>.Garmin
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\GoPro =>.GoPro
HKLM\SOFTWARE\Wow6432Node\Hewlett-Packard =>.Hewlett-Packard
HKLM\SOFTWARE\Wow6432Node\HPS
HKLM\SOFTWARE\Wow6432Node\Icons
HKLM\SOFTWARE\Wow6432Node\IM Providers =>.IM Providers
HKLM\SOFTWARE\Wow6432Node\Image Units
HKLM\SOFTWARE\Wow6432Node\InkjetPrinter
HKLM\SOFTWARE\Wow6432Node\InstallShield =>.InstallShield
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\JavaSoft =>.JavaSoft
HKLM\SOFTWARE\Wow6432Node\JreMetrics =>.JreMetrics
HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
HKLM\SOFTWARE\Wow6432Node\Lake =>.Lake Sofware
HKLM\SOFTWARE\Wow6432Node\Lenovo =>.Lenovo
HKLM\SOFTWARE\Wow6432Node\Lenovo Photos
HKLM\SOFTWARE\Wow6432Node\LogMeIn Hamachi =>.LogMeIn Entreprise
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\Malwarebytes’ Anti-Malware =>.Malwarebytes’ Anti-Malware
HKLM\SOFTWARE\Wow6432Node\MOVAVI =>.Movavi
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\Nalpeiron =>.Nalpeiron
HKLM\SOFTWARE\Wow6432Node\Natural User Interface Technologies AB =>.Natural User Interface Technologies AB
HKLM\SOFTWARE\Wow6432Node\NexonUS
HKLM\SOFTWARE\Wow6432Node\Nikon =>.Nikon
HKLM\SOFTWARE\Wow6432Node\Nitro =>.Nitro
HKLM\SOFTWARE\Wow6432Node\Nuance =>.Nuance
HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation =>.NVIDIA Corporation
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\OpenAL =>.Open Audio Library
HKLM\SOFTWARE\Wow6432Node\Opera Software =>.Opera Software
HKLM\SOFTWARE\Wow6432Node\Piriform =>.Piriform
HKLM\SOFTWARE\Wow6432Node\re-logic =>.Re-Logic
HKLM\SOFTWARE\Wow6432Node\Realtek =>.Realtek
HKLM\SOFTWARE\Wow6432Node\Realtek Semiconductor Corp. =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\RocketLife =>.RocketLife
HKLM\SOFTWARE\Wow6432Node\SEIKO EPSON Corp. =>.SEIKO EPSON CORP.
HKLM\SOFTWARE\Wow6432Node\Sharpcast
HKLM\SOFTWARE\Wow6432Node\Skype =>.Skype
HKLM\SOFTWARE\Wow6432Node\Valve =>.Valve
HKLM\SOFTWARE\Wow6432Node\Video Viewer
HKLM\SOFTWARE\Wow6432Node\Vimicro Corporation =>.Vimicro Corporation
HKLM\SOFTWARE\Wow6432Node\Visan =>.Visan Software
HKLM\SOFTWARE\Wow6432Node\Volatile =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\WinRAR =>.WinRAR
HKLM\SOFTWARE\Wow6432Node\Wizet
HKLM\SOFTWARE\Wow6432Node\WOW6432Node =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\Adobe Lightroom =>.Adobe Inc.
HKCU\SOFTWARE\AhnLab =>.AhnLab Inc.
HKCU\SOFTWARE\Akamai =>.Superfluous.AkamaiHD
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
HKCU\SOFTWARE\Apple Inc. =>.Apple Inc.
HKCU\SOFTWARE\Autodesk =>.Autodesk
HKCU\SOFTWARE\Blizzard Entertainment =>.Blizzard Entertainment
HKCU\SOFTWARE\BlueStacks =>.BlueStack Systems, Inc.
HKCU\SOFTWARE\Boneloaf
HKCU\SOFTWARE\Bossa Studios =>.Bossa Studios
HKCU\SOFTWARE\BugSplat =>.Bugsplat Game
HKCU\SOFTWARE\Bytescout =>.ByteScout
HKCU\SOFTWARE\CamStudioOpenSource for Nick
HKCU\SOFTWARE\CeWe Color =>.CEWE COLOR
HKCU\SOFTWARE\Chromium =>.Chromium
HKCU\SOFTWARE\CineForm =>.CineForm
HKCU\SOFTWARE\CyberLink =>.CyberLink
HKCU\SOFTWARE\Dodge Roll
HKCU\SOFTWARE\DriverBooster
HKCU\SOFTWARE\EPSON =>.EPSON
HKCU\SOFTWARE\Faasoft =>.Faasoft
HKCU\SOFTWARE\Free Lives =>.Free Lives
HKCU\SOFTWARE\Geek Uninstaller =>.Geek Uninstaller
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\GoPro =>.GoPro
HKCU\SOFTWARE\HAL
HKCU\SOFTWARE\Helper Scripts
HKCU\SOFTWARE\Hewlett-Packard =>.Hewlett-Packard
HKCU\SOFTWARE\HomePageService
HKCU\SOFTWARE\HP =>.HP
HKCU\SOFTWARE\IM Providers =>.IM Providers
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\kde.org =>.kde.org
HKCU\SOFTWARE\Lagarith
HKCU\SOFTWARE\Lake =>.Lake Sofware
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\Mathworks =>.MathWorks
HKCU\SOFTWARE\Mine =>.Microsoft Corporation
HKCU\SOFTWARE\MOVAVI =>.Movavi
HKCU\SOFTWARE\MozillaPlugins =>.MozillaPlugins
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\Nexon =>.Nexon
HKCU\SOFTWARE\Nexon Launcher
HKCU\SOFTWARE\Nikon =>.Nikon
HKCU\SOFTWARE\NITRO =>.Nitro
HKCU\SOFTWARE\Nitro PDF =>.Nitro PDF
HKCU\SOFTWARE\nwjs
HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKCU\SOFTWARE\Opera Software =>.Opera Software
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\PlayfulCorp
HKCU\SOFTWARE\QtProject =>.QtProject
HKCU\SOFTWARE\Quanta Computer Inc.
HKCU\SOFTWARE\Realtek =>.Realtek
HKCU\SOFTWARE\Reflections
HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Samsung =>.Samsung
HKCU\SOFTWARE\Skype =>.Skype
HKCU\SOFTWARE\Spotify =>.Spotify
HKCU\SOFTWARE\SyncEngines =>.Microsoft Corporation
HKCU\SOFTWARE\Terraria
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\Unity =>.Unity
HKCU\SOFTWARE\Valve =>.Valve
HKCU\SOFTWARE\VB and VBA Program Settings =>.Microsoft Corporation
HKCU\SOFTWARE\Widcomm =>.Widcomm
HKCU\SOFTWARE\WinRAR =>.WinRAR
HKCU\SOFTWARE\WinRAR SFX =>.WinRAR
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZebHelpProcess Helper =>.Nicolas Coolman
HKCU\SOFTWARE\Zemana =>.Zemana
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow\Software\Autodesk =>.Autodesk
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\AppDataLow\Software\MarkAny =>.MarkAny
HKCU\SOFTWARE\AppDataLow\Software\Unity =>.Unity
—\ Contents of the Common Files folders (384) - 247s
O43 - CFD: 28/11/2016 - AD – C:\Program Files\Adobe =>.Adobe Systems Incorporated®
O43 - CFD: 05/05/2015 - D – C:\Program Files\Autodesk =>.Autodesk, Inc®
O43 - CFD: 29/04/2016 - AD – C:\Program Files\Bonjour =>.Apple Inc.®
O43 - CFD: 28/11/2016 - D – C:\Program Files\CCleaner =>.Piriform Ltd®
O43 - CFD: 27/11/2016 - D – C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 21/10/2015 - D – C:\Program Files\DIFX =>.Microsoft Windows®
O43 - CFD: 01/10/2016 - D – C:\Program Files\Embedded Lockdown Manager =>.Microsoft Corporation
O43 - CFD: 29/11/2016 - D – C:\Program Files\Everything =>.Everything
O43 - CFD: 28/11/2016 - [0] D – C:\Program Files\Google =>.Google
O43 - CFD: 13/11/2016 - D – C:\Program Files\GoPro =>.GoPro, Inc.®
O43 - CFD: 13/09/2016 - D – C:\Program Files\HP =>.Hewlett Packard®
O43 - CFD: 01/10/2016 - D – C:\Program Files\Intel =>.Intel Corporation - Intel® Rapid Storage Technology®
O43 - CFD: 01/10/2016 - D – C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 12/09/2016 - D – C:\Program Files\iPod =>.Apple Inc.®
O43 - CFD: 12/09/2016 - AD – C:\Program Files\iTunes =>.Apple Inc.®
O43 - CFD: 20/08/2015 - D – C:\Program Files\Lenovo =>.Lenovo®
O43 - CFD: 06/03/2016 - D – C:\Program Files\MATLAB =>.The MathWorks, Inc.®
O43 - CFD: 15/10/2016 - AD – C:\Program Files\Microsoft Silverlight =>.Microsoft Corporation®
O43 - CFD: 01/10/2016 - D – C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 06/01/2014 - D – C:\Program Files\OblyTile =>.Argony-OT
O43 - CFD: 16/01/2014 - [0] D – C:\Program Files\office.tmp
O43 - CFD: 01/10/2016 - D – C:\Program Files\Realtek =>.Andrea Electronics®
O43 - CFD: 01/10/2016 - D – C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 23/04/2013 - D – C:\Program Files\StageLight
O43 - CFD: 10/07/2015 - [0] HD – C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 04/01/2014 - D – C:\Program Files\VideoLAN =>.VideoLAN
O43 - CFD: 01/10/2016 - RD – C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 10/02/2015 - D – C:\Program Files\Windows Live =>.Microsoft Corporation
O43 - CFD: 12/10/2016 - D – C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 28/10/2016 - D – C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - D – C:\Program Files\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - D – C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 12/10/2016 - D – C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation®
O43 - CFD: 16/07/2016 - D – C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - SHD – C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 23/11/2016 - HD – C:\Program Files\WindowsApps =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - D – C:\Program Files\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 22/06/2015 - D – C:\Program Files\WinRAR =>.win.rar GmbH®
O43 - CFD: 28/11/2016 - AD – C:\Program Files (x86)\Adobe =>.Adobe Systems, Incorporated®
O43 - CFD: 28/11/2016 - D – C:\Program Files (x86)\Adware Removal Tool by TSA
O43 - CFD: 01/12/2015 - [0] D – C:\Program Files (x86)\AGEIA Technologies =>.AGEIA Technologies
O43 - CFD: 28/11/2016 - [0] D – C:\Program Files (x86)\Amazon =>.Amazon
O43 - CFD: 29/04/2016 - AD – C:\Program Files (x86)\Apple Software Update =>.Apple Inc.®
O43 - CFD: 06/07/2015 - D – C:\Program Files (x86)\Autodesk =>.Autodesk, Inc®
O43 - CFD: 28/11/2016 - AD – C:\Program Files (x86)\Battle.net =>.Blizzard Entertainment, Inc.®
O43 - CFD: 01/08/2016 - D – C:\Program Files (x86)\Bluestacks =>.BlueStack Systems, Inc.®
O43 - CFD: 29/04/2016 - AD – C:\Program Files (x86)\Bonjour =>.Apple Inc.®
O43 - CFD: 07/01/2015 - D – C:\Program Files (x86)\CineForm =>.CineForm
O43 - CFD: 26/11/2016 - D – C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 23/04/2013 - D – C:\Program Files (x86)\Cyberlink =>.CyberLink®
O43 - CFD: 20/08/2015 - AD – C:\Program Files (x86)\Dolby Home Theater v4 =>.Dolby Laboratories, Inc.®
O43 - CFD: 13/01/2014 - D – C:\Program Files (x86)\DsNET Corp =>.DsNET Corp
O43 - CFD: 30/12/2015 - D – C:\Program Files (x86)\epson =>.Epson America, Inc.®
O43 - CFD: 30/12/2015 - AD – C:\Program Files (x86)\Epson Software =>.SEIKO EPSON CORPORATION®
O43 - CFD: 25/05/2015 - D – C:\Program Files (x86)\ezvid
O43 - CFD: 23/04/2013 - AD – C:\Program Files (x86)\FreeRide Games =>.Exent Technologies Ltd.®
O43 - CFD: 04/11/2016 - AD – C:\Program Files (x86)\Garmin =>.Garmin International, Inc.®
O43 - CFD: 28/11/2016 - D – C:\Program Files (x86)\Google =>.Google
O43 - CFD: 13/11/2016 - AD – C:\Program Files (x86)\GoPro =>.GoPro
O43 - CFD: 13/09/2016 - D – C:\Program Files (x86)\Hewlett-Packard =>.Hewlett-Packard Company®
O43 - CFD: 28/11/2016 - AD – C:\Program Files (x86)\Hp =>.Hewlett Packard®
O43 - CFD: 14/02/2014 - D – C:\Program Files (x86)\HP Photo Creations =>.Visan Industries®
O43 - CFD: 28/11/2016 - HD – C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield Software
O43 - CFD: 12/11/2014 - D – C:\Program Files (x86)\Intel =>.Intel Corporation
O43 - CFD: 01/10/2016 - D – C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 28/11/2016 - [0] D – C:\Program Files (x86)\IObit =>.IObit
O43 - CFD: 12/09/2016 - D – C:\Program Files (x86)\iTunes =>.Apple Inc.
O43 - CFD: 20/08/2015 - D – C:\Program Files (x86)\Java =>.Oracle America, Inc.®
O43 - CFD: 28/11/2016 - D – C:\Program Files (x86)\Lenovo =>.CyberLink®
O43 - CFD: 23/04/2013 - D – C:\Program Files (x86)\LenovoPhotos
O43 - CFD: 23/04/2013 - AD – C:\Program Files (x86)\LenovoUtility
O43 - CFD: 28/11/2016 - AD – C:\Program Files (x86)\LogMeIn Hamachi =>.LogMeIn, Inc.®
O43 - CFD: 28/11/2016 - D – C:\Program Files (x86)\Malwarebytes Anti-Malware =>.Malwarebytes Corporation®
O43 - CFD: 28/11/2016 - [0] D – C:\Program Files (x86)\Microsoft =>.Microsoft
O43 - CFD: 23/04/2013 - D – C:\Program Files (x86)\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 15/10/2016 - AD – C:\Program Files (x86)\Microsoft Silverlight =>.Microsoft Corporation®
O43 - CFD: 06/01/2014 - D – C:\Program Files (x86)\Microsoft SkyDrive =>.Microsoft Corporation®
O43 - CFD: 10/02/2015 - AD – C:\Program Files (x86)\Microsoft SQL Server Compact Edition =>.Microsoft Corporation
O43 - CFD: 16/12/2015 - D – C:\Program Files (x86)\Microsoft XNA =>.Microsoft Corporation®
O43 - CFD: 16/07/2016 - D – C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - D – C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 12/08/2015 - D – C:\Program Files (x86)\Nexon {04EAD2DBE06A257FF5202EA26AE5C868} =>.Nexon
O43 - CFD: 10/02/2014 - D – C:\Program Files (x86)\Nikon =>.Nikon
O43 - CFD: 23/04/2013 - D – C:\Program Files (x86)\Nitro =>.Nitro PDF Software®
O43 - CFD: 23/04/2013 - D – C:\Program Files (x86)\Nuance =>.Nuance Communications, Inc.®
O43 - CFD: 01/12/2015 - D – C:\Program Files (x86)\NVIDIA Corporation =>.NVIDIA Corporation
O43 - CFD: 23/04/2013 - D – C:\Program Files (x86)\OpenAL =>.Creative Labs Inc®
O43 - CFD: 25/05/2015 - D – C:\Program Files (x86)\Opera =>.Opera Software
O43 - CFD: 26/11/2016 - D – C:\Program Files (x86)\Overwatch =>.Blizzard Entertainment
O43 - CFD: 17/01/2015 - D – C:\Program Files (x86)\RAR Password Unlocker
O43 - CFD: 23/04/2013 - D – C:\Program Files (x86)\Realtek =>.Realtek Semiconductor Corp®
O43 - CFD: 23/04/2013 - AD – C:\Program Files (x86)\REALTEK 11n USB Wireless LAN Driver
O43 - CFD: 01/10/2016 - D – C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 30/03/2015 - D – C:\Program Files (x86)\Samsung =>.DEVGURU CO LTD®
O43 - CFD: 24/11/2016 - RD – C:\Program Files (x86)\Skype =>.Skype Software Sarl®
O43 - CFD: 26/11/2016 - D – C:\Program Files (x86)\Steam =>.Valve®
O43 - CFD: 23/04/2013 - D – C:\Program Files (x86)\SugarSync =>.SugarSync, Inc.®
O43 - CFD: 19/10/2015 - AD – C:\Program Files (x86)\SystemRequirementsLab
O43 - CFD: 14/03/2016 - [0] HD – C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 23/04/2013 - D – C:\Program Files (x86)\Vimicro Corporation =>.Vimicro Corporation
O43 - CFD: 01/10/2016 - D – C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 10/02/2015 - AD – C:\Program Files (x86)\Windows Live =>.Microsoft Corporation®
O43 - CFD: 01/10/2016 - D – C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 28/10/2016 - D – C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - D – C:\Program Files (x86)\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - D – C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 12/10/2016 - D – C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation®
O43 - CFD: 16/07/2016 - D – C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - SHD – C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - D – C:\Program Files (x86)\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 22/06/2015 - AD – C:\Program Files (x86)\WinRAR =>.win.rar GmbH®
O43 - CFD: 29/11/2016 - D – C:\Program Files (x86)\Zemana AntiMalware =>.Zemana Ltd.®
O43 - CFD: 16/07/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 10/11/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 10/11/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 28/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher =>.DsNET
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk =>.Autodesk
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk ReCap 2016
O43 - CFD: 28/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net =>.Games Software
O43 - CFD: 28/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform
O43 - CFD: 20/08/2015 - [0] RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON =>.EPSON
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software =>.Epson/Seico
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ezvid
O43 - CFD: 04/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin =>.Garmin
O43 - CFD: 13/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro =>.GoPro
O43 - CFD: 28/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP =>.Hewlett-Packard
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud =>.Apple Inc.
O43 - CFD: 01/10/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel =>.Intel Corporation
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes =>.Apple Inc.
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java =>.Oracle
O43 - CFD: 28/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo =>.Lenovo
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Photos
O43 - CFD: 01/10/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Rescue System
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo USB2.0 UVC Camera
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot =>.Skillbrains
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon =>.Nikon
O43 - CFD: 28/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi =>.LogMeIn Entreprise
O43 - CFD: 16/07/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 28/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware =>.Malwarebytes
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
O43 - CFD: 12/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon =>.Nexon
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance =>.Nuance
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung =>.Samsung
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype =>.Skype
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StageLight
O43 - CFD: 01/10/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam =>.SteamApps
O43 - CFD: 16/07/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 28/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN =>.VideoLAN
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
O43 - CFD: 01/10/2016 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 29/11/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware =>.Zemana
O43 - CFD: 26/11/2015 - D – C:\ProgramData.mono
O43 - CFD: 06/01/2015 - D – C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 =>.GEAR Software, Inc.
O43 - CFD: 29/11/2016 - D – C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 28/11/2016 - [0] D – C:\ProgramData\ALM =>.ALM
O43 - CFD: 01/10/2016 - D – C:\ProgramData\Ant =>.Garmin International
O43 - CFD: 03/06/2014 - D – C:\ProgramData\Apple =>.Apple Inc.
O43 - CFD: 01/01/2014 - D – C:\ProgramData\Apple Computer =>.Apple Inc.
O43 - CFD: 01/10/2016 - [0] SHD – C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 04/12/2015 - AD – C:\ProgramData\Autodesk =>.Autodesk
O43 - CFD: 26/11/2016 - D – C:\ProgramData\Battle.net =>.Games Software
O43 - CFD: 26/11/2016 - D – C:\ProgramData\Blizzard Entertainment =>.Blizzard Entertainment
O43 - CFD: 01/08/2016 - D – C:\ProgramData\Bluestacks =>.BlueStack Systems, Inc.
O43 - CFD: 07/08/2016 - [0] D – C:\ProgramData\BlueStacksSetup =>.BlueStack Systems, Inc.
O43 - CFD: 27/11/2016 - D – C:\ProgramData\boost_interprocess =>.boost.org
O43 - CFD: 16/07/2016 - [0] D – C:\ProgramData\Comms =>.Microsoft Corporation
O43 - CFD: 23/04/2013 - D – C:\ProgramData\CyberLink =>.CyberLink
O43 - CFD: 01/10/2016 - [0] SHD – C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [0] SHD – C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 29/04/2016 - D – C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 10/02/2014 - D – C:\ProgramData\EnterNHelp
O43 - CFD: 28/03/2016 - D – C:\ProgramData\Epson =>.EPSON
O43 - CFD: 05/05/2015 - D – C:\ProgramData\FARO =>.FARO
O43 - CFD: 06/05/2015 - D – C:\ProgramData\FLEXnet =>.Flexera Software
O43 - CFD: 23/04/2013 - D – C:\ProgramData\FreeRide Games
O43 - CFD: 21/10/2015 - D – C:\ProgramData\Garmin =>.Garmin
O43 - CFD: 28/11/2016 - AD – C:\ProgramData\HP =>.Hewlett-Packard
O43 - CFD: 14/02/2014 - AD – C:\ProgramData\HP Photo Creations =>.HP Photo Creations
O43 - CFD: 04/01/2014 - D – C:\ProgramData\hps
O43 - CFD: 03/05/2014 - D – C:\ProgramData\Intel =>.Intel Corporation
O43 - CFD: 03/05/2014 - D – C:\ProgramData\Intel(R) Update Manager
O43 - CFD: 23/04/2013 - D – C:\ProgramData\Lenovo =>.Lenovo
O43 - CFD: 27/12/2013 - D – C:\ProgramData\LogMeIn =>.LogMeIn
O43 - CFD: 28/11/2016 - D – C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 06/03/2016 - D – C:\ProgramData\MathWorks =>.MathWorks
O43 - CFD: 23/04/2013 - D – C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 28/11/2016 - SD – C:\ProgramData\Microsoft =>.Microsoft
O43 - CFD: 02/10/2016 - D – C:\ProgramData\Microsoft OneDrive =>.Microsoft Corporation
O43 - CFD: 11/01/2015 - D – C:\ProgramData\Movavi =>.Movavi
O43 - CFD: 10/03/2015 - D – C:\ProgramData\Nexon =>.Nexon
O43 - CFD: 10/03/2015 - D – C:\ProgramData\NexonUS
O43 - CFD: 10/02/2014 - D – C:\ProgramData\Nikon =>.Nikon
O43 - CFD: 23/04/2013 - D – C:\ProgramData\Nitro =>.Nitro
O43 - CFD: 23/04/2013 - D – C:\ProgramData\Nuance =>.Nuance
O43 - CFD: 23/04/2013 - D – C:\ProgramData\OneKey Recovery =>.Lenovo
O43 - CFD: 22/12/2013 - D – C:\ProgramData\OpenLabs
O43 - CFD: 20/08/2015 - D – C:\ProgramData\Oracle =>.Oracle
O43 - CFD: 10/02/2014 - D – C:\ProgramData\Organic
O43 - CFD: 13/11/2016 - D – C:\ProgramData\Package Cache =>.Microsoft Corporation
O43 - CFD: 10/02/2014 - D – C:\ProgramData\People
O43 - CFD: 10/02/2014 - D – C:\ProgramData\Piano Med
O43 - CFD: 20/08/2015 - D – C:\ProgramData\PRICache =>.Microsoft Corporation
O43 - CFD: 28/11/2016 - D – C:\ProgramData\regid.1986-12.com.adobe =>.Adobe Inc.
O43 - CFD: 01/10/2016 - D – C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
O43 - CFD: 30/03/2015 - D – C:\ProgramData\Samsung =>.Samsung
O43 - CFD: 24/11/2016 - D – C:\ProgramData\Skype =>.Skype
O43 - CFD: 16/07/2016 - [0] D – C:\ProgramData\SoftwareDistribution =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [0] SHD – C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 21/06/2014 - D – C:\ProgramData\Sun =>.Oracle
O43 - CFD: 01/10/2016 - [0] SHD – C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 24/12/2015 - D – C:\ProgramData\tmp
O43 - CFD: 10/02/2014 - D – C:\ProgramData\Ultima_T15
O43 - CFD: 01/10/2016 - D – C:\ProgramData\USOPrivate =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - D – C:\ProgramData\USOShared =>.Microsoft Corporation
O43 - CFD: 14/02/2014 - D – C:\ProgramData\WEBREG =>.Hewlett-Packard
O43 - CFD: 28/11/2016 - AD – C:\Program Files (x86)\Common Files\Adobe =>.Adobe
O43 - CFD: 26/11/2016 - AD – C:\Program Files (x86)\Common Files\Adobe AIR =>.Adobe Inc.
O43 - CFD: 29/04/2016 - D – C:\Program Files (x86)\Common Files\Apple =>.Apple Inc.
O43 - CFD: 06/07/2015 - AD – C:\Program Files (x86)\Common Files\Autodesk Shared =>.Autodesk
O43 - CFD: 14/02/2014 - D – C:\Program Files (x86)\Common Files\Hewlett-Packard =>.Hewlett-Packard
O43 - CFD: 14/02/2014 - D – C:\Program Files (x86)\Common Files\HP =>.Hewlett-Packard
O43 - CFD: 10/02/2014 - D – C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield
O43 - CFD: 01/10/2016 - D – C:\Program Files (x86)\Common Files\Intel =>.Intel Corporation
O43 - CFD: 23/04/2013 - D – C:\Program Files (x86)\Common Files\Intel Corporation =>.Intel Corporation
O43 - CFD: 20/08/2015 - D – C:\Program Files (x86)\Common Files\Java =>.Oracle
O43 - CFD: 01/10/2016 - D – C:\Program Files (x86)\Common Files\Microsoft Shared =>.Microsoft Corporation
O43 - CFD: 10/02/2014 - D – C:\Program Files (x86)\Common Files\Nikon =>.Nikon
O43 - CFD: 23/04/2013 - D – C:\Program Files (x86)\Common Files\Nitro =>.Nitro
O43 - CFD: 23/04/2013 - D – C:\Program Files (x86)\Common Files\postureAgent =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - D – C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 24/11/2016 - AD – C:\Program Files (x86)\Common Files\Skype =>.Skype
O43 - CFD: 14/10/2016 - D – C:\Program Files (x86)\Common Files\Steam =>.SteamApps
O43 - CFD: 16/07/2016 - D – C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 10/02/2015 - D – C:\Program Files (x86)\Common Files\Windows Live =>.Microsoft Corporation
O43 - CFD: 26/11/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming.mono
O43 - CFD: 29/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 07/01/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Apple Computer =>.Apple Inc.
O43 - CFD: 04/12/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Autodesk =>.Autodesk
O43 - CFD: 26/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Battle.net =>.Games Software
O43 - CFD: 02/11/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\BrawlhallaAir
O43 - CFD: 05/03/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\CyberLink =>.CyberLink
O43 - CFD: 05/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\discord =>.GitHub
O43 - CFD: 28/03/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Epson =>.EPSON
O43 - CFD: 29/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Everything =>.Everything
O43 - CFD: 24/01/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Faasoft Video Converter
O43 - CFD: 02/02/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Garmin =>.Garmin
O43 - CFD: 28/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Geek Uninstaller =>.Geek Uninstaller
O43 - CFD: 18/10/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\GoPro =>.GoPro
O43 - CFD: 15/02/2014 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\HP =>.Hewlett-Packard
O43 - CFD: 29/07/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Identities =>.Microsoft Corporation
O43 - CFD: 25/12/2013 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Intel Corporation =>.Intel Corporation
O43 - CFD: 25/12/2013 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 25/05/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\MangoApps
O43 - CFD: 12/01/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\MathWorks =>.MathWorks
O43 - CFD: 01/10/2016 - SD – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft =>.Microsoft
O43 - CFD: 01/08/2016 - [0] D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Mozilla =>.Mozilla Corporation
O43 - CFD: 07/01/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\NexonLauncher
O43 - CFD: 10/02/2014 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Nikon =>.Nikon
O43 - CFD: 19/02/2014 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Nitro =>.Nitro
O43 - CFD: 29/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Nitro PDF =>.Nitro PDF
O43 - CFD: 25/05/2015 - [0] D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Opera Software =>.Opera Software
O43 - CFD: 21/06/2014 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Oracle =>.Oracle
O43 - CFD: 26/12/2013 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Rovio =>.Rovio
O43 - CFD: 30/03/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Samsung =>.Samsung
O43 - CFD: 25/05/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Shortcut =>.Shortcut Software
O43 - CFD: 24/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Skype =>.Skype
O43 - CFD: 28/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify =>.Spotify
O43 - CFD: 27/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\StageManager.BD092818F67280 F4B42B04877600987F0111B594.1
O43 - CFD: 19/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\StardewValley
O43 - CFD: 12/01/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Subversion
O43 - CFD: 25/05/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\TinyTake by MangoApps
O43 - CFD: 24/07/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\vlc =>.VideoLAN
O43 - CFD: 29/07/2016 - [0] D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Windows Live Writer =>.Microsoft Corporation
O43 - CFD: 01/06/2014 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\WinRAR =>.WinRAR
O43 - CFD: 02/02/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Yacht Club Games =>.Yacht Club Games
O43 - CFD: 29/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 14/03/2016 - [0] D – C:\Users\Ivan Reyes Ortega\AppData\Local\ActiveSync =>.Microsoft Corporation
O43 - CFD: 29/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Adobe =>.Adobe
O43 - CFD: 06/01/2014 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Amazon_Services_LLC
O43 - CFD: 07/01/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Apple =>.Apple Inc.
O43 - CFD: 11/01/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Apple Computer =>.Apple Inc.
O43 - CFD: 07/01/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Apple Inc =>.Apple Inc.
O43 - CFD: 01/10/2016 - [0] SHD – C:\Users\Ivan Reyes Ortega\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 04/12/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Autodesk =>.Autodesk
O43 - CFD: 28/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Battle.net =>.Games Software
O43 - CFD: 26/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Blizzard Entertainment =>.Blizzard Entertainment
O43 - CFD: 01/08/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Bluestacks =>.BlueStack Systems, Inc.
O43 - CFD: 25/12/2013 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Broadcom =>.Broadcom
O43 - CFD: 23/08/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\CEF =>.CEF
O43 - CFD: 20/08/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Comms =>.Microsoft Corporation
O43 - CFD: 02/10/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\ConnectedDevicesPlatform =>.Microsoft Corporation
O43 - CFD: 28/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Crashpad
O43 - CFD: 03/09/2016 - [0] D – C:\Users\Ivan Reyes Ortega\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 05/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Discord =>.GitHub
O43 - CFD: 29/08/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Downloaded Installations =>.Microsoft Corporation
O43 - CFD: 18/06/2016 - [0] D – C:\Users\Ivan Reyes Ortega\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation
O43 - CFD: 05/07/2015 - [0] SHD – C:\Users\Ivan Reyes Ortega\AppData\Local\EmieBrowserModeList =>.Enterprise mode Site List Mgr
O43 - CFD: 05/07/2015 - [0] SHD – C:\Users\Ivan Reyes Ortega\AppData\Local\EmieSiteList =>.Enterprise mode Site List Mgr
O43 - CFD: 05/07/2015 - [0] SHD – C:\Users\Ivan Reyes Ortega\AppData\Local\EmieUserList =>.Enterprise mode Site List Mgr
O43 - CFD: 25/05/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\ezvid,_inc
O43 - CFD: 02/02/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Garmin_Ltd._or_its_subsid =>.Garmin Ltd
O43 - CFD: 28/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Google =>.Google
O43 - CFD: 18/10/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\GoPro =>.GoPro
O43 - CFD: 03/06/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\GWX =>.GWX
O43 - CFD: 01/10/2016 - [0] SHD – C:\Users\Ivan Reyes Ortega\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 13/09/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\HP =>.Hewlett-Packard
O43 - CFD: 26/11/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\I Am Bread
O43 - CFD: 25/12/2013 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Lenovo =>.Lenovo
O43 - CFD: 27/12/2013 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\LogMeIn =>.LogMeIn
O43 - CFD: 28/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\LogMeIn Hamachi =>.LogMeIn Entreprise
O43 - CFD: 01/08/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Macromedia =>.Macromedia
O43 - CFD: 12/01/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\MathWorks =>.MathWorks
O43 - CFD: 02/10/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft =>.Microsoft
O43 - CFD: 20/08/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\MicrosoftEdge =>.Microsoft Corporation
O43 - CFD: 20/10/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\MissingTranslation
O43 - CFD: 11/01/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Movavi =>.Movavi
O43 - CFD: 03/01/2014 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Natural User Interface Technologies AB =>.Natural User Interface Technologies AB
O43 - CFD: 20/08/2015 - [0] D – C:\Users\Ivan Reyes Ortega\AppData\Local\NetworkTiles =>.NetworkTiles
O43 - CFD: 28/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\NexonLauncher
O43 - CFD: 10/02/2014 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Nikon =>.Nikon
O43 - CFD: 25/05/2015 - [0] D – C:\Users\Ivan Reyes Ortega\AppData\Local\Opera Software =>.Opera Software
O43 - CFD: 22/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Packages =>.Microsoft Corporation
O43 - CFD: 25/12/2013 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Power2Go =>.Power2Go
O43 - CFD: 26/06/2014 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 20/08/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Publishers =>.Microsoft Corporation
O43 - CFD: 28/03/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\RelicHuntersZero
O43 - CFD: 26/11/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Risk_of_Rain
O43 - CFD: 30/03/2015 - [0] D – C:\Users\Ivan Reyes Ortega\AppData\Local\Samsung =>.Samsung
O43 - CFD: 05/01/2016 - [0] D – C:\Users\Ivan Reyes Ortega\AppData\Local\Skype =>.Skype
O43 - CFD: 22/08/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\speech =>.Microsoft Corporation
O43 - CFD: 28/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Spotify =>.Spotify
O43 - CFD: 05/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\SquirrelTemp =>.Squirrels
O43 - CFD: 21/04/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Steam =>.SteamApps
O43 - CFD: 29/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [0] SHD – C:\Users\Ivan Reyes Ortega\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 25/10/2016 - [0] D – C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign3068897a4b1eb3ee
O43 - CFD: 25/10/2016 - [0] D – C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign975f6ce473cdd938
O43 - CFD: 25/10/2016 - [0] D – C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9f2bb262de7593b7
O43 - CFD: 25/10/2016 - [0] D – C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc72dfdeceed18e91
O43 - CFD: 25/10/2016 - [0] D – C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigndfa06b53a3425ad3
O43 - CFD: 20/08/2015 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\TileDataLayer =>.Microsoft Corporation
O43 - CFD: 13/09/2014 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Unity =>.Unity
O43 - CFD: 04/03/2014 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 29/07/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Windows Live =>.Microsoft Corporation
O43 - CFD: 29/07/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Windows Live Writer =>.Microsoft Corporation
O43 - CFD: 29/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Local\Zemana =>.Zemana
O43 - CFD: 26/06/2014 - [0] D – C:\Users\Ivan Reyes Ortega\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - RD – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 29/11/2016 - RD – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 10/11/2016 - RD – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 12/11/2014 - [0] D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
O43 - CFD: 05/11/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc =>.Hammer & Chisel, Inc
O43 - CFD: 16/07/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 10/11/2016 - RD – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam =>.SteamApps
O43 - CFD: 01/10/2016 - RD – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - RD – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - D – C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 01/10/2016 - [0] SHD – C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [0] SHD – C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 28/11/2016 - D – C:\Users\Default\AppData\Local\LogMeIn Hamachi =>.LogMeIn Entreprise
O43 - CFD: 16/07/2016 - D – C:\Users\Default\AppData\Local\Microsoft =>.Microsoft
O43 - CFD: 16/07/2016 - [0] D – C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [0] SHD – C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [0] SHD – C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [0] SHD – C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 28/11/2016 - D – C:\Users\Default User\AppData\Local\LogMeIn Hamachi =>.LogMeIn Entreprise
O43 - CFD: 16/07/2016 - D – C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft
O43 - CFD: 16/07/2016 - [0] D – C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [0] SHD – C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 25/10/2016 - – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\Adobe =>.Adobe
O43 - CFD: 02/10/2016 - – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\assembly =>.Assembly
O43 - CFD: 15/10/2016 - – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\Garmin_Ltd._or_its_subsid =>.Garmin Ltd
O43 - CFD: 15/10/2016 - D – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\Microsoft =>.Microsoft
O43 - CFD: 29/11/2016 - – C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\Zemana =>.Zemana
O43 - CFD: 28/11/2016 - D – C:\WINDOWS\System32\Config\systemprofile\AppData\R oaming\Microsoft =>.Microsoft
—\ ShellIconOverlayIdentifiers (SIOI) (8) - 0s
O106 - SIOI: ErrorOverlayHandler Class [ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809_1\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SharedOverlayHandler Class [ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809_1\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SharedSyncingOverlayHandler Class [ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809_1\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: UpToDateOverlayHandler Class [ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809_1\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SyncingOverlayHandler Class [ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809_1\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: UpToDateOverlayHandler Class [ SkyDrive1] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809_1\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SyncingOverlayHandler Class [ SkyDrive2] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809_1\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: ErrorOverlayHandler Class [ SkyDrive3] - {BBACC218-34EA-4666-9D7A-C78F2274A524}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) – C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809_1\FileSyncShell.dll =>.Microsoft Corporation®
—\ System Drivers List (71) - 19s
O58 - SDL:2016/07/16 07:41:53 A . (.LSI - LSI 3ware SCSI Storport Driver.) – C:\WINDOWS\System32\drivers\3ware.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) – C:\WINDOWS\System32\drivers\adp80xx.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) – C:\WINDOWS\System32\drivers\amdsata.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) – C:\WINDOWS\System32\drivers\amdsbs.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Advanced Micro Devices - Storage Filter Driver.) – C:\WINDOWS\System32\drivers\amdxata.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) – C:\WINDOWS\System32\drivers\arcsas.sys [324224] =>.Microsoft Windows®
O58 - SDL:2015/08/20 18:38:15 A . (.Broadcom Corporation. - Broadcom Bluetooth Firmware Download Filter.) – C:\WINDOWS\System32\drivers\bcbtums.sys [324224] =>.Broadcom Corporation®
O58 - SDL:2016/07/16 07:41:53 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) – C:\WINDOWS\System32\drivers\bcmfn.sys [324224] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2016/07/16 07:41:53 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) – C:\WINDOWS\System32\drivers\bcmfn2.sys [324224] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2015/08/20 18:38:17 A . (.Broadcom Corporation. - Broadcom Bluetooth USB AMP Filter.) – C:\WINDOWS\System32\drivers\btwampfl.sys [324224] =>.Broadcom Corporation®
O58 - SDL:2016/07/16 07:41:52 A . (.QLogic Corporation - QLogic Gigabit Ethernet VBD.) – C:\WINDOWS\System32\drivers\bxvbda.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Chelsio Communications - Chelsio iSCSI Crash Dump Driver.) – C:\WINDOWS\System32\drivers\cht4dx64.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Chelsio Communications - Chelsio iSCSI VMiniport Driver.) – C:\WINDOWS\System32\drivers\cht4sx64.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Chelsio Communications - Virtual Bus Driver for Chelsio ® T4 Chipset.) – C:\WINDOWS\System32\drivers\cht4vx64.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:52 A . (.QLogic Corporation - QLogic 10 GigE VBD.) – C:\WINDOWS\System32\drivers\evbda.sys [324224] =>.Microsoft Windows®
O58 - SDL:2012/08/21 14:01:20 A . (.GEAR Software Inc. - CD DVD Filter.) – C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [324224] =>.GEAR Software Inc.®
O58 - SDL:2015/08/03 12:12:32 N . (.LogMeIn Inc. - LogMeIn Hamachi Virtual Miniport Driver.) – C:\WINDOWS\System32\drivers\Hamdrv.sys [324224] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2012/07/26 22:12:26 A . (.Intel Corporation - Intel(R) Management Engine Interface.) – C:\WINDOWS\System32\drivers\HECIx64.sys [324224] =>.Intel Corporation®
O58 - SDL:2016/07/16 07:41:53 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) – C:\WINDOWS\System32\drivers\HpSAMD.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:54 A . (.Intel(R) Corporation - Intel(R) Serial IO GPIO Controller Driver.) – C:\WINDOWS\System32\drivers\iagpio.sys [324224] =>.Intel(R) Corporation
O58 - SDL:2016/07/16 07:41:54 A . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) – C:\WINDOWS\System32\drivers\iai2c.sys [324224] =>.Intel(R) Corporation
O58 - SDL:2016/07/16 07:41:54 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [324224] =>.Intel Corporation
O58 - SDL:2016/07/16 07:41:54 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) – C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [324224] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O58 - SDL:2016/07/16 07:41:52 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) – C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [324224] =>.Intel Corporation - Client Components Group®
O58 - SDL:2016/07/16 07:41:50 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) – C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [324224] =>.Intel Corporation
O58 - SDL:2013/01/31 18:20:10 A . (.Intel Corporation - Intel Rapid Storage Technology driver - x64.) – C:\WINDOWS\System32\drivers\iaStorA.sys [324224] =>.Intel Corporation - Intel® Rapid Storage Technology®
O58 - SDL:2016/07/16 07:41:53 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (i.) – C:\WINDOWS\System32\drivers\iaStorAV.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) – C:\WINDOWS\System32\drivers\iaStorV.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - InfiniBand Fabric Bus Driver.) – C:\WINDOWS\System32\drivers\ibbus.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/05/03 23:30:46 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) – C:\WINDOWS\System32\drivers\igdkmd64.sys [324224] =>.Intel(R) pGFX®
O58 - SDL:2015/08/21 11:50:48 N . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) – C:\WINDOWS\System32\drivers\IntcDAud.sys [324224] =>.Intel Corporation - Client Components Group®
O58 - SDL:2015/07/20 15:45:04 A . (.Intel Corporation - Intel® WiDi Solution.) – C:\WINDOWS\System32\drivers\intelaud.sys [324224] =>.Intel(R) Wireless Display®
O58 - SDL:2015/12/01 15:46:03 A . (.Intel Corporation - Intel® WiDi Solution.) – C:\WINDOWS\System32\drivers\iwdbus.sys [324224] =>.Intel(R) Wireless Display®
O58 - SDL:2015/10/21 13:43:40 A . (. http://libusb-win32.sourceforge.net - LibUSB-Win32 - Kernel Driver.) – C:\WINDOWS\System32\drivers\libusb0.sys [324224] =>.Akeo Consulting®
O58 - SDL:2016/07/16 07:41:53 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas2i.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sas3i.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) – C:\WINDOWS\System32\drivers\lsi_sss.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/03/10 14:08:54 A . (.Malwarebytes - Malwarebytes Anti-Malware.) – C:\WINDOWS\System32\drivers\mbam.sys [324224] =>.Malwarebytes Corporation®
O58 - SDL:2016/03/10 14:08:58 A . (.Malwarebytes - Malwarebytes Chameleon Protection Driver.) – C:\WINDOWS\System32\drivers\mbamchameleon.sys [324224] =>.Malwarebytes Corporation®
O58 - SDL:2016/11/29 00:03:40 A . (.Malwarebytes - Malwarebytes Anti-Malware.) – C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [324224] =>.Malwarebytes Corporation®
O58 - SDL:2016/07/16 07:41:53 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\megasas.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/10/05 06:09:07 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\MegaSas2i.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) – C:\WINDOWS\System32\drivers\megasr.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - MLX4 Bus Driver.) – C:\WINDOWS\System32\drivers\mlx4_bus.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) – C:\WINDOWS\System32\drivers\mvumis.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/03/10 14:09:10 A . (.Malwarebytes Corporation - Malwarebytes Web Access Control.) – C:\WINDOWS\System32\drivers\mwac.sys [324224] =>.Malwarebytes Corporation®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - NetworkDirect Support Filter Driver.) – C:\WINDOWS\System32\drivers\ndfltr.sys [324224] =>.Microsoft Windows®
O58 - SDL:2013/07/25 17:53:46 A . (.Apple Inc. - Apple Mobile Device Ethernet.) – C:\WINDOWS\System32\drivers\netaapl64.sys [324224] =>.Apple Inc.
O58 - SDL:2016/07/16 07:42:03 A . (.Authors - .) – C:\WINDOWS\System32\drivers\NetAdapterCx.sys [324224] =>.Microsoft Corporation
O58 - SDL:2016/07/16 07:41:53 A . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) – C:\WINDOWS\System32\drivers\nvraid.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) – C:\WINDOWS\System32\drivers\nvstor.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\percsas2i.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) – C:\WINDOWS\System32\drivers\percsas3i.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Realtek - Realtek 8136/8168/8169 NDIS 6.40 64-bit Dri.) – C:\WINDOWS\System32\drivers\rt640x64.sys [324224] =>.Realtek
O58 - SDL:2012/07/31 06:10:34 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) – C:\WINDOWS\System32\drivers\RTKVHD64.sys [324224] =>.Realtek Semiconductor Corp®
O58 - SDL:2016/03/08 13:02:41 A . (.Realtek Semiconductor Corp. - Realtek Pcie CardReader Driver for 2K/XP/Vi.) – C:\WINDOWS\System32\drivers\RtsP2Stor.sys [324224] =>.Realtek Semiconductor Corp®
O58 - SDL:2016/07/16 07:41:52 A . (.Realtek Semiconductor Corporation - Realtek WLAN USB NDIS Driver 28199.) – C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [324224] =>.Realtek Semiconductor Corporation
O58 - SDL:2016/07/16 07:41:53 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) – C:\WINDOWS\System32\drivers\sisraid2.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) – C:\WINDOWS\System32\drivers\sisraid4.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/09/05 05:47:06 A . (.Samsung Electronics Co., Ltd. - SAMSUNG USB Composite Device Driver.) – C:\WINDOWS\System32\drivers\ssudbus.sys [324224] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/09/05 05:47:12 A . (.Samsung Electronics Co., Ltd. - SAMSUNG Android Modem Device Driver.) – C:\WINDOWS\System32\drivers\ssudmdm.sys [324224] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/07/16 07:41:53 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) – C:\WINDOWS\System32\drivers\stexstor.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/03/08 13:02:42 A . (.Vimicro Corporation - Vimicro USB Video Class Camera.) – C:\WINDOWS\System32\drivers\vmc412.sys [324224] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2016/07/16 07:41:53 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) – C:\WINDOWS\System32\drivers\vsmraid.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) – C:\WINDOWS\System32\drivers\VSTXRAID.SYS [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - Kernel WinMad.) – C:\WINDOWS\System32\drivers\winmad.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - Kernel WinVerbs.) – C:\WINDOWS\System32\drivers\winverbs.sys [324224] =>.Microsoft Windows®
O58 - SDL:2012/06/13 20:10:32 A . (."CyberLink - Cyberlink Virtual Disk Driver.) – C:\WINDOWS\System32\drivers\wsvd.sys [324224] =>.CyberLink®
O58 - SDL:2016/11/29 10:20:22 A . (.Zemana Ltd. - ZAM.) – C:\WINDOWS\System32\drivers\zam64.sys [324224] =>.Zemana Ltd.®
O58 - SDL:2016/11/29 10:20:14 A . (.Zemana Ltd. - ZAM.) – C:\WINDOWS\System32\drivers\zamguard64.sys [324224] =>.Zemana Ltd.®
—\ Last modified or created user files (1) - 403s
O61 - LFC: 2016/11/28 12:31:54 A . (.Copyright © 2015.) – C:\Users\Ivan Reyes Ortega\Desktop\Defenses\Adware Removal Tool by TSA.exe [752296] {317DD1C55F51AC2756D9C93C060C6FA5}
—\ File Associations Shell Spawning (11) - 1s
O67 - Shell Spawning: <.bat> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.cpl> [HKLM..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) – C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.com> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.evt> [HKLM..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) – C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.html> [HKLM..\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> [HKLM..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) – C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> [HKLM..\open\Command] (.Microsoft Corporation - Registry Editor.) – C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> [HKLM..\open\Command] (…) – “%1” /S
O67 - Shell Spawning: <.html> [HKCU..\open\Command] (…) – C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
—\ Start Menu Internet (4) - 0s
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
—\ Search Browser Infection (7) - 0s
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKCU] {1898CB3E-8BBA-4F65-AF7A-D32185E768EF} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKCU] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKCU] {BF47303B-CFAA-40F3-84BE-AFFFAA87AA21} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {1898CB3E-8BBA-4F65-AF7A-D32185E768EF} - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.
—\ Search Svchost Services (45) - 2s
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\WINDOWS\System32\certprop.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\WINDOWS\System32\certprop.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) – C:\WINDOWS\system32\srvsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) – C:\WINDOWS\System32\gpsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) – C:\WINDOWS\System32\ikeext.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) – C:\WINDOWS\System32\iphlpsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) – C:\WINDOWS\system32\seclogon.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) – C:\WINDOWS\System32\appinfo.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) – C:\WINDOWS\system32\iscsiexe.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) – C:\WINDOWS\System32\eapsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) – C:\WINDOWS\system32\schedsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) – C:\WINDOWS\system32\wbem\WMIsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) – C:\WINDOWS\System32\browser.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) – C:\Windows\System32\SessEnv.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) – C:\WINDOWS\System32\wercplsupport.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: shpamsvc (shpamsvc) . (.Microsoft Corporation - SharedPC.AccountManager.) – C:\WINDOWS\system32\Windows.SharedPC.AccountManage r.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) – C:\WINDOWS\system32\themeservice.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) – C:\WINDOWS\System32\lfsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) – C:\Windows\System32\Windows.Internal.Management.dl l [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Infrared Monitor.) – C:\WINDOWS\System32\irmon.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) – C:\WINDOWS\System32\rasauto.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) – C:\WINDOWS\System32\rasmans.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) – C:\Windows\System32\mprdim.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) – C:\WINDOWS\System32\sens.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) – C:\WINDOWS\System32\ipnathlp.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows™ Telephony Server.) – C:\Windows\System32\tapisrv.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) – C:\WINDOWS\system32\wuaueng.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) – C:\WINDOWS\System32\qmgr.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) – C:\Windows\System32\shsvcs.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) – C:\WINDOWS\system32\dmwappushsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: WpnService (WpnService) . (.Microsoft Corporation - Windows Push Notification System Service.) – C:\WINDOWS\system32\WpnService.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) – C:\WINDOWS\system32\XboxNetApiSvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: DcpSvc (DcpSvc) . (.Microsoft Corporation - dcpsvc Task.) – C:\WINDOWS\system32\dcpsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: RetailDemo (RetailDemo) . (.Microsoft Corporation - RDXService.) – C:\WINDOWS\system32\RDXService.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) – C:\WINDOWS\System32\bdesvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) – C:\WINDOWS\System32\DeviceSetupManager.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) – C:\WINDOWS\System32\ncasvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) – C:\WINDOWS\system32\profsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) – C:\WINDOWS\System32\usermgr.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) – C:\WINDOWS\System32\XblAuthManager.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) – C:\WINDOWS\System32\XblGameSave.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) – C:\WINDOWS\system32\usocore.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: wisvc (wisvc) . (.Microsoft Corporation - Flight Settings.) – C:\WINDOWS\system32\flightsettings.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) – C:\WINDOWS\system32\wlidsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Network Setup Service.) – C:\WINDOWS\System32\NetSetupSvc.dll [324224] =>.Microsoft Corporation
—\ Firewall Active Exception List (4) - 2s
O87 - FAEL: “TCP Query User{35EB6970-F44A-4BA5-854A-5D1F0BC262F4}C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe” [In-None-P6-TRUE] .(…) – C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe (.not file.) =>.Superfluous.AkamaiHD
O87 - FAEL: “UDP Query User{4D64E4B3-39A9-4A78-9299-6A2837D9FEA6}C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe” [In-None-P17-TRUE] .(…) – C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe (.not file.) =>.Superfluous.AkamaiHD
O87 - FAEL: “{7285CD80-EF16-48A6-8F6C-9E0050FC57C0}” [In-None-P17-TRUE] .(…) – C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe (.not file.) =>.Superfluous.AkamaiHD
O87 - FAEL: “{165B5F0A-2DDA-4FAC-B848-4558F4DA785B}” [In-None-P6-TRUE] .(…) – C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe (.not file.) =>.Superfluous.AkamaiHD
—\ Additional Scan (O88) (4) - 0s
C:\WINDOWS\System32\Tasks{DB50062B-1108-4516-B07E-CB933EB55684} =>.Superfluous.AkamaiHD
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} =>Riskware.QuickTime
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} =>Riskware.QuickTime
HKCU\SOFTWARE\Akamai =>.Superfluous.AkamaiHD
—\ Summary of the elements found (2) - 0s
Blog - Nicolas Coolman =>.Superfluous.AkamaiHD
Redirecting... =>Riskware.QuickTime
~ End of the scan, 72155 items in 00h25mn28s (1429)

**Malnutrition** · 11-30-2016, 04:02 AM

Originally posted by Iaro96

can’t believe it, there’s still UCBrowser stuff left

Those items were already in quarantine, it will take me a while to go over these logs.

**Malnutrition** · 11-30-2016, 05:10 AM

FRST Fix

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

After you have ran the fixlist, then grab Patch My PC and update all of your software as well install Google Chrome from within Patch My PC.

**Iaro96** · 11-30-2016, 05:17 AM

Alright, I will do that right away.

The Zemana Antimalware program just popped up, informing me about 4 new threats. How come they keep spawning? Do they reproduce or something? o_O
[HEADING=1]Zemana AntiMalware 2.70.2.25 (Installed)[/HEADING]
[HEADING=1]Scan Result : Completed
Scan Date : 2016/11/30
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core™ i3-3130M CPU @ 2.60GHz
BIOS Mode : UEFI
CUID : 1203285F630FDF1F3D8882
Scan Type : Scheduled Scan
Duration : 33m 34s
Scanned Objects : 212617
Detected Objects : 4
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
Detected Objects[/HEADING]
ClockworkMod
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Ce rtificates\8E9FBA4F0A0974EF5DA6939F17D49F682C78E76 E\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Root CA
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Ce rtificates\8E9FBA4F0A0974EF5DA6939F17D49F682C78E76 E\Blob = 1900000001000000100000004321E029B1DFB58332B4E12D36 84B1BA0F00000001000000140000004197EEB33C029DA9C95D F96F3E79C000823926060300000001000000140000008E9FBA 4F0A0974EF5DA6939F17D49F682C78E76E1400000001000000 1400000043A30E1537E622AF0B33246E665F1ABA5327369420 0000000100000000030000308202FC308201E8A00302010202 1045FFC961E0ED6DBC4F552B7D1451104A300906052B0E0302 1D05003017311530130603550403130C436C6F636B776F726B 4D6F64301E170D3133303430373233313334345A170D333931 3233313233353935395A3017311530130603550403130C436C 6F636B776F726B4D6F6430820122300D06092A864886F70D01 010105000382010F003082010A0282010100DA79369D868709 997C40830E263A887C28CD8E64E569B7BA0FEF133AB825E806 33BFF9B8A8439518ABAC49C394061A0A82E3A314FAABDEDB0A CF45DA482B18A1F303BB2434A0886B1F44F50B3CE96E4AFB7E 90B0A6F2EB2241D4004AAB7B89BA94240E190753B5509E0EEF 626B5BDF75BAEC8B2ED66B5D66144057CEBD98C1635D186B9B 9A4E216813D90C7561CEB1B21C9863515587B7A1D0494294C9 6C8F096CB92772D26CE1F44E86953E47CE641FF67C0C83B818 030583F7AC560D8E6FBDDCD98CC8B03F535D0515F157551E09 C1AEDD794AD8E9D45649437BE48A88F7B3225C92A95E9C0D54 BA57F3C6D7F9EAC1AECF624718912FA6B8DC7CCAD134152702 03010001A34C304A30480603551D010441303F8010A7571CAA DAC4F456624305DC75A92FEEA1193017311530130603550403 130C436C6F636B776F726B4D6F64821045FFC961E0ED6DBC4F 552B7D1451104A300906052B0E03021D05000382010100003C DC97A66A3D5B012A163EF57499E469595BBAA1CA37A7B27EFF E614889E76F586DAB0DD60E2D3C1C6B2E1583C4614747D696E 75C82B7051FFE3DE80486A59E643329B9C751E429B27CAD025 FC1BE66F1ED5910AAA79C70293196B9E13FE8D2239A3672737 400DCC67B8D9510D594C9041FCC27A41BE8F08A1F49B922FCD 4E3E2049B7D5C378DB362498F0E9B2A370E384D764259DB230 F09F7F8A77D0A71EF07CEF836F7EB69A69ECA2DFE1ACD8AA4D 50D31FDAE05FC8C7A8684BE4790B98F2A12DD26A06F2A49290 31EEA3FD9E6A13363B8C7DCF36797034B20EECB7F4F8795CA6 081C29BD6632F1D964D5FF48FA54FAC117CF16F0785ABE5DB3 75880538
USB\VID_04E8&PID_685D (libwdi autogenerated)
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Ce rtificates\79A1536CB59231522B32C99ECE8D4FCB7CC677C 1\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Root CA
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Ce rtificates\79A1536CB59231522B32C99ECE8D4FCB7CC677C 1\Blob = 190000000100000010000000EA23AE460AAC660DAD41B96E64 9979130F00000001000000140000008E2E21C85680BCBBEBB8 BE8E7A40D697FC9C07DC03000000010000001400000079A153 6CB59231522B32C99ECE8D4FCB7CC677C10B00000001000000 0E0000006C0069006200770064006900000014000000010000 00140000003C8181F38BEEC3904667DF2B9936D7B1965C8459 2000000001000000CC020000308202C830820231A003020102 021054CBAC55D9DBA2A54AE78B36CEDB5630300D06092A8648 86F70D010105050030633161305F06035504031E5800550053 0042005C005600490044005F00300034004500380026005000 490044005F003600380035004400200028006C006900620077 006400690020006100750074006F00670065006E0065007200 610074006500640029301E170D313430313034323332363139 5A170D3239303130313030303030305A30633161305F060355 04031E58005500530042005C005600490044005F0030003400 4500380026005000490044005F003600380035004400200028 006C006900620077006400690020006100750074006F006700 65006E006500720061007400650064002930819F300D06092A 864886F70D010101050003818D0030818902818100922BD152 C23E25F04124F289793D15BBA93834827D24C97DA736FAE3E2 F917E6381A5EAA245854E8195B735755A012CBD8C03C000DE9 73B30E06F8C2CA0EF7A0E5B79C4D7A0C3D4B00F71BD3C6BB9C A4DFC93461E12B4F1F93EB90E2D59FDEF0B81A366DD0C451AF DF0F4EE45D507B3FEFA42AA66D8F306DDD9B33E6B72DB08502 03010001A37D307B30160603551D250101FF040C300A06082B 0601050507030330200603551D07041930178615687474703A 2F2F6C69627764692E616B656F2E6965303F0603551D200438 3036303406082B060105050702013028302606082B06010505 070201161A687474703A2F2F6C69627764692D6370732E616B 656F2E696500300D06092A864886F70D010105050003818100 23C45519D40EC7A82B885A7073E46BAA19FAAC09B43B6AD4E6 279DF73BE9C03BE7DC874EDC408D4947376A7B79C8C485B8DB 4981873225E5FD6DEBB0B50B0B04C645A9F0D4EA00968AED42 8329B8B55DD7CB1FBAAB4075E8A3669D7117C4E2137ABFCAF6 EC6EB219706DAE3277CF4009994112CD8CADA7082CF4388D6F A278FE
Nuance
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Ce rtificates\512D194D2864CCBB67432E67BD4C9B6A4F006AD 5\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Root CA
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Ce rtificates\512D194D2864CCBB67432E67BD4C9B6A4F006AD 5\Blob = 1900000001000000100000006D7D9B0308D38C91862F03859F 5D2E4D0F0000000100000014000000AEA51AFF6E4BA2826EB5 E149295C248CA58EDD1A030000000100000014000000512D19 4D2864CCBB67432E67BD4C9B6A4F006AD51400000001000000 14000000FD455B25788F847C61C1250E918AE1EE1C9C383420 00000001000000EE020000308202EA308201D6A00302010202 1098EF9DF59A1E598D4DB75200D595E6A3300906052B0E0302 1D05003011310F300D060355040313064E75616E6365301E17 0D3132313032323138343334375A170D333931323331323335 3935395A3011310F300D060355040313064E75616E63653082 0122300D06092A864886F70D01010105000382010F00308201 0A0282010100D31934ECCECFCFC0DB3284E59F954FA33F6CDF 6B367ABAC0D0CE5D5FD938406D51FBF8D277AFBF5433F2D94D BE0BDDA49FDABA20690F251FD75AB02799723707ECCCD740D4 715352EF68BE884EE224A5DB3E7BA2E2C8856CCCF532F6416A 4FA1CF5CFAC8C512C789B498A906BE466BA4AC104AABA94D80 D23FE7202321A1EE865125213DAEDC3E3A78B2A8AA410858D3 1C7E95EFCA090E2E8A1810D3FCAC514D56B4043CD9BA73DA83 3204B5A6000F9D45DA2D439259562F25C2A2FD181BF40C316B CE18D18F77C042894055EB96ADC872325682ED4ECA267DCC59 2507A73E0294DFA19D15B0D17329214E9A0A2FC5853C1FBED8 AA89CF10CF590959D3809C7D0203010001A346304430420603 551D01043B303980104CB273B8AE0148893E32016E3B4BF96B A1133011310F300D060355040313064E75616E6365821098EF 9DF59A1E598D4DB75200D595E6A3300906052B0E03021D0500 038201010037BBD2A49C8F8BD226E687FC3C3B82E5BDEB3EFA 1DF58D54E87EB953631275B6E55F69B42F1D65C07DB2BC2052 0EACF4A2074592E3A3D8FB83535827BF72362B97F282E74C39 16AFAB0556CCC0A868E84035A1AA7EC2FF589D1DA60798746F 7ED251C6F7C586F63918F0BC02B53182F2B63F04C12A9256B7 27020830188BD9C070D240D636E973079DD127BFAC10EF629E 834DEC8EDE07C6512E2AA15DD58F635194A8873E702829A925 7829DCE00FD3179F4225A3AAF1B3F0F609DB3EEA20452162ED EAD8DD3432F514C1B3CD3A9B8E11CC7C832D8BAFF04CD45544 AE1721C22678F9C5218177A3C05AAFA061CB57DB17BB0DCB5F 84E5361C26DE4997CA1D7A
Trojan:Win32/Poweliks
Status : Scanned
Object : %systemroot%\system32\tasks{7c134af1-a52c-45fb-a769-590205637799}|c:\program files\internet explorer\iexplore.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Fileless Malware
Cleaning Action : Delete
Related Objects :
Scheduled Task - C:\WINDOWS\System32\Tasks{7C134AF1-A52C-45FB-A769-590205637799}
[HEADING=1]Cleaning Result[/HEADING]
Cleaned : 4
Reported as safe : 0
Failed : 0

**Iaro96** · 11-30-2016, 05:27 AM

Here is the fixlog:
[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
Ran by Ivan Reyes Ortega (30-11-2016 01:18:18) Run:2
Running from C:\Users\Ivan Reyes Ortega\Desktop\Defenses\FRST
Loaded Profiles: Ivan Reyes Ortega (Available Profiles: Joanne & Ivan Reyes Ortega & Guest)
Boot Mode: Normal[/HEADING]
fixlist content:

start
CreateRestorePoint:
CloseProcesses:
C:\Program Files\Google
C:\Program Files (x86)\Google
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome
C:\Users\Ivan Reyes Ortega\AppData\Local\Google
C:\Program Files\WindowsApps\FilmOnLiveTVFree.FilmOnLiveTVFre e_1.3.6.115_x64__zx03kxexxb716\js\google-analytics-helper.js
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-5B3CDFA8.pf
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-AFD99EFF.pf
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-B7AD469C.pf
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-C327CBAA.pf
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-DE5D8DDC.pf
C:\Windows\Prefetch\CHROME.EXE-46AA1511.pf
C:\Windows\Prefetch\CHROME.EXE-46AA1513.pf
C:\Windows\Prefetch\CHROME.EXE-FDA848E2.pf
C:\Windows\System32\Tasks_Migrated\GoogleUpdateTas kMachineCore
C:\Windows\System32\Tasks_Migrated\GoogleUpdateTas kMachineUA
C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
C:\WINDOWS\System32\Tasks\Apple Diagnostics
C:\WINDOWS\System32\Tasks{8DD3EE36-D507-432E-A9B1-FA7778A3BE83}
C:\WINDOWS\System32\Tasks{DB50062B-1108-4516-B07E-CB933EB55684}
C:\WINDOWS\System32\Tasks{7C134AF1-A52C-45FB-A769-590205637799}
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat
C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.erolpxei.bat
C:\Program Files (x86)\Amazon
C:\Program Files\Google
C:\Program Files (x86)\Google
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC???
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
C:\ProgramData\McAfee
C:\ProgramData\EnterNHelp
C:\ProgramData\Ultima_T15
C:\Users\Ivan Reyes Ortega\AppData\Local\Amazon_Services_LLC
C:\Users\Ivan Reyes Ortega\AppData\Local\Google
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign3068897a4b1eb3ee
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9f2bb262de7593b7
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9f2bb262de7593b7
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc72dfdeceed18e91
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigndfa06b53a3425ad3
C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe
C:\WINDOWS\System32\Tasks{DB50062B-1108-4516-B07E-CB933EB55684}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\aTube Catcher
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Google
DeleteKey: HKCU\SOFTWARE\AhnLab
DeleteKey: HKCU\SOFTWARE\Google
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Emptytemp:
reboot:
end

[HEADING=1]Restore point was successfully created.
Processes closed successfully.
C:\Program Files\Google => moved successfully
C:\Program Files (x86)\Google => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Google => moved successfully
C:\Program Files\WindowsApps\FilmOnLiveTVFree.FilmOnLiveTVFre e_1.3.6.115_x64__zx03kxexxb716\js\google-analytics-helper.js => moved successfully
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-5B3CDFA8.pf => moved successfully
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-AFD99EFF.pf => moved successfully
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-B7AD469C.pf => moved successfully
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-C327CBAA.pf => moved successfully
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-DE5D8DDC.pf => moved successfully
C:\Windows\Prefetch\CHROME.EXE-46AA1511.pf => moved successfully
C:\Windows\Prefetch\CHROME.EXE-46AA1513.pf => moved successfully
C:\Windows\Prefetch\CHROME.EXE-FDA848E2.pf => moved successfully
C:\Windows\System32\Tasks_Migrated\GoogleUpdateTas kMachineCore => moved successfully
C:\Windows\System32\Tasks_Migrated\GoogleUpdateTas kMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\CCleanerSkipUAC => moved successfully
C:\WINDOWS\System32\Tasks\Apple Diagnostics => moved successfully
C:\WINDOWS\System32\Tasks{8DD3EE36-D507-432E-A9B1-FA7778A3BE83} => moved successfully
C:\WINDOWS\System32\Tasks{DB50062B-1108-4516-B07E-CB933EB55684} => moved successfully
“C:\WINDOWS\System32\Tasks{7C134AF1-A52C-45FB-A769-590205637799}” => not found.
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” => not found.
“C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat” => not found.
“C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.erolpxei.bat” => not found.
C:\Program Files (x86)\Amazon => moved successfully
“C:\Program Files\Google” => not found.
“C:\Program Files (x86)\Google” => not found.
“C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC???” => not found.
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 => moved successfully
C:\ProgramData\McAfee => moved successfully
C:\ProgramData\EnterNHelp => moved successfully
C:\ProgramData\Ultima_T15 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Amazon_Services_LLC => moved successfully
“C:\Users\Ivan Reyes Ortega\AppData\Local\Google” => not found.
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign3068897a4b1eb3ee => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9f2bb262de7593b7 => moved successfully
“C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9f2bb262de7593b7” => not found.
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc72dfdeceed18e91 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigndfa06b53a3425ad3 => moved successfully
“C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe” => not found.
“C:\WINDOWS\System32\Tasks{DB50062B-1108-4516-B07E-CB933EB55684}” => not found.
HKLM\SOFTWARE\Wow6432Node\aTube Catcher => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google => key removed successfully
HKCU\SOFTWARE\AhnLab => key removed successfully
HKCU\SOFTWARE\Google => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} => key removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 146552395 B
Java, Flash, Steam htmlcache => 103942407 B
Windows/system/drivers => 138939 B
Edge => 93035769 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => -652 B
Joanne => 0 B
Ivan Reyes Ortega => 1101165442 B
Guest => 0 B
RecycleBin => 132275 B
EmptyTemp: => 1.3 GB temporary data Removed.[/HEADING]
The system needed a reboot.
==== End of Fixlog 01:20:17 ====

**Iaro96** · 11-30-2016, 05:32 AM

This thing popped up again. The “Quik Tray App” thing… Not sure if it is related to the infection. But the first time I saw it was after the Chinese UC virus.

Forums - PC Help Forum

https://pchelpforum.net/attachments/tray-app-jpg.939/

PCHF Forums

**Malnutrition** · 11-30-2016, 05:36 AM

Your machine was certainly a mess… lets run a couple more…

Please download Malwarebytes Anti-Rootkit from here

[ul]
[li]Unzip the contents to a folder in a convenient location.[/li][li]Open the folder where the contents were unzipped and run mbar.exe[/li][li]Follow the instructions in the wizard to update and allow the program to scan your computer for threats.[/li][li]Click on the Cleanup button to remove any threats and reboot if prompted to do so.[/li][li]Wait while the system shuts down and the cleanup process is performed.[/li][li]Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.[/li][li]When done, please post the two logs produced they will be in the MBAR folder… mbar-log.txt and system-log.txt[/li][/ul]
9-Lab Scan.

[ul]
[li]Download 9-Lab Removal Tool. [/li][li]CLICK HERE to determine whether you’re running 32-bit or 64-bit for Windows.[/li][li]Install the program onto your computer, then right click the icon run as administrator.[/li][li]Update the program and then run a full scan![/li][li]Make sure the program updates, might be better to install it update reboot and check for updates again.[/li][li]You need to make sure the database updates!!![/li][li]Upon Scan Completion Click on Show Results.[/li][li]Then Click On Clean[/li][li]Then Click on Save Log.[/li][li]Save it to your desktop, copy and paste the contents of the log here in your next reply.[/li][/ul]

**Iaro96** · 11-30-2016, 05:53 AM

Additionally, I still feel like it’s behaving a bit slow, especially when opening programs (Browser, iTunes, Adobe Reader, etc). At the moment of typing this message, for example, characters lag sometimes before appearing. I suppose it might be because of Zemana Anti-Malware which is running in the background. I’ll run those two and then Patch My PC.

**Malnutrition** · 11-30-2016, 06:00 AM

Originally posted by Iaro96

Additionally, I still feel like it’s behaving a bit slow, especially when opening programs (Browser, iTunes, Adobe Reader, etc).

I provided instructions to try and address this, there are lot of things running on your machine that are not needed.

Clean up temp files and reduce startup load with CCleaner.

[ul]
[li]Download CCleaner from here.[/li][li]After install Click Options.[/li][li]Go to monitoring.[/li][li]Uncheck All Monitoring items.[/li][li][ATTACH]941[/ATTACH] [/li]
[li]Go to advanced – Click close program after cleaning.[/li][li]Go to settings – click run ccleaner when the computer starts.[/li][li]Now that you have ccleaner installed and set-up:[/li][li]Open the program.[/li][li]Go to Tools[/li][li]Go to Startup[/li][li]Now double click each item. To Disable.[/li][li][ATTACH]942[/ATTACH] [/li]
[li]You have a large amount of items starting, you should only keep three. Pick your fabvorite apps to start then disable the rest.[/li]
[li]Then disable All items in your scheduled task as well.[/li][li]Unless they are related to windows defender.[/li][li]Reboot the machine.[/li][/ul]

Here are the same instructions with Pictures…

Ccleaner To disable Useless Startups.

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

CCleaner - Free Download - Piriform
[MEDIA=imgur]kwLN4uv[/MEDIA]

Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up then under the Windows Tab select each item then disable. Also under the scheduled task tab, you are safe to disable all task. Only disable items under the windows tab and scheduled task tab!

[MEDIA=imgur]GjWwvEu[/MEDIA]

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

[ul]
[li]Hit options.[/li][li]Settings.[/li][li]Place a tick to run Ccleaner when the computer starts.[/li][/ul]
[MEDIA=imgur]Lxioao1[/MEDIA]

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

[MEDIA=imgur]SnqZ2JW[/MEDIA]

Reboot the machine after.

**Iaro96** · 11-30-2016, 07:05 AM

Will leave Malwarebytes Anti-Rootkit overnight, then run 9-Lab Scan, CC Cleaner and finally Patch My PC. Will be posting all the logs. Again @Malnutrition , can’t stress how thankful I am. Thanks for everything sir! Night.

**Iaro96** · 11-30-2016, 02:24 PM

The buttons on the screen of my computer are touch and they get glitched from time to time. Had to turn the computer off and on. Could not see or get the results of the log. Will be re-doing it.

**Malnutrition** · 11-30-2016, 05:09 PM

Alright, awaiting the logs.

**jmarket** · 11-30-2016, 08:03 PM

I need you to run aswMBR. If it’s being persistent, I want to ensure that it isn’t hiding in your MBR.

Please download aswMBR from here
[ul]Save aswMBR.exe to your Desktop[/ul]
[ul]Double click aswMBR.exe to run it[/ul]
[ul]Click the Scan button to start the scan as illustrated below (Note that it may seem like the scan is frozen or stuck at times. It is not stuck. Please let it finish)
[/ul]

Forums - PC Help Forum

https://pchelpforum.net/attachments/mbrscan1-png.349

PCHF Forums

Note: Do not take action against any Rootkit entries until we have reviewed the log. Often there are false positives.
[ul]Once the scan finishes click Save log to save the log to your Desktop.[/ul]

Forums - PC Help Forum

https://pchelpforum.net/attachments/mbrscan2-png.351

PCHF Forums

[ul]Copy and paste the contents of aswMBR.txt in your post for review by our Security Team.[/ul]

**Iaro96** · 12-01-2016, 03:49 AM

Originally posted by Malnutrition

Alright, awaiting the logs.

The same thing happened again. Went to college and left the scan running (This time I didn’t manually turn my screen off, but the computer went to sleep). It wouldn’t turn on…
However I checked the logs of the program and this is that I found:

[HEADING=1]Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.447.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 6322003968, free: 3039768576
Downloaded database version: v2016.11.30.02
Downloaded database version: v2016.11.20.01
Downloaded database version: v2016.11.29.02
Initializing…[/HEADING]
[HEADING=1]Driver version: 0.3.0.4
------------ Kernel report ------------
11/30/2016 01:57:49
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy .sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
??\C:\WINDOWS\System32\drivers\zamguard64.sys
??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\Hamdrv.sys
\SystemRoot\System32\DriverStore\FileRepository\co mpositebus.inf_amd64_a140581a8f8b58b7\CompositeBus .sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\libusb0.sys
\SystemRoot\system32\drivers\bcbtums.sys
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\system32\drivers\BthA2DP.sys
\SystemRoot\system32\drivers\btampm.sys
\SystemRoot\System32\drivers\BthAvrcpTg.sys
\SystemRoot\System32\drivers\bthhfenum.sys
\SystemRoot\System32\drivers\hidbth.sys
\SystemRoot\System32\Drivers\VMC412.sys
\SystemRoot\system32\DRIVERS\BthHfAud.sys
\SystemRoot\System32\drivers\BthHFHid.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\rtwlanu_oldIC.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
??\C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2016.11.30.02
rootkit: v2016.11.20.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff9b0c3e8bf060, DeviceName: \Device\Harddisk0\DR0, DriverName: \Driver\disk
--------- Disk Stack ------
DevicePointer: 0xffff9b0c3e8bfae0, DeviceName: Unknown, DriverName: \Driver\partmgr
DevicePointer: 0xffff9b0c3e8bf060, DeviceName: \Device\Harddisk0\DR0, DriverName: \Driver\disk
DevicePointer: 0xffff9b0c3c1db040, DeviceName: Unknown, DriverName: \Driver\ACPI
DevicePointer: 0xffff9b0c3c1d5060, DeviceName: \Device\00000029, DriverName: \Driver\iaStorA
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0, DriverName: \Driver\disk
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers…
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0…
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 1B3DE834
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3327256683
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 60b89d9d-52e-4f73-8220-e0792bdb1cb5
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3327256683
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 60b89d9d-52e-4f73-8220-e0792bdb1cb5
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 4b21a05d-e898-415e-83fc-5f3b9a8c77f
FirstLBA 2048 Last LBA 2050047
Attributes 1
Partition Name
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 74b99b7d-11-4808-bff-dfb0fb96717c
FirstLBA 2050048 Last LBA 2582527
Attributes 0
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
Partition ID e331c708-877a-42b0-a26e-b01daac248a8
FirstLBA 2582528 Last LBA 3606527
Attributes 1
Partition Name
Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID d74b076d-cf80-41cf-9590-94f1489131e
FirstLBA 3606528 Last LBA 3868671
Attributes 0
Partition Name Microsoft reserved partition
Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 4fa1e888-db2c-42af-89f8-e35793ba8e5
FirstLBA 3868672 Last LBA 1901402111
Attributes 0
Partition Name Basic data partition
Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 8d41c442-39b4-4a5e-a85f-684c8ff09515
FirstLBA 1901402112 Last LBA 1902323711
Attributes 1
Partition Name
Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID e2b4d-775e-4b4e-a0af-d5b1557ea6d5
FirstLBA 1902323712 Last LBA 1953523711
Attributes 1
Partition Name
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
File “C:\Windows\System32\KERNELBASE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\KERNELBASE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\apphelp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\psapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\user32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\user32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\win32u.dll” is sparse (flags = 32768)
File “C:\Windows\System32\win32u.dll” is sparse (flags = 32768)
File “C:\Windows\System32\gdi32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\GDI32FULL.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\GDI32FULL.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\advapi32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msvcrt.dll” is sparse (flags = 32768)
File “C:\Windows\System32\sechost.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rpcrt4.dll” is sparse (flags = 32768)
File “C:\Windows\System32\sspicli.dll” is sparse (flags = 32768)
File “C:\Windows\System32\CRYPTBASE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\CRYPTBASE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\BCRYPTPRIMITIVES.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\BCRYPTPRIMITIVES.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\imm32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\shlwapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\combase.dll” is sparse (flags = 32768)
File “C:\Windows\System32\combase.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ucrtbase.dll” is sparse (flags = 32768)
File “C:\Windows\System32\shell32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\shell32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\cfgmgr32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\version.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.STORAGE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.STORAGE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\powrprof.dll” is sparse (flags = 32768)
File “C:\Windows\System32\KERNEL.APPCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\KERNEL.APPCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\SHCore.dll” is sparse (flags = 32768)
File “C:\Windows\System32\profapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ole32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ole32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wintrust.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wintrust.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msasn1.dll” is sparse (flags = 32768)
File “C:\Windows\System32\crypt32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\crypt32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\imagehlp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wininet.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wininet.dll” is sparse (flags = 32768)
File “C:\Windows\System32\netapi32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\userenv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mpr.dll” is sparse (flags = 32768)
File “C:\Windows\System32\sfc_os.dll” is sparse (flags = 32768)
File “C:\Windows\System32\netutils.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ws2_32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\comdlg32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\comdlg32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\oleaut32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\oleaut32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\MSVCP_WIN.DLL” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507 ded2cb4f7f4c\comctl32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\winmm.dll” is sparse (flags = 32768)
File “C:\Windows\System32\winspool.drv” is sparse (flags = 32768)
File “C:\Windows\System32\WINMMBASE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WINMMBASE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\bcrypt.dll” is sparse (flags = 32768)
File “C:\Windows\System32\cryptsp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rsaenh.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wkscli.dll” is sparse (flags = 32768)
File “C:\Windows\System32\cscapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\uxtheme.dll” is sparse (flags = 32768)
File “C:\Windows\System32\iertutil.dll” is sparse (flags = 32768)
File “C:\Windows\System32\iertutil.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\IPHLPAPI.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\winhttp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mswsock.dll” is sparse (flags = 32768)
File “C:\Windows\System32\winnsi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\nsi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dnsapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\clbcatq.dll” is sparse (flags = 32768)
File “C:\Windows\System32\urlmon.dll” is sparse (flags = 32768)
File “C:\Windows\System32\urlmon.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rasadhlp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\FWPUCLNT.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\msctf.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msctf.dll” is sparse (flags = 32768)
File “C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dwmapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dhcpcsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dhcpcsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\srvcli.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ntmarta.dll” is sparse (flags = 32768)
File “C:\Windows\System32\UIAUTOMATIONCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\UIAUTOMATIONCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\sxs.dll” is sparse (flags = 32768)
File “C:\Windows\System32\oleacc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\oleacc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\twinapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\TWINAPI.APPCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\TWINAPI.APPCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\wtsapi32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\winsta.dll” is sparse (flags = 32768)
File “C:\Windows\System32\propsys.dll” is sparse (flags = 32768)
File “C:\Windows\System32\coml2.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mssprxy.dll” is sparse (flags = 32768)
File “C:\Windows\System32\linkinfo.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ntshrui.dll” is sparse (flags = 32768)
File “C:\Windows\System32\smss.exe” is sparse (flags = 32768)
File “C:\Windows\System32\csrss.exe” is sparse (flags = 32768)
File “C:\Windows\System32\wininit.exe” is sparse (flags = 32768)
File “C:\Windows\System32\winlogon.exe” is sparse (flags = 32768)
File “C:\Windows\System32\winlogon.exe” is sparse (flags = 32768)
File “C:\Windows\System32\services.exe” is sparse (flags = 32768)
File “C:\Windows\System32\lsass.exe” is sparse (flags = 32768)
File “C:\Windows\System32\svchost.exe” is sparse (flags = 32768)
File “C:\Windows\System32\dwm.exe” is sparse (flags = 32768)
File “C:\Windows\System32\dasHost.exe” is sparse (flags = 32768)
File “C:\Windows\System32\spoolsv.exe” is sparse (flags = 32768)
File “C:\Windows\System32\mscoree.dll” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\msc oreei.dll” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr .dll” is sparse (flags = 32768)
File “C:\Windows\System32\MSVCR120_CLR0400.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\MSVCR120_CLR0400.DLL” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\ms corlib\40571abae9422cd2ca6fafbbde1c3cdc\mscorlib.n i.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem\08da6b6698b412866e6910ae9b84f363\System.ni.dl l” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr jit.dll” is sparse (flags = 32768)
File “C:\Windows\System32\avrt.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msacm32.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9 a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvc r80.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9 a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvc r90.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wevtapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dpapi.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Runtime\c222377567372f3384a612b0437c9d06\Syst em.Runtime.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Runteb92aa12#\213003369298faf75651a6b8981dce1 2\System.Runtime.Serialization.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Core\f6ebd52be27fe627fed0d185c6a9c0d5\System. Core.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Configuration\aa9c29b70b4cceab890eb841f89d73e 9\System.Configuration.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Xml\7532301b00fac8def2f526ca8b480e11\System.X ml.ni.dll” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSC ORSECIMPL.DLL” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSC ORSECIMPL.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\gpapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\gpapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\cryptnet.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Drawing\c2abcda8f96d67fa6ff5665fd21dddff\Syst em.Drawing.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Windows.Forms\c02fbf560e52a1aab432a90d4c613af 4\System.Windows.Forms.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.ServiceModel\a390fa28b40e5b0bfd357371211f470d \System.ServiceModel.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Data\2b901873687e343684064998783c1f8d\System. Data.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Net.Http\6ba98b6eeadccf682c0cc876bcc548da\Sys tem.Net.Http.ni.dll” is sparse (flags = 32768)
File “C:\Windows\System32\DHCPCSVC6.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DHCPCSVC6.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\setupapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\devobj.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Xml.Linq\6e975e2acfc33e1c706f00bf2942e187\Sys tem.Xml.Linq.ni.dll” is sparse (flags = 32768)
File “C:\Windows\System32\PORTABLEDEVICEAPI.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\PORTABLEDEVICEAPI.DLL” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\SM Diagnostics\1b144b0155aa14719ac0b83f038abbd5\SMDia gnostics.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Management\a280fac0c231c9d6d5f1274c2180d594\S ystem.Management.ni.dll” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMI NET_UTILS.DLL” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMI NET_UTILS.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\wbem\wmiutils.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wbemcomn.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wbem\wbemprox.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wbem\wbemsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wbem\fastprox.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Servd1dec626#\d842ac6dc0b94d7516b2d43a62b8f4d 7\System.ServiceModel.Internals.ni.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rasapi32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rasman.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rtutils.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Serv30e99c02#\08ebdebb9c6eb538ca4d0b42155dfb7 d\System.ServiceModel.Channels.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Servf73e6522#\3e5136588f123be6d20335e2596424c 4\System.ServiceModel.Web.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.IdentityModel\5802392cd3e3a6f3921aabc3241bb56 1\System.IdentityModel.ni.dll” is sparse (flags = 32768)
File “C:\Windows\System32\secur32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\schannel.dll” is sparse (flags = 32768)
File “C:\Windows\System32\MSKEYPROTECT.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\MSKEYPROTECT.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\ncrypt.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ntasn1.dll” is sparse (flags = 32768)
File “C:\Windows\System32\NCRYPTSSLP.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NCRYPTSSLP.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\dssenh.dll” is sparse (flags = 32768)
File “C:\Windows\System32\webio.dll” is sparse (flags = 32768)
File “C:\Windows\System32\httpapi.dll” is sparse (flags = 32768)
File “C:\Windows\SysWOW64\svchost.exe” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9 a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvc p90.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wldp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\shfolder.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wshqos.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WSHTCPIP.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\wship6.dll” is sparse (flags = 32768)
File “C:\Program Files\Windows Defender\MsMpEng.exe” is sparse (flags = 32768)
File “C:\Windows\System32\msxml3.dll” is sparse (flags = 32768)
File “C:\Windows\System32\sihost.exe” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRE SENTATIONFONTCACHE.EXE” is sparse (flags = 32768)
File “C:\Windows\explorer.exe” is sparse (flags = 32768)
File “C:\Windows\explorer.exe” is sparse (flags = 32768)
File “C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2 txyewy\SHELLEXPERIENCEHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2 txyewy\SHELLEXPERIENCEHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\SystemApps\Microsoft.Windows.Cortana_c w5n1h2txyewy\SearchUI.exe” is sparse (flags = 32768)
File “C:\Windows\SystemApps\Microsoft.Windows.Cortana_c w5n1h2txyewy\SearchUI.exe” is sparse (flags = 32768)
File “C:\Windows\System32\RUNTIMEBROKER.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\dllhost.exe” is sparse (flags = 32768)
File “C:\Windows\System32\TASKHOSTW.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\SEARCHINDEXER.EXE” is sparse (flags = 32768)
File “C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe” is sparse (flags = 32768)
File “C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe” is sparse (flags = 32768)
File “C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe” is sparse (flags = 32768)
File “C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe” is sparse (flags = 32768)
File “C:\Program Files\Windows Defender\NisSrv.exe” is sparse (flags = 32768)
File “C:\Windows\System32\SETTINGSYNCHOST.EXE” is sparse (flags = 32768)
File “C:\Program Files\Windows Defender\MSASCuiL.exe” is sparse (flags = 32768)
File “C:\Windows\System32\devenum.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msdmo.dll” is sparse (flags = 32768)
File “C:\Program Files\Windows Defender\MpCmdRun.exe” is sparse (flags = 32768)
File “C:\Windows\System32\fltLib.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64 d28dafea4b9\comctl32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\Faultrep.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dbghelp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dbgcore.dll” is sparse (flags = 32768)
File “C:\Windows\System32\security.dll” is sparse (flags = 32768)
File “C:\Windows\System32\riched20.dll” is sparse (flags = 32768)
File “C:\Windows\System32\usp10.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msls31.dll” is sparse (flags = 32768)
File “C:\Windows\System32\DATAEXCHANGE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DATAEXCHANGE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\dcomp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\d3d11.dll” is sparse (flags = 32768)
File “C:\Windows\System32\d3d11.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dxgi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\edputil.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\actxprxy.dll” is sparse (flags = 32768)
File “C:\Windows\System32\pcacli.dll” is sparse (flags = 32768)
File “C:\Windows\System32\devrtl.dll” is sparse (flags = 32768)
File “C:\Windows\System32\idndl.dll” is sparse (flags = 32768)
File “C:\Windows\System32\normaliz.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ieframe.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ieframe.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mstask.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wsock32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wer.dll” is sparse (flags = 32768)
File “C:\Windows\System32\xmllite.dll” is sparse (flags = 32768)
File “C:\Windows\System32\loadperf.dll” is sparse (flags = 32768)
File “C:\Windows\System32\pdh.dll” is sparse (flags = 32768)
File “C:\Windows\System32\cabinet.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6 595b64144ccf1df_1.1.14393.321_none_baab3cb4359688b 4\GdiPlus.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mlang.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msxml6.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msxml6.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVI TY.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVI TY.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WinTypes.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WinTypes.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ONECOREUAPCOMMONPROXYSTUB.DLL ” is sparse (flags = 32768)
File “C:\Windows\System32\ONECOREUAPCOMMONPROXYSTUB.DLL ” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\PER FCOUNTER.DLL” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\PER FCOUNTER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\d3d9.dll” is sparse (flags = 32768)
File “C:\Windows\System32\d3d9.dll” is sparse (flags = 32768)
File “C:\Windows\System32\LOCATIONAPI.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\LOCATIONAPI.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\MSVCP110_WIN.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\MSVCP110_WIN.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\LOCATIONFRAMEWORKPS.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\LOCATIONFRAMEWORKPS.DLL” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIA SYMREADER.DLL” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIA SYMREADER.DLL” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Web\b5bd1926660d2d17f74fd4ee135f4c4b\System.W eb.ni.dll” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\WEB ENGINE4.DLL” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\WEB ENGINE4.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\msiltcfg.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rundll32.exe” is sparse (flags = 32768)
File “C:\Windows\System32\cryptui.dll” is sparse (flags = 32768)
File “C:\Windows\System32\samcli.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWSCODECS.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWSCODECS.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\wbem\WmiPrvSE.exe” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v2.0.50727\msc orwks.dll” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v2.0.50727\msc orjit.dll” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMI NET_UTILS.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DWrite.dll” is sparse (flags = 32768)
File “C:\Windows\System32\DWrite.dll” is sparse (flags = 32768)
File “C:\Windows\System32\MMDevAPI.dll” is sparse (flags = 32768)
File “C:\Windows\System32\AudioSes.dll” is sparse (flags = 32768)
File “C:\Windows\System32\AudioSes.dll” is sparse (flags = 32768)
File “C:\Windows\System32\oledlg.dll” is sparse (flags = 32768)
File “C:\Windows\System32\hid.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9 a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc8 0u.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9 a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvc p80.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b 3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\m fc80ENU.dll” is sparse (flags = 32768)
File “C:\Windows\System32\riched32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wmp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wmp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WMVCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\MFPERFHELPER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\MFPERFHELPER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WMASF.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\mfplat.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mfplat.dll” is sparse (flags = 32768)
File “C:\Windows\System32\RTWorkQ.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wmploc.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\wiadss.dll” is sparse (flags = 32768)
File “C:\Windows\System32\sti.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wiatrace.dll” is sparse (flags = 32768)
File “C:\Windows\System32\LOCATIONNOTIFICATIONWINDOWS.E XE” is sparse (flags = 32768)
File “C:\Windows\System32\LOCATIONNOTIFICATIONWINDOWS.E XE” is sparse (flags = 32768)
File “C:\Windows\System32\msimg32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\nlaapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\nlaapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\atlthunk.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mscms.dll” is sparse (flags = 32768)
File “C:\Windows\AppPatch\AcLayers.dll” is sparse (flags = 32768)
File “C:\Windows\AppPatch\AcLayers.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msv1_0.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msv1_0.dll” is sparse (flags = 32768)
File “C:\Windows\System32\NTLMSHARED.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\cryptdll.dll” is sparse (flags = 32768)
File “C:\Windows\System32\srclient.dll” is sparse (flags = 32768)
File “C:\Windows\System32\spp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\vssapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\vsstrace.dll” is sparse (flags = 32768)
File “C:\Windows\System32\APPLICATIONFRAMEHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\APPLICATIONFRAMEHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\FONTDRVHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\FONTDRVHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\taskschd.dll” is sparse (flags = 32768)
File “C:\Windows\System32\netprofm.dll” is sparse (flags = 32768)
File “C:\Windows\System32\npmproxy.dll” is sparse (flags = 32768)
File “C:\Windows\System32\jsproxy.dll” is sparse (flags = 32768)
File “C:\Windows\System32\NapiNSP.dll” is sparse (flags = 32768)
File “C:\Windows\System32\pnrpnsp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\winrnr.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wshbth.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wshbth.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Web.28b9ef5a#\6ef777676757b8f23c86111711f2654 5\System.Web.Extensions.ni.dll” is sparse (flags = 32768)
File “C:\Windows\System32\conhost.exe” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9 a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvc m90.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi ndowsBase\5751e969e4789e60d3ad463cb6024006\Windows Base.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Pr esentationCore\051a282e157a228405b2e0d867c3ce1d\Pr esentationCore.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Pr esentatio5ae0f00f#\5272cb4aeec65bec2fffb45e9cb2291 0\PresentationFramework.ni.dll” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF \WPFGFX_V0400.DLL” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF \WPFGFX_V0400.DLL” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF \PRESENTATIONNATIVE_V0400.DLL” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF \PRESENTATIONNATIVE_V0400.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\sppsvc.exe” is sparse (flags = 32768)
File “C:\Windows\System32\sppsvc.exe” is sparse (flags = 32768)
File “C:\Windows\System32\ntdsapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\logoncli.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wbem\wbemdisp.dll” is sparse (flags = 32768)
File “C:\Windows\AppPatch\AcGenral.dll” is sparse (flags = 32768)
File “C:\Windows\AppPatch\AcGenral.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dsound.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wdmaud.drv” is sparse (flags = 32768)
File “C:\Windows\System32\ksuser.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msacm32.drv” is sparse (flags = 32768)
File “C:\Windows\System32\midimap.dll” is sparse (flags = 32768)
File “C:\Windows\System32\SensApi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\THUMBCACHE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\THUMBCACHE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\POLICYMANAGER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\SMARTSCREEN.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\SMARTSCREEN.EXE” is sparse (flags = 32768)
File “C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8we kyb3d8bbwe\MICROSOFTEDGE.EXE” is sparse (flags = 32768)
File “C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8we kyb3d8bbwe\MICROSOFTEDGE.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\BROWSER_BROKER.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\BROWSER_BROKER.EXE” is sparse (flags = 32768)
File “C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8we kyb3d8bbwe\MICROSOFTEDGECP.EXE” is sparse (flags = 32768)
File “C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8we kyb3d8bbwe\MICROSOFTEDGECP.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\INSTALLAGENT.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\INSTALLAGENT.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\SEARCHPROTOCOLHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\audiodg.exe” is sparse (flags = 32768)
File “C:\Windows\System32\audiodg.exe” is sparse (flags = 32768)
File “C:\Windows\System32\EXPLORERFRAME.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\EXPLORERFRAME.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NETWORKEXPLORER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NETWORKEXPLORER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\BACKGROUNDTASKHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\BACKGROUNDTASKHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\SysWOW64\cmd.exe” is sparse (flags = 32768)
File “C:\Windows\System32\cmdext.dll” is sparse (flags = 32768)
File “C:\Windows\System32\Macromed\Flash\FLASHUTIL_ACTI VEX.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\Macromed\Flash\FLASHUTIL_ACTI VEX.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\SEARCHFILTERHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\SysWOW64\ONEDRIVESETUP.EXE” is sparse (flags = 32768)
File “C:\Windows\SysWOW64\ONEDRIVESETUP.EXE” is sparse (flags = 32768)
File “C:\Program Files\Windows Mail\wab.exe” is sparse (flags = 32768)
File “C:\Windows\System32\credssp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\credssp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\userinit.exe” is sparse (flags = 32768)
File “C:\Windows\System32\scecli.dll” is sparse (flags = 32768)
File “C:\Windows\System32\kerberos.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wdigest.dll” is sparse (flags = 32768)
File “C:\Windows\System32\TSpkg.dll” is sparse (flags = 32768)
File “C:\Windows\System32\pku2u.dll” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\appid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\AcpiDev.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\AcpiDev.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\1394ohci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\1394ohci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\flpydisk.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\flpydisk.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mspclock.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\acpiex.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\acpi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\acpi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\isapnp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\isapnp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\acpipmi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\acpipmi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\Locator.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\amdk8.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\amdk8.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\acpipagr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\acpipagr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\acpitime.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\acpitime.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\drmkaud.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\drmkaud.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mpsdrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\afd.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\sdstor.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\sdstor.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ahcache.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BthhfHid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BthhfHid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BthHfAud.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BthHfAud.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\asyncmac.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\srv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rfcomm.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rfcomm.sys” is sparse (flags = 32768)
File “C:\Windows\System32\alg.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BASICRENDER.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BASICRENDER.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\amdppm.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\amdppm.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\irenum.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\wacompen.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\wacompen.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbccgp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbccgp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\APPLOCKERFLTR.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\APPLOCKERFLTR.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\wcnfs.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\wcifs.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\srv2.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\atapi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\atapi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\bthmodem.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\bthmodem.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BASICDISPLAY.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BASICDISPLAY.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\VMBusHID.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\VMBusHID.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\UcmCx.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\Udecx.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\Ndu.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\bthenum.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\bthenum.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\pciide.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\pciide.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\bowser.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\bthpan.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\storufs.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\storufs.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BthA2DP.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BTHAVRCPTG.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BTHAVRCPTG.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BTHLEENUM.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BTHLEENUM.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BTHHFENUM.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BTHHFENUM.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\bthport.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BTHUSB.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BTHUSB.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\volmgr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\volmgr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BUTTONCONVERTER.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BUTTONCONVERTER.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\cdfs.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\clfs.sys” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework64\v4.0.30319\S MSVCHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework64\v4.0.30319\S MSVCHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\cdrom.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\cdrom.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\circlass.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\circlass.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\registry.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mup.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\CmBatt.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\CmBatt.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\cng.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\CNGHWASSIST.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\condrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\dam.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\FILECRYPT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\FILECRYPT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vmstorfl.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vmstorfl.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\dfsc.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\disk.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\disk.sys” is sparse (flags = 32768)
File “C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STAND ARDCOLLECTOR.SERVICE.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STAND ARDCOLLECTOR.SERVICE.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\dmvsc.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\dmvsc.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\serial.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\serial.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\dxgkrnl.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\umpass.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\umpass.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\tcpip.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\EHSTORCLASS.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\EHSTORCLASS.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\EHSTORTCGDRV.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\EHSTORTCGDRV.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\errdev.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\errdev.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\fileinfo.sys” is sparse (flags = 32768)
File “C:\Windows\System32\FXSSVC.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\fdc.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\fdc.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ipfltdrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\FILETRACE.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\FILETRACE.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\fltMgr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\monitor.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\monitor.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\FSDEPENDS.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\STORQOSFLT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\STORQOSFLT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\fvevol.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\VMGENCOUNTER.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\VMGENCOUNTER.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\storvsc.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\storvsc.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ndisuio.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\MSGPIOCLX.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\GPUENERGYDRV.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\GPUENERGYDRV.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rassstp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rdbss.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hdaudbus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hdaudbus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidbatt.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidbatt.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidbth.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidbth.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidi2c.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidi2c.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\HIDINTERRUPT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\HIDINTERRUPT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidir.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidir.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidusb.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidusb.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbhub.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbhub.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\http.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\HVSERVICE.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vmgid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vmgid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hwpolicy.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hyperkbd.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hyperkbd.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ndproxy.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\i8042prt.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\i8042prt.sys” is sparse (flags = 32768)
File “C:\Windows\SysWOW64\perfhost.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\msiscsi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\msiscsi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WPDUPFLTR.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WPDUPFLTR.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\INDIRECTKMD.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\INDIRECTKMD.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mouhid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mouhid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\intelide.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\intelide.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\intelpep.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\intelpep.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\intelppm.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\intelppm.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WdFilter.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\iorate.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\scfilter.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\IPMIDrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\IPMIDrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ipnat.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\irda.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\kbdclass.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\kbdclass.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\kbdhid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ksecdd.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ksecpkg.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ksthunk.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\lltdio.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\UCMTCPCICX.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\UCMTCPCICX.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\luafv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mmcss.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mskssrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\wimmount.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mrxdav.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\modem.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mspqm.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mouclass.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mouclass.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mountmgr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rasl2tp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mrxsmb.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mrxsmb10.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mrxsmb20.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\Ucx01000.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ufx01000.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\bridge.sys” is sparse (flags = 32768)
File “C:\Windows\System32\VSSVC.exe” is sparse (flags = 32768)
File “C:\Windows\System32\msdtc.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\MSGPIOWIN32.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\MSGPIOWIN32.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\MSHIDKMDF.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\MSHIDKMDF.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\MSHIDUMDF.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\MSHIDUMDF.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\msisadrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\msisadrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mstee.sys” is sparse (flags = 32768)
File “C:\Windows\System32\msiexec.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mslldp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mssmbios.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mssmbios.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\MTConfig.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\MTConfig.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\nwifi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\nwifi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\netbios.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ndis.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ndiscap.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\NDISIMPLATFORM.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\NDISIMPLATFORM.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\tunnel.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ndistapi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ndiswan.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\NETADAPTERCX.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\NETADAPTERCX.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\netbt.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\NPSVCTRIG.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\NPSVCTRIG.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\nsiproxy.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\parport.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\parport.sys” is sparse (flags = 32768)
File “C:\Windows\System32\vds.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\partmgr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\pci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\pcw.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\pdc.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\pcmcia.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\pcmcia.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\PEAuth.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\qwavedrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\raspptp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\processr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\processr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\pacer.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rasacd.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\agilevpn.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\raspppoe.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rdpbus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rdpbus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rdpdr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rdyboost.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rspndr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vms3cap.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vms3cap.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\sbp2port.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\sbp2port.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\swenum.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\swenum.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\sdbus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\SENSORDATASERVICE.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\SerCx.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\SpbCx.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\serenum.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\serenum.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\SerCx2.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\sermouse.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\sermouse.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\URSCX01000.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\URSCX01000.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\sfloppy.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\sfloppy.sys” is sparse (flags = 32768)
File “C:\Windows\System32\snmptrap.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\SPACEPORT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\SPACEPORT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\srvnet.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\volmgrx.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\storahci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\stornvme.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\tcpipreg.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\tdx.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\tpm.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\terminpt.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vdrvroot.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vdrvroot.sys” is sparse (flags = 32768)
File “C:\Windows\System32\TIERINGENGINESERVICE.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\TIERINGENGINESERVICE.EXE” is sparse (flags = 32768)
File “C:\Windows\servicing\TRUSTEDINSTALLER.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\TsUsbFlt.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\TsUsbGD.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\TsUsbGD.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\uaspstor.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\uaspstor.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\udfs.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\uefi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\uefi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\UI0DETECT.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\UI0DETECT.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\umbus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\umbus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbcir.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbcir.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbehci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbehci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbohci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbohci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbuhci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbuhci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\USBXHCI.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\USBXHCI.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\USBHUB3.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\USBHUB3.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbprint.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbprint.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbser.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbser.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\USBSTOR.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\USBSTOR.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\VERIFIEREXT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\VERIFIEREXT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vhdmp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vhf.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vmbus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vmbus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\volsnap.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\volume.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\volume.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vpci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vsmraid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vsmraid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vwifibus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vwififlt.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vwifimp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WUDFRd.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\wanarp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\winusb.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\winusb.sys” is sparse (flags = 32768)
File “C:\Windows\System32\wbengine.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WdBoot.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\Wdf01000.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WdiWiFi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WdNisDrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\wfplwfs.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\wmiacpi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\wmiacpi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\wbem\WmiApSrv.exe” is sparse (flags = 32768)
File “C:\Program Files\Windows Media Player\wmpnetwk.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ws2ifsl.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WUDFPf.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\xusb22.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\xusb22.sys” is sparse (flags = 32768)
File “C:\Windows\System32\AJRouter.dll” is sparse (flags = 32768)
File “C:\Windows\System32\umpnpmgr.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rpcss.dll” is sparse (flags = 32768)
File “C:\Windows\System32\appinfo.dll” is sparse (flags = 32768)
File “C:\Windows\System32\appidsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\AxInstSv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dcpsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\APPREADINESS.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WALLETSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WALLETSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\audiosrv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\audiosrv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\RpcEpMap.dll” is sparse (flags = 32768)
File “C:\Windows\System32\CDPUSERSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\CDPUSERSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\dssvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\bdesvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\BFE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\XBLAUTHMANAGER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\netman.dll” is sparse (flags = 32768)
File “C:\Windows\System32\DEVICESETUPMANAGER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DEVICESETUPMANAGER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\cdpsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\umpo.dll” is sparse (flags = 32768)
File “C:\Windows\System32\qmgr.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ListSvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\lltdsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\bisrv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dhcpcore.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dhcpcore.dll” is sparse (flags = 32768)
File “C:\Windows\System32\browser.dll” is sparse (flags = 32768)
File “C:\Windows\System32\BthHFSrv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\BthHFSrv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\profsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\pnrpsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\bthserv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\provsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\das.dll” is sparse (flags = 32768)
File “C:\Windows\System32\LICENSEMANAGERSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\certprop.dll” is sparse (flags = 32768)
File “C:\Windows\System32\DMWAPPUSHSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DMWAPPUSHSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\ClipSVC.dll” is sparse (flags = 32768)
File “C:\Windows\System32\COREMESSAGING.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\COREMESSAGING.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\cryptsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\TETHERINGSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\TETHERINGSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DEFRAGSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DEFRAGSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WPNUSERSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WPNUSERSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DEVQUERYBROKER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DEVQUERYBROKER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\wscsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WsmSvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WsmSvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wersvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wecsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wcmsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wkssvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dot3svc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\DIAGTRACK.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DIAGTRACK.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.D LL” is sparse (flags = 32768)
File “C:\Windows\System32\fdPHost.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dnsrslvr.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dnsrslvr.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dps.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WERCPLSUPPORT.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WERCPLSUPPORT.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\eapsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\efssvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\EMBEDDEDMODESVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\EMBEDDEDMODESVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\FntCache.dll” is sparse (flags = 32768)
File “C:\Windows\System32\FntCache.dll” is sparse (flags = 32768)
File “C:\Windows\System32\es.dll” is sparse (flags = 32768)
File “C:\Windows\System32\sdrsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\FRAMESERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\FRAMESERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\srvsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\FDResPub.dll” is sparse (flags = 32768)
File “C:\Windows\System32\upnphost.dll” is sparse (flags = 32768)
File “C:\Windows\System32\fhsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\fhsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\gpsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\hidserv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\HVHOSTSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\HVHOSTSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\IKEEXT.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\iphlpsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\iphlpsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\irmon.dll” is sparse (flags = 32768)
File “C:\Windows\System32\keyiso.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msdtckrm.dll” is sparse (flags = 32768)
File “C:\Windows\System32\lfsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\lmhsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ipnathlp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ipnathlp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\lsm.dll” is sparse (flags = 32768)
File “C:\Windows\System32\moshost.dll” is sparse (flags = 32768)
File “C:\Windows\System32\MESSAGINGSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\MESSAGINGSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\MPSSVC.dll” is sparse (flags = 32768)
File “C:\Windows\System32\iscsiexe.dll” is sparse (flags = 32768)
File “C:\Windows\System32\iscsiexe.dll” is sparse (flags = 32768)
File “C:\Windows\System32\nsisvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\nlasvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ngcsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\NcaSvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\NCDAUTOSETUP.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NCDAUTOSETUP.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NCBSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NCBSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\netlogon.dll” is sparse (flags = 32768)
File “C:\Windows\System32\trkwks.dll” is sparse (flags = 32768)
File “C:\Windows\System32\NETPROFMSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NETPROFMSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NETSETUPSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NETSETUPSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\icsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\NGCCTNRSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NGCCTNRSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\APHOSTSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\APHOSTSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\pcasvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\pcasvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\p2psvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\PHONESERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\PIMINDEXMAINTENANCE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\pla.dll” is sparse (flags = 32768)
File “C:\Windows\System32\pnrpauto.dll” is sparse (flags = 32768)
File “C:\Windows\System32\icsvcext.dll” is sparse (flags = 32768)
File “C:\Windows\System32\IPSECSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\qwave.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rasauto.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rasmans.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mprdim.dll” is sparse (flags = 32768)
File “C:\Windows\System32\regsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\RDXSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\RMapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\schedsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\SCardSvr.dll” is sparse (flags = 32768)
File “C:\Windows\System32\XBLGAMESAVE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\XBLGAMESAVE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\SCDEVICEENUM.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\SCDEVICEENUM.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\seclogon.dll” is sparse (flags = 32768)
File “C:\Windows\System32\Sens.dll” is sparse (flags = 32768)
File “C:\Windows\System32\SENSORSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\sensrsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\SessEnv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\shsvcs.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAG ER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAG ER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\TILEOBJSERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\TILEOBJSERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\smphost.dll” is sparse (flags = 32768)
File “C:\Windows\System32\SMSROUTERSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\SMSROUTERSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\StorSvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\sstpsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ssdpsrv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wiaservc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\svsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\swprv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\sysmain.dll” is sparse (flags = 32768)
File “C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\TabSvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\termsrv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\tapisrv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\THEMESERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\THEMESERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\TIMEBROKERSERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\TIMEBROKERSERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\TZAUTOUPDATE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\umrdp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\Unistore.dll” is sparse (flags = 32768)
File “C:\Windows\System32\USERDATASERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\USERDATASERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\usermgr.dll” is sparse (flags = 32768)
File “C:\Windows\System32\usocore.dll” is sparse (flags = 32768)
File “C:\Windows\System32\vaultsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\w32time.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wbiosrvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wbiosrvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wwansvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WUDFSvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wlidsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wlidsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wlansvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wcncsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wdi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WebClnt.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WEPHOSTSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WEPHOSTSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\wiarpc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wbem\WMIsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\FLIGHTSETTINGS.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\FLIGHTSETTINGS.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WORKFOLDERSSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WORKFOLDERSSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WPDBUSENUM.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WPDBUSENUM.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WPNSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WPNSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\wuaueng.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wuaueng.dll” is sparse (flags = 32768)
File “C:\Windows\System32\XBOXNETAPISVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\XBOXNETAPISVC.DLL” is sparse (flags = 32768)
File “C:\Program Files\Windows Mail\WinMail.exe” is sparse (flags = 32768)
File “C:\Windows\System32\unregmp2.exe” is sparse (flags = 32768)
File “C:\Windows\System32\unregmp2.exe” is sparse (flags = 32768)
File “C:\Windows\System32\ie4uinit.exe” is sparse (flags = 32768)
File “C:\Windows\SysWOW64\rundll32.exe” is sparse (flags = 32768)
File “C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.79” is compressed (flags = 1)
File “C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.79” is compressed (flags = 1)
File “C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.79” is compressed (flags = 1)
File “C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.7C” is compressed (flags = 1)
File “C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.83” is compressed (flags = 1)
File “C:\Users\Ivan Reyes Ortega\AppData\Local\Comms\UnistoreDB\store.vol” is sparse (flags = 32768)
File “C:\Windows\System32\config\systemprofile\AppData\ Local\DataSharing\Storage\DSTokenDB2.dat” is sparse (flags = 32768)[/HEADING]
[HEADING=1]Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.447.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 6322003968, free: 4115992576
Downloaded database version: v2016.11.30.03
Downloaded database version: v2016.11.30.04
Downloaded database version: v2016.11.30.05
Downloaded database version: v2016.11.30.06
Downloaded database version: v2016.11.30.07
Downloaded database version: v2016.11.30.08
Downloaded database version: v2016.11.30.09
Downloaded database version: v2016.11.30.10
Initializing…[/HEADING]
[HEADING=1]Driver version: 0.3.0.4
------------ Kernel report ------------
11/30/2016 15:11:07
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy .sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
??\C:\WINDOWS\System32\drivers\zamguard64.sys
??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\Hamdrv.sys
\SystemRoot\System32\DriverStore\FileRepository\co mpositebus.inf_amd64_a140581a8f8b58b7\CompositeBus .sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\libusb0.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\drivers\WinUSB.SYS
\SystemRoot\System32\drivers\usbscan.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\bcbtums.sys
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\drivers\rtwlanu_oldIC.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\Drivers\VMC412.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\system32\drivers\BthA2DP.sys
\SystemRoot\system32\drivers\btampm.sys
\SystemRoot\System32\drivers\BthAvrcpTg.sys
\SystemRoot\System32\drivers\bthhfenum.sys
\SystemRoot\System32\drivers\hidbth.sys
\SystemRoot\system32\DRIVERS\BthHfAud.sys
\SystemRoot\System32\drivers\BthHFHid.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
??\C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates{F77479EC-B37D-446D-AA9A-BDB22F748F76}\MpKslDrv.sys
??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2016.11.30.10
rootkit: v2016.11.20.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff998ad30bf060, DeviceName: \Device\Harddisk0\DR0, DriverName: \Driver\disk
--------- Disk Stack ------
DevicePointer: 0xffff998ad30bfae0, DeviceName: Unknown, DriverName: \Driver\partmgr
DevicePointer: 0xffff998ad30bf060, DeviceName: \Device\Harddisk0\DR0, DriverName: \Driver\disk
DevicePointer: 0xffff998acff8fab0, DeviceName: Unknown, DriverName: \Driver\ACPI
DevicePointer: 0xffff998acff8b060, DeviceName: \Device\00000029, DriverName: \Driver\iaStorA
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0, DriverName: \Driver\disk
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers…
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0…
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 1B3DE834
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3327256683
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 60b89d9d-52e-4f73-8220-e0792bdb1cb5
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3327256683
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 60b89d9d-52e-4f73-8220-e0792bdb1cb5
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 4b21a05d-e898-415e-83fc-5f3b9a8c77f
FirstLBA 2048 Last LBA 2050047
Attributes 1
Partition Name
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 74b99b7d-11-4808-bff-dfb0fb96717c
FirstLBA 2050048 Last LBA 2582527
Attributes 0
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
Partition ID e331c708-877a-42b0-a26e-b01daac248a8
FirstLBA 2582528 Last LBA 3606527
Attributes 1
Partition Name
Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID d74b076d-cf80-41cf-9590-94f1489131e
FirstLBA 3606528 Last LBA 3868671
Attributes 0
Partition Name Microsoft reserved partition
Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 4fa1e888-db2c-42af-89f8-e35793ba8e5
FirstLBA 3868672 Last LBA 1901402111
Attributes 0
Partition Name Basic data partition
Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 8d41c442-39b4-4a5e-a85f-684c8ff09515
FirstLBA 1901402112 Last LBA 1902323711
Attributes 1
Partition Name
Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID e2b4d-775e-4b4e-a0af-d5b1557ea6d5
FirstLBA 1902323712 Last LBA 1953523711
Attributes 1
Partition Name
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
File “C:\Windows\System32\KERNELBASE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\KERNELBASE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\apphelp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\psapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\user32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\user32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\win32u.dll” is sparse (flags = 32768)
File “C:\Windows\System32\win32u.dll” is sparse (flags = 32768)
File “C:\Windows\System32\gdi32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\GDI32FULL.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\GDI32FULL.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\advapi32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msvcrt.dll” is sparse (flags = 32768)
File “C:\Windows\System32\sechost.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rpcrt4.dll” is sparse (flags = 32768)
File “C:\Windows\System32\sspicli.dll” is sparse (flags = 32768)
File “C:\Windows\System32\CRYPTBASE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\CRYPTBASE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\BCRYPTPRIMITIVES.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\BCRYPTPRIMITIVES.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\imm32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\shlwapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\combase.dll” is sparse (flags = 32768)
File “C:\Windows\System32\combase.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ucrtbase.dll” is sparse (flags = 32768)
File “C:\Windows\System32\shell32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\shell32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\version.dll” is sparse (flags = 32768)
File “C:\Windows\System32\cfgmgr32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.STORAGE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.STORAGE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\powrprof.dll” is sparse (flags = 32768)
File “C:\Windows\System32\KERNEL.APPCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\KERNEL.APPCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\SHCore.dll” is sparse (flags = 32768)
File “C:\Windows\System32\profapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ole32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ole32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wintrust.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wintrust.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msasn1.dll” is sparse (flags = 32768)
File “C:\Windows\System32\crypt32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\crypt32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\imagehlp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wininet.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wininet.dll” is sparse (flags = 32768)
File “C:\Windows\System32\netapi32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\userenv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mpr.dll” is sparse (flags = 32768)
File “C:\Windows\System32\sfc_os.dll” is sparse (flags = 32768)
File “C:\Windows\System32\netutils.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ws2_32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\comdlg32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\comdlg32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\oleaut32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\oleaut32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\MSVCP_WIN.DLL” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507 ded2cb4f7f4c\comctl32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\winmm.dll” is sparse (flags = 32768)
File “C:\Windows\System32\winspool.drv” is sparse (flags = 32768)
File “C:\Windows\System32\WINMMBASE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WINMMBASE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\bcrypt.dll” is sparse (flags = 32768)
File “C:\Windows\System32\cryptsp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rsaenh.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wkscli.dll” is sparse (flags = 32768)
File “C:\Windows\System32\cscapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\uxtheme.dll” is sparse (flags = 32768)
File “C:\Windows\System32\iertutil.dll” is sparse (flags = 32768)
File “C:\Windows\System32\iertutil.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\IPHLPAPI.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\winhttp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mswsock.dll” is sparse (flags = 32768)
File “C:\Windows\System32\nsi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\winnsi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dnsapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\urlmon.dll” is sparse (flags = 32768)
File “C:\Windows\System32\urlmon.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rasadhlp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\FWPUCLNT.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\msctf.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msctf.dll” is sparse (flags = 32768)
File “C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dwmapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ntmarta.dll” is sparse (flags = 32768)
File “C:\Windows\System32\clbcatq.dll” is sparse (flags = 32768)
File “C:\Windows\System32\propsys.dll” is sparse (flags = 32768)
File “C:\Windows\System32\coml2.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mssprxy.dll” is sparse (flags = 32768)
File “C:\Windows\System32\linkinfo.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ntshrui.dll” is sparse (flags = 32768)
File “C:\Windows\System32\srvcli.dll” is sparse (flags = 32768)
File “C:\Windows\System32\UIAUTOMATIONCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\UIAUTOMATIONCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\sxs.dll” is sparse (flags = 32768)
File “C:\Windows\System32\oleacc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\oleacc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\twinapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\TWINAPI.APPCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\TWINAPI.APPCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\ninput.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64 d28dafea4b9\comctl32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wtsapi32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\winsta.dll” is sparse (flags = 32768)
File “C:\Windows\System32\smss.exe” is sparse (flags = 32768)
File “C:\Windows\System32\csrss.exe” is sparse (flags = 32768)
File “C:\Windows\System32\wininit.exe” is sparse (flags = 32768)
File “C:\Windows\System32\winlogon.exe” is sparse (flags = 32768)
File “C:\Windows\System32\winlogon.exe” is sparse (flags = 32768)
File “C:\Windows\System32\services.exe” is sparse (flags = 32768)
File “C:\Windows\System32\lsass.exe” is sparse (flags = 32768)
File “C:\Windows\System32\svchost.exe” is sparse (flags = 32768)
File “C:\Windows\System32\dwm.exe” is sparse (flags = 32768)
File “C:\Windows\System32\dasHost.exe” is sparse (flags = 32768)
File “C:\Windows\System32\spoolsv.exe” is sparse (flags = 32768)
File “C:\Windows\System32\avrt.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msacm32.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9 a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvc r80.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9 a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvc r90.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wevtapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dpapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\setupapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mscoree.dll” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\msc oreei.dll” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr .dll” is sparse (flags = 32768)
File “C:\Windows\System32\MSVCR120_CLR0400.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\MSVCR120_CLR0400.DLL” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\ms corlib\40571abae9422cd2ca6fafbbde1c3cdc\mscorlib.n i.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem\08da6b6698b412866e6910ae9b84f363\System.ni.dl l” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr jit.dll” is sparse (flags = 32768)
File “C:\Windows\SysWOW64\svchost.exe” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9 a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvc p90.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wldp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\shfolder.dll” is sparse (flags = 32768)
File “C:\Windows\System32\devobj.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Core\f6ebd52be27fe627fed0d185c6a9c0d5\System. Core.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Configuration\aa9c29b70b4cceab890eb841f89d73e 9\System.Configuration.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Xml\7532301b00fac8def2f526ca8b480e11\System.X ml.ni.dll” is sparse (flags = 32768)
File “C:\Windows\System32\httpapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wshqos.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WSHTCPIP.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\wship6.dll” is sparse (flags = 32768)
File “C:\Program Files\Windows Defender\MsMpEng.exe” is sparse (flags = 32768)
File “C:\Windows\System32\msxml3.dll” is sparse (flags = 32768)
File “C:\Program Files\Windows Defender\NisSrv.exe” is sparse (flags = 32768)
File “C:\Windows\System32\sihost.exe” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRE SENTATIONFONTCACHE.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\TASKHOSTW.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\RUNTIMEBROKER.EXE” is sparse (flags = 32768)
File “C:\Windows\explorer.exe” is sparse (flags = 32768)
File “C:\Windows\explorer.exe” is sparse (flags = 32768)
File “C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2 txyewy\SHELLEXPERIENCEHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2 txyewy\SHELLEXPERIENCEHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\SystemApps\Microsoft.Windows.Cortana_c w5n1h2txyewy\SearchUI.exe” is sparse (flags = 32768)
File “C:\Windows\SystemApps\Microsoft.Windows.Cortana_c w5n1h2txyewy\SearchUI.exe” is sparse (flags = 32768)
File “C:\Windows\System32\SEARCHINDEXER.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\devenum.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msdmo.dll” is sparse (flags = 32768)
File “C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe” is sparse (flags = 32768)
File “C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe” is sparse (flags = 32768)
File “C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe” is sparse (flags = 32768)
File “C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe” is sparse (flags = 32768)
File “C:\Windows\System32\SETTINGSYNCHOST.EXE” is sparse (flags = 32768)
Scan Interrupted
File “C:\Program Files\Windows Defender\MSASCuiL.exe” is sparse (flags = 32768)
Scan was aborted.[/HEADING]
[HEADING=1]Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes’ Anti-Malware (portable)\MBR-0-i.mbam…
Removing C:\ProgramData\Malwarebytes’ Anti-Malware (portable)\MBR-0-r.mbam…
Removal finished[/HEADING]
[HEADING=1]Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.447.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 6322003968, free: 3949359104
Initializing…[/HEADING]
Driver version: 0.3.0.4
------------ Kernel report ------------
11/30/2016 15:17:35
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy .sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
??\C:\WINDOWS\System32\drivers\zamguard64.sys
??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\Hamdrv.sys
\SystemRoot\System32\DriverStore\FileRepository\co mpositebus.inf_amd64_a140581a8f8b58b7\CompositeBus .sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\libusb0.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\drivers\WinUSB.SYS
\SystemRoot\System32\drivers\usbscan.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\bcbtums.sys
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\drivers\rtwlanu_oldIC.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\Drivers\VMC412.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\system32\drivers\BthA2DP.sys
\SystemRoot\system32\drivers\btampm.sys
\SystemRoot\System32\drivers\BthAvrcpTg.sys
\SystemRoot\System32\drivers\bthhfenum.sys
\SystemRoot\System32\drivers\hidbth.sys
\SystemRoot\system32\DRIVERS\BthHfAud.sys
\SystemRoot\System32\drivers\BthHFHid.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
??\C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates{F77479EC-B37D-446D-AA9A-BDB22F748F76}\MpKslDrv.sys
??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2016.11.30.10
rootkit: v2016.11.20.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff998ad30bf060, DeviceName: \Device\Harddisk0\DR0, DriverName: \Driver\disk
--------- Disk Stack ------
DevicePointer: 0xffff998ad30bfae0, DeviceName: Unknown, DriverName: \Driver\partmgr
DevicePointer: 0xffff998ad30bf060, DeviceName: \Device\Harddisk0\DR0, DriverName: \Driver\disk
DevicePointer: 0xffff998acff8fab0, DeviceName: Unknown, DriverName: \Driver\ACPI
DevicePointer: 0xffff998acff8b060, DeviceName: \Device\00000029, DriverName: \Driver\iaStorA
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0, DriverName: \Driver\disk
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers…
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0…
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 1B3DE834
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3327256683
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 60b89d9d-52e-4f73-8220-e0792bdb1cb5
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3327256683
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 60b89d9d-52e-4f73-8220-e0792bdb1cb5
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 4b21a05d-e898-415e-83fc-5f3b9a8c77f
FirstLBA 2048 Last LBA 2050047
Attributes 1
Partition Name
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 74b99b7d-11-4808-bff-dfb0fb96717c
FirstLBA 2050048 Last LBA 2582527
Attributes 0
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
Partition ID e331c708-877a-42b0-a26e-b01daac248a8
FirstLBA 2582528 Last LBA 3606527
Attributes 1
Partition Name
Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID d74b076d-cf80-41cf-9590-94f1489131e
FirstLBA 3606528 Last LBA 3868671
Attributes 0
Partition Name Microsoft reserved partition
Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 4fa1e888-db2c-42af-89f8-e35793ba8e5
FirstLBA 3868672 Last LBA 1901402111
Attributes 0
Partition Name Basic data partition
Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 8d41c442-39b4-4a5e-a85f-684c8ff09515
FirstLBA 1901402112 Last LBA 1902323711
Attributes 1
Partition Name
Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID e2b4d-775e-4b4e-a0af-d5b1557ea6d5
FirstLBA 1902323712 Last LBA 1953523711
Attributes 1
Partition Name
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
File “C:\Windows\System32\KERNELBASE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\KERNELBASE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\apphelp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\psapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\user32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\user32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\win32u.dll” is sparse (flags = 32768)
File “C:\Windows\System32\win32u.dll” is sparse (flags = 32768)
File “C:\Windows\System32\gdi32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\GDI32FULL.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\GDI32FULL.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\advapi32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msvcrt.dll” is sparse (flags = 32768)
File “C:\Windows\System32\sechost.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rpcrt4.dll” is sparse (flags = 32768)
File “C:\Windows\System32\sspicli.dll” is sparse (flags = 32768)
File “C:\Windows\System32\CRYPTBASE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\CRYPTBASE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\BCRYPTPRIMITIVES.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\BCRYPTPRIMITIVES.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\imm32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\shlwapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\combase.dll” is sparse (flags = 32768)
File “C:\Windows\System32\combase.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ucrtbase.dll” is sparse (flags = 32768)
File “C:\Windows\System32\shell32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\shell32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\cfgmgr32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\version.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.STORAGE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.STORAGE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\powrprof.dll” is sparse (flags = 32768)
File “C:\Windows\System32\KERNEL.APPCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\KERNEL.APPCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\SHCore.dll” is sparse (flags = 32768)
File “C:\Windows\System32\profapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ole32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ole32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wintrust.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wintrust.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msasn1.dll” is sparse (flags = 32768)
File “C:\Windows\System32\crypt32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\crypt32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\imagehlp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wininet.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wininet.dll” is sparse (flags = 32768)
File “C:\Windows\System32\netapi32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ws2_32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\userenv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mpr.dll” is sparse (flags = 32768)
File “C:\Windows\System32\comdlg32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\comdlg32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\oleaut32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\oleaut32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\MSVCP_WIN.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\sfc_os.dll” is sparse (flags = 32768)
File “C:\Windows\System32\winmm.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507 ded2cb4f7f4c\comctl32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\winspool.drv” is sparse (flags = 32768)
File “C:\Windows\System32\netutils.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WINMMBASE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WINMMBASE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\bcrypt.dll” is sparse (flags = 32768)
File “C:\Windows\System32\cryptsp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rsaenh.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wkscli.dll” is sparse (flags = 32768)
File “C:\Windows\System32\cscapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\uxtheme.dll” is sparse (flags = 32768)
File “C:\Windows\System32\iertutil.dll” is sparse (flags = 32768)
File “C:\Windows\System32\iertutil.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\IPHLPAPI.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\winhttp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\nsi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mswsock.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dnsapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\winnsi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\urlmon.dll” is sparse (flags = 32768)
File “C:\Windows\System32\urlmon.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rasadhlp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\FWPUCLNT.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\msctf.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msctf.dll” is sparse (flags = 32768)
File “C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dwmapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ntmarta.dll” is sparse (flags = 32768)
File “C:\Windows\System32\clbcatq.dll” is sparse (flags = 32768)
File “C:\Windows\System32\UIAUTOMATIONCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\UIAUTOMATIONCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\sxs.dll” is sparse (flags = 32768)
File “C:\Windows\System32\oleacc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\oleacc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\twinapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\TWINAPI.APPCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\TWINAPI.APPCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\wtsapi32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\winsta.dll” is sparse (flags = 32768)
File “C:\Windows\System32\propsys.dll” is sparse (flags = 32768)
File “C:\Windows\System32\coml2.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mssprxy.dll” is sparse (flags = 32768)
File “C:\Windows\System32\linkinfo.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ntshrui.dll” is sparse (flags = 32768)
File “C:\Windows\System32\srvcli.dll” is sparse (flags = 32768)
File “C:\Windows\System32\smss.exe” is sparse (flags = 32768)
File “C:\Windows\System32\csrss.exe” is sparse (flags = 32768)
File “C:\Windows\System32\wininit.exe” is sparse (flags = 32768)
File “C:\Windows\System32\winlogon.exe” is sparse (flags = 32768)
File “C:\Windows\System32\winlogon.exe” is sparse (flags = 32768)
File “C:\Windows\System32\services.exe” is sparse (flags = 32768)
File “C:\Windows\System32\lsass.exe” is sparse (flags = 32768)
File “C:\Windows\System32\svchost.exe” is sparse (flags = 32768)
File “C:\Windows\System32\dwm.exe” is sparse (flags = 32768)
File “C:\Windows\System32\dasHost.exe” is sparse (flags = 32768)
File “C:\Windows\System32\spoolsv.exe” is sparse (flags = 32768)
File “C:\Windows\System32\avrt.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msacm32.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9 a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvc r80.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9 a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvc r90.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wevtapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dpapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\setupapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mscoree.dll” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\msc oreei.dll” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr .dll” is sparse (flags = 32768)
File “C:\Windows\System32\MSVCR120_CLR0400.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\MSVCR120_CLR0400.DLL” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\ms corlib\40571abae9422cd2ca6fafbbde1c3cdc\mscorlib.n i.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem\08da6b6698b412866e6910ae9b84f363\System.ni.dl l” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr jit.dll” is sparse (flags = 32768)
File “C:\Windows\SysWOW64\svchost.exe” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9 a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvc p90.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wldp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\shfolder.dll” is sparse (flags = 32768)
File “C:\Windows\System32\devobj.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Core\f6ebd52be27fe627fed0d185c6a9c0d5\System. Core.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Configuration\aa9c29b70b4cceab890eb841f89d73e 9\System.Configuration.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Xml\7532301b00fac8def2f526ca8b480e11\System.X ml.ni.dll” is sparse (flags = 32768)
File “C:\Windows\System32\httpapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wshqos.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WSHTCPIP.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\wship6.dll” is sparse (flags = 32768)
File “C:\Program Files\Windows Defender\MsMpEng.exe” is sparse (flags = 32768)
File “C:\Windows\System32\msxml3.dll” is sparse (flags = 32768)
File “C:\Program Files\Windows Defender\NisSrv.exe” is sparse (flags = 32768)
File “C:\Windows\System32\sihost.exe” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRE SENTATIONFONTCACHE.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\TASKHOSTW.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\RUNTIMEBROKER.EXE” is sparse (flags = 32768)
File “C:\Windows\explorer.exe” is sparse (flags = 32768)
File “C:\Windows\explorer.exe” is sparse (flags = 32768)
File “C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2 txyewy\SHELLEXPERIENCEHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2 txyewy\SHELLEXPERIENCEHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\SystemApps\Microsoft.Windows.Cortana_c w5n1h2txyewy\SearchUI.exe” is sparse (flags = 32768)
File “C:\Windows\SystemApps\Microsoft.Windows.Cortana_c w5n1h2txyewy\SearchUI.exe” is sparse (flags = 32768)
File “C:\Windows\System32\SEARCHINDEXER.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\devenum.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msdmo.dll” is sparse (flags = 32768)
File “C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe” is sparse (flags = 32768)
File “C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe” is sparse (flags = 32768)
File “C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe” is sparse (flags = 32768)
File “C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe” is sparse (flags = 32768)
File “C:\Windows\System32\SETTINGSYNCHOST.EXE” is sparse (flags = 32768)
File “C:\Program Files\Windows Defender\MSASCuiL.exe” is sparse (flags = 32768)
File “C:\Windows\System32\fltLib.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64 d28dafea4b9\comctl32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dhcpcsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dhcpcsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\Faultrep.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dbghelp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dbgcore.dll” is sparse (flags = 32768)
File “C:\Windows\System32\security.dll” is sparse (flags = 32768)
File “C:\Windows\System32\secur32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\gpapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\gpapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\riched20.dll” is sparse (flags = 32768)
File “C:\Windows\System32\usp10.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msls31.dll” is sparse (flags = 32768)
File “C:\Windows\System32\DATAEXCHANGE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DATAEXCHANGE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\dcomp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\d3d11.dll” is sparse (flags = 32768)
File “C:\Windows\System32\d3d11.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dxgi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\edputil.dll” is sparse (flags = 32768)
File “C:\Windows\System32\pcacli.dll” is sparse (flags = 32768)
File “C:\Windows\System32\devrtl.dll” is sparse (flags = 32768)
File “C:\Windows\System32\idndl.dll” is sparse (flags = 32768)
File “C:\Windows\System32\normaliz.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ieframe.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ieframe.dll” is sparse (flags = 32768)
File “C:\Windows\System32\DHCPCSVC6.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DHCPCSVC6.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\cryptnet.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wbem\wbemprox.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wbemcomn.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wbem\wbemsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wbem\fastprox.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mstask.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wsock32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wer.dll” is sparse (flags = 32768)
File “C:\Windows\System32\xmllite.dll” is sparse (flags = 32768)
File “C:\Windows\System32\loadperf.dll” is sparse (flags = 32768)
File “C:\Windows\System32\pdh.dll” is sparse (flags = 32768)
File “C:\Windows\System32\cabinet.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ncrypt.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ntasn1.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6 595b64144ccf1df_1.1.14393.321_none_baab3cb4359688b 4\GdiPlus.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mlang.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msxml6.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msxml6.dll” is sparse (flags = 32768)
File “C:\Windows\System32\webio.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVI TY.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVI TY.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WinTypes.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WinTypes.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ONECOREUAPCOMMONPROXYSTUB.DLL ” is sparse (flags = 32768)
File “C:\Windows\System32\ONECOREUAPCOMMONPROXYSTUB.DLL ” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Drawing\c2abcda8f96d67fa6ff5665fd21dddff\Syst em.Drawing.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Windows.Forms\c02fbf560e52a1aab432a90d4c613af 4\System.Windows.Forms.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Management\a280fac0c231c9d6d5f1274c2180d594\S ystem.Management.ni.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wbem\wmiutils.dll” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMI NET_UTILS.DLL” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMI NET_UTILS.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\d3d9.dll” is sparse (flags = 32768)
File “C:\Windows\System32\d3d9.dll” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\PER FCOUNTER.DLL” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\PER FCOUNTER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\LOCATIONAPI.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\LOCATIONAPI.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\MSVCP110_WIN.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\MSVCP110_WIN.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\rasman.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rasapi32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rtutils.dll” is sparse (flags = 32768)
File “C:\Windows\System32\schannel.dll” is sparse (flags = 32768)
File “C:\Windows\System32\MSKEYPROTECT.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\MSKEYPROTECT.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NCRYPTSSLP.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NCRYPTSSLP.DLL” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIA SYMREADER.DLL” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIA SYMREADER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\LOCATIONFRAMEWORKPS.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\LOCATIONFRAMEWORKPS.DLL” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Web\b5bd1926660d2d17f74fd4ee135f4c4b\System.W eb.ni.dll” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\WEB ENGINE4.DLL” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\WEB ENGINE4.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\cryptui.dll” is sparse (flags = 32768)
File “C:\Windows\System32\samcli.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWSCODECS.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWSCODECS.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\wbem\WmiPrvSE.exe” is sparse (flags = 32768)
File “C:\Windows\System32\msiltcfg.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rundll32.exe” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v2.0.50727\msc orwks.dll” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v2.0.50727\msc orjit.dll” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMI NET_UTILS.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DWrite.dll” is sparse (flags = 32768)
File “C:\Windows\System32\DWrite.dll” is sparse (flags = 32768)
File “C:\Windows\System32\MMDevAPI.dll” is sparse (flags = 32768)
File “C:\Windows\System32\AudioSes.dll” is sparse (flags = 32768)
File “C:\Windows\System32\AudioSes.dll” is sparse (flags = 32768)
File “C:\Windows\System32\oledlg.dll” is sparse (flags = 32768)
File “C:\Windows\System32\hid.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9 a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc8 0u.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9 a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvc p80.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b 3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\m fc80ENU.dll” is sparse (flags = 32768)
File “C:\Windows\System32\riched32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wmp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wmp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\MFPERFHELPER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\MFPERFHELPER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WMVCORE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WMASF.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\mfplat.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mfplat.dll” is sparse (flags = 32768)
File “C:\Windows\System32\RTWorkQ.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wmploc.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\wiadss.dll” is sparse (flags = 32768)
File “C:\Windows\System32\sti.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wiatrace.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msimg32.dll” is sparse (flags = 32768)
File “C:\Windows\System32\nlaapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\nlaapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\atlthunk.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mscms.dll” is sparse (flags = 32768)
File “C:\Windows\AppPatch\AcLayers.dll” is sparse (flags = 32768)
File “C:\Windows\AppPatch\AcLayers.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.ServiceModel\a390fa28b40e5b0bfd357371211f470d \System.ServiceModel.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\SM Diagnostics\1b144b0155aa14719ac0b83f038abbd5\SMDia gnostics.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Servd1dec626#\d842ac6dc0b94d7516b2d43a62b8f4d 7\System.ServiceModel.Internals.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Runteb92aa12#\213003369298faf75651a6b8981dce1 2\System.Runtime.Serialization.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Servf73e6522#\3e5136588f123be6d20335e2596424c 4\System.ServiceModel.Web.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.IdentityModel\5802392cd3e3a6f3921aabc3241bb56 1\System.IdentityModel.ni.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msv1_0.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msv1_0.dll” is sparse (flags = 32768)
File “C:\Windows\System32\NTLMSHARED.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\cryptdll.dll” is sparse (flags = 32768)
File “C:\Windows\System32\FONTDRVHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\FONTDRVHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\taskschd.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dssenh.dll” is sparse (flags = 32768)
File “C:\Windows\System32\APPLICATIONFRAMEHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\APPLICATIONFRAMEHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\LOCATIONNOTIFICATIONWINDOWS.E XE” is sparse (flags = 32768)
File “C:\Windows\System32\LOCATIONNOTIFICATIONWINDOWS.E XE” is sparse (flags = 32768)
File “C:\Windows\System32\netprofm.dll” is sparse (flags = 32768)
File “C:\Windows\System32\npmproxy.dll” is sparse (flags = 32768)
File “C:\Windows\System32\actxprxy.dll” is sparse (flags = 32768)
File “C:\Windows\System32\jsproxy.dll” is sparse (flags = 32768)
File “C:\Windows\System32\NapiNSP.dll” is sparse (flags = 32768)
File “C:\Windows\System32\pnrpnsp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\winrnr.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wshbth.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wshbth.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Web.28b9ef5a#\6ef777676757b8f23c86111711f2654 5\System.Web.Extensions.ni.dll” is sparse (flags = 32768)
File “C:\Windows\System32\conhost.exe” is sparse (flags = 32768)
File “C:\Windows\System32\srclient.dll” is sparse (flags = 32768)
File “C:\Windows\System32\spp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\vssapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\vsstrace.dll” is sparse (flags = 32768)
File “C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9 a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvc m90.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Sy stem.Data\2b901873687e343684064998783c1f8d\System. Data.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi ndowsBase\5751e969e4789e60d3ad463cb6024006\Windows Base.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Pr esentationCore\051a282e157a228405b2e0d867c3ce1d\Pr esentationCore.ni.dll” is sparse (flags = 32768)
File “C:\Windows\assembly\NativeImages_v4.0.30319_32\Pr esentatio5ae0f00f#\5272cb4aeec65bec2fffb45e9cb2291 0\PresentationFramework.ni.dll” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF \WPFGFX_V0400.DLL” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF \WPFGFX_V0400.DLL” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF \PRESENTATIONNATIVE_V0400.DLL” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF \PRESENTATIONNATIVE_V0400.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\dllhost.exe” is sparse (flags = 32768)
File “C:\Windows\ImmersiveControlPanel\SYSTEMSETTINGS.E XE” is sparse (flags = 32768)
File “C:\Windows\ImmersiveControlPanel\SYSTEMSETTINGS.E XE” is sparse (flags = 32768)
File “C:\Windows\System32\audiodg.exe” is sparse (flags = 32768)
File “C:\Windows\System32\audiodg.exe” is sparse (flags = 32768)
File “C:\Windows\System32\SMARTSCREEN.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\SMARTSCREEN.EXE” is sparse (flags = 32768)
File “C:\Program Files\Windows Defender\MpCmdRun.exe” is sparse (flags = 32768)
File “C:\Windows\System32\SEARCHPROTOCOLHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\SEARCHFILTERHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\SysWOW64\ONEDRIVESETUP.EXE” is sparse (flags = 32768)
File “C:\Windows\SysWOW64\ONEDRIVESETUP.EXE” is sparse (flags = 32768)
File “C:\Program Files\Windows Mail\wab.exe” is sparse (flags = 32768)
File “C:\Windows\System32\credssp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\credssp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\userinit.exe” is sparse (flags = 32768)
File “C:\Windows\System32\scecli.dll” is sparse (flags = 32768)
File “C:\Windows\System32\kerberos.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wdigest.dll” is sparse (flags = 32768)
File “C:\Windows\System32\TSpkg.dll” is sparse (flags = 32768)
File “C:\Windows\System32\pku2u.dll” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\appid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\AcpiDev.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\AcpiDev.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\1394ohci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\1394ohci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\flpydisk.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\flpydisk.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mspclock.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\acpiex.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\acpi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\acpi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\isapnp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\isapnp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\acpipmi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\acpipmi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\Locator.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\amdk8.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\amdk8.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\acpipagr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\acpipagr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\acpitime.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\acpitime.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\drmkaud.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\drmkaud.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mpsdrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\afd.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\sdstor.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\sdstor.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ahcache.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BthhfHid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BthhfHid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BthHfAud.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BthHfAud.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\asyncmac.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\srv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rfcomm.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rfcomm.sys” is sparse (flags = 32768)
File “C:\Windows\System32\alg.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BASICRENDER.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BASICRENDER.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\amdppm.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\amdppm.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\irenum.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\wacompen.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\wacompen.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbccgp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbccgp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\APPLOCKERFLTR.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\APPLOCKERFLTR.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\wcnfs.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\wcifs.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\srv2.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\atapi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\atapi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\bthmodem.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\bthmodem.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BASICDISPLAY.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BASICDISPLAY.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\VMBusHID.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\VMBusHID.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\UcmCx.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\Udecx.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\Ndu.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\bthenum.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\bthenum.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\pciide.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\pciide.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\bowser.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\bthpan.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\storufs.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\storufs.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BthA2DP.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BTHAVRCPTG.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BTHAVRCPTG.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BTHLEENUM.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BTHLEENUM.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BTHHFENUM.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BTHHFENUM.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\bthport.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BTHUSB.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BTHUSB.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\volmgr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\volmgr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BUTTONCONVERTER.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\BUTTONCONVERTER.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\cdfs.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\clfs.sys” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework64\v4.0.30319\S MSVCHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\Microsoft.NET\Framework64\v4.0.30319\S MSVCHOST.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\cdrom.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\cdrom.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\circlass.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\circlass.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\registry.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mup.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\CmBatt.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\CmBatt.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\cng.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\CNGHWASSIST.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\condrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\dam.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\FILECRYPT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\FILECRYPT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vmstorfl.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vmstorfl.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\dfsc.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\disk.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\disk.sys” is sparse (flags = 32768)
File “C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STAND ARDCOLLECTOR.SERVICE.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STAND ARDCOLLECTOR.SERVICE.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\dmvsc.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\dmvsc.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\serial.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\serial.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\dxgkrnl.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\umpass.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\umpass.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\tcpip.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\EHSTORCLASS.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\EHSTORCLASS.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\EHSTORTCGDRV.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\EHSTORTCGDRV.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\errdev.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\errdev.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\fileinfo.sys” is sparse (flags = 32768)
File “C:\Windows\System32\FXSSVC.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\fdc.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\fdc.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ipfltdrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\FILETRACE.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\FILETRACE.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\fltMgr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\monitor.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\monitor.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\FSDEPENDS.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\STORQOSFLT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\STORQOSFLT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\fvevol.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\VMGENCOUNTER.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\VMGENCOUNTER.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\storvsc.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\storvsc.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ndisuio.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\MSGPIOCLX.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\GPUENERGYDRV.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\GPUENERGYDRV.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rassstp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rdbss.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hdaudbus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hdaudbus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidbatt.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidbatt.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidbth.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidbth.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidi2c.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidi2c.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\HIDINTERRUPT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\HIDINTERRUPT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidir.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidir.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidusb.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hidusb.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbhub.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbhub.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\http.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\HVSERVICE.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vmgid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vmgid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hwpolicy.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hyperkbd.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\hyperkbd.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ndproxy.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\i8042prt.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\i8042prt.sys” is sparse (flags = 32768)
File “C:\Windows\SysWOW64\perfhost.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\msiscsi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\msiscsi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WPDUPFLTR.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WPDUPFLTR.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\INDIRECTKMD.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\INDIRECTKMD.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mouhid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mouhid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\intelide.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\intelide.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\intelpep.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\intelpep.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\intelppm.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\intelppm.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WdFilter.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\iorate.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\scfilter.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\IPMIDrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\IPMIDrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ipnat.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\irda.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\kbdclass.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\kbdclass.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\kbdhid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ksecdd.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ksecpkg.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ksthunk.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\lltdio.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\UCMTCPCICX.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\UCMTCPCICX.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\luafv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mmcss.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mskssrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\wimmount.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mrxdav.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\modem.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mspqm.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mouclass.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mouclass.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mountmgr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rasl2tp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mrxsmb.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mrxsmb10.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mrxsmb20.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\Ucx01000.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ufx01000.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\bridge.sys” is sparse (flags = 32768)
File “C:\Windows\System32\VSSVC.exe” is sparse (flags = 32768)
File “C:\Windows\System32\msdtc.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\MSGPIOWIN32.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\MSGPIOWIN32.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\MSHIDKMDF.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\MSHIDKMDF.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\MSHIDUMDF.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\MSHIDUMDF.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\msisadrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\msisadrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mstee.sys” is sparse (flags = 32768)
File “C:\Windows\System32\msiexec.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mslldp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mssmbios.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\mssmbios.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\MTConfig.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\MTConfig.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\nwifi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\nwifi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\netbios.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ndis.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ndiscap.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\NDISIMPLATFORM.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\NDISIMPLATFORM.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\tunnel.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ndistapi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ndiswan.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\NETADAPTERCX.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\NETADAPTERCX.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\netbt.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\NPSVCTRIG.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\NPSVCTRIG.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\nsiproxy.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\parport.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\parport.sys” is sparse (flags = 32768)
File “C:\Windows\System32\vds.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\partmgr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\pci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\pcw.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\pdc.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\pcmcia.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\pcmcia.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\PEAuth.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\qwavedrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\raspptp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\processr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\processr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\pacer.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rasacd.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\agilevpn.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\raspppoe.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rdpbus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rdpbus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rdpdr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rdyboost.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\rspndr.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vms3cap.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vms3cap.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\sbp2port.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\sbp2port.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\swenum.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\swenum.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\sdbus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\SENSORDATASERVICE.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\SerCx.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\SpbCx.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\serenum.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\serenum.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\SerCx2.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\sermouse.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\sermouse.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\URSCX01000.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\URSCX01000.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\sfloppy.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\sfloppy.sys” is sparse (flags = 32768)
File “C:\Windows\System32\snmptrap.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\SPACEPORT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\SPACEPORT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\sppsvc.exe” is sparse (flags = 32768)
File “C:\Windows\System32\sppsvc.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\srvnet.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\storahci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\stornvme.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\tcpipreg.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\tdx.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\tpm.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\terminpt.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vdrvroot.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vdrvroot.sys” is sparse (flags = 32768)
File “C:\Windows\System32\TIERINGENGINESERVICE.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\TIERINGENGINESERVICE.EXE” is sparse (flags = 32768)
File “C:\Windows\servicing\TRUSTEDINSTALLER.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\TsUsbFlt.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\TsUsbGD.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\TsUsbGD.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\uaspstor.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\uaspstor.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\udfs.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\uefi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\uefi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\UI0DETECT.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\UI0DETECT.EXE” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\umbus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\umbus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbcir.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbcir.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbehci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbehci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbohci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbohci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbuhci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbuhci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\USBXHCI.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\USBXHCI.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\USBHUB3.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\USBHUB3.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbprint.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbprint.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbser.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\usbser.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\USBSTOR.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\USBSTOR.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\VERIFIEREXT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\VERIFIEREXT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vhdmp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vhf.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vmbus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vmbus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\volmgrx.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\volsnap.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\volume.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\volume.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vpci.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vsmraid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vsmraid.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vwifibus.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vwififlt.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\vwifimp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WUDFRd.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\wanarp.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\winusb.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\winusb.sys” is sparse (flags = 32768)
File “C:\Windows\System32\wbengine.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WdBoot.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\Wdf01000.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WdiWiFi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WdNisDrv.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\wfplwfs.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\wmiacpi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\wmiacpi.sys” is sparse (flags = 32768)
File “C:\Windows\System32\wbem\WmiApSrv.exe” is sparse (flags = 32768)
File “C:\Program Files\Windows Media Player\wmpnetwk.exe” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\ws2ifsl.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\WUDFPf.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\xusb22.sys” is sparse (flags = 32768)
File “C:\Windows\System32\drivers\xusb22.sys” is sparse (flags = 32768)
File “C:\Windows\System32\AJRouter.dll” is sparse (flags = 32768)
File “C:\Windows\System32\umpnpmgr.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rpcss.dll” is sparse (flags = 32768)
File “C:\Windows\System32\appinfo.dll” is sparse (flags = 32768)
File “C:\Windows\System32\appidsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\AxInstSv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dcpsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\APPREADINESS.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WALLETSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WALLETSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\audiosrv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\audiosrv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\RpcEpMap.dll” is sparse (flags = 32768)
File “C:\Windows\System32\CDPUSERSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\CDPUSERSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\dssvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\bdesvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\BFE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\XBLAUTHMANAGER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\netman.dll” is sparse (flags = 32768)
File “C:\Windows\System32\DEVICESETUPMANAGER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DEVICESETUPMANAGER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\cdpsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\umpo.dll” is sparse (flags = 32768)
File “C:\Windows\System32\qmgr.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ListSvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\lltdsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\bisrv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dhcpcore.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dhcpcore.dll” is sparse (flags = 32768)
File “C:\Windows\System32\browser.dll” is sparse (flags = 32768)
File “C:\Windows\System32\BthHFSrv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\BthHFSrv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\profsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\pnrpsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\bthserv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\provsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\das.dll” is sparse (flags = 32768)
File “C:\Windows\System32\LICENSEMANAGERSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\certprop.dll” is sparse (flags = 32768)
File “C:\Windows\System32\DMWAPPUSHSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DMWAPPUSHSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\ClipSVC.dll” is sparse (flags = 32768)
File “C:\Windows\System32\COREMESSAGING.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\COREMESSAGING.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\cryptsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\TETHERINGSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\TETHERINGSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DEFRAGSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DEFRAGSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WPNUSERSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WPNUSERSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DEVQUERYBROKER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DEVQUERYBROKER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\wscsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WsmSvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WsmSvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wersvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wecsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wcmsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wkssvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dot3svc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\DIAGTRACK.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\DIAGTRACK.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.D LL” is sparse (flags = 32768)
File “C:\Windows\System32\fdPHost.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dnsrslvr.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dnsrslvr.dll” is sparse (flags = 32768)
File “C:\Windows\System32\dps.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WERCPLSUPPORT.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WERCPLSUPPORT.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\eapsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\efssvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\EMBEDDEDMODESVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\EMBEDDEDMODESVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\FntCache.dll” is sparse (flags = 32768)
File “C:\Windows\System32\FntCache.dll” is sparse (flags = 32768)
File “C:\Windows\System32\es.dll” is sparse (flags = 32768)
File “C:\Windows\System32\sdrsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\FRAMESERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\FRAMESERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\srvsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\FDResPub.dll” is sparse (flags = 32768)
File “C:\Windows\System32\upnphost.dll” is sparse (flags = 32768)
File “C:\Windows\System32\fhsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\fhsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\gpsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\hidserv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\HVHOSTSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\HVHOSTSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\IKEEXT.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\iphlpsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\iphlpsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\irmon.dll” is sparse (flags = 32768)
File “C:\Windows\System32\keyiso.dll” is sparse (flags = 32768)
File “C:\Windows\System32\msdtckrm.dll” is sparse (flags = 32768)
File “C:\Windows\System32\lfsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\lmhsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ipnathlp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ipnathlp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\lsm.dll” is sparse (flags = 32768)
File “C:\Windows\System32\moshost.dll” is sparse (flags = 32768)
File “C:\Windows\System32\MESSAGINGSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\MESSAGINGSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\MPSSVC.dll” is sparse (flags = 32768)
File “C:\Windows\System32\iscsiexe.dll” is sparse (flags = 32768)
File “C:\Windows\System32\iscsiexe.dll” is sparse (flags = 32768)
File “C:\Windows\System32\nsisvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\nlasvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ngcsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\NcaSvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\NCDAUTOSETUP.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NCDAUTOSETUP.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NCBSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NCBSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\netlogon.dll” is sparse (flags = 32768)
File “C:\Windows\System32\trkwks.dll” is sparse (flags = 32768)
File “C:\Windows\System32\NETPROFMSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NETPROFMSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NETSETUPSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NETSETUPSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\icsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\NGCCTNRSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\NGCCTNRSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\APHOSTSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\APHOSTSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\pcasvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\pcasvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\p2psvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\PHONESERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\PIMINDEXMAINTENANCE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\pla.dll” is sparse (flags = 32768)
File “C:\Windows\System32\pnrpauto.dll” is sparse (flags = 32768)
File “C:\Windows\System32\icsvcext.dll” is sparse (flags = 32768)
File “C:\Windows\System32\IPSECSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\qwave.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rasauto.dll” is sparse (flags = 32768)
File “C:\Windows\System32\rasmans.dll” is sparse (flags = 32768)
File “C:\Windows\System32\mprdim.dll” is sparse (flags = 32768)
File “C:\Windows\System32\regsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\RDXSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\RMapi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\schedsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\SCardSvr.dll” is sparse (flags = 32768)
File “C:\Windows\System32\XBLGAMESAVE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\XBLGAMESAVE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\SCDEVICEENUM.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\SCDEVICEENUM.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\seclogon.dll” is sparse (flags = 32768)
File “C:\Windows\System32\Sens.dll” is sparse (flags = 32768)
File “C:\Windows\System32\SENSORSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\sensrsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\SessEnv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\shsvcs.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAG ER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAG ER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\TILEOBJSERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\TILEOBJSERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\smphost.dll” is sparse (flags = 32768)
File “C:\Windows\System32\SMSROUTERSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\SMSROUTERSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\StorSvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\sstpsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\ssdpsrv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wiaservc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\svsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\swprv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\sysmain.dll” is sparse (flags = 32768)
File “C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\TabSvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\termsrv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\tapisrv.dll” is sparse (flags = 32768)
File “C:\Windows\System32\THEMESERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\THEMESERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\TIMEBROKERSERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\TIMEBROKERSERVER.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\TZAUTOUPDATE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\umrdp.dll” is sparse (flags = 32768)
File “C:\Windows\System32\Unistore.dll” is sparse (flags = 32768)
File “C:\Windows\System32\USERDATASERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\USERDATASERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\usermgr.dll” is sparse (flags = 32768)
File “C:\Windows\System32\usocore.dll” is sparse (flags = 32768)
File “C:\Windows\System32\vaultsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\w32time.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wbiosrvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wbiosrvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wwansvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WUDFSvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wlidsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wlidsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wlansvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wcncsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wdi.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WebClnt.dll” is sparse (flags = 32768)
File “C:\Windows\System32\WEPHOSTSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WEPHOSTSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\wiarpc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wbem\WMIsvc.dll” is sparse (flags = 32768)
File “C:\Windows\System32\FLIGHTSETTINGS.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\FLIGHTSETTINGS.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WORKFOLDERSSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WORKFOLDERSSVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WPDBUSENUM.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WPDBUSENUM.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WPNSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\WPNSERVICE.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\wuaueng.dll” is sparse (flags = 32768)
File “C:\Windows\System32\wuaueng.dll” is sparse (flags = 32768)
File “C:\Windows\System32\XBOXNETAPISVC.DLL” is sparse (flags = 32768)
File “C:\Windows\System32\XBOXNETAPISVC.DLL” is sparse (flags = 32768)
File “C:\Program Files\Windows Mail\WinMail.exe” is sparse (flags = 32768)
File “C:\Windows\System32\unregmp2.exe” is sparse (flags = 32768)
File “C:\Windows\System32\unregmp2.exe” is sparse (flags = 32768)
File “C:\Windows\System32\ie4uinit.exe” is sparse (flags = 32768)
File “C:\Windows\SysWOW64\rundll32.exe” is sparse (flags = 32768)
File “C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.79” is compressed (flags = 1)
File “C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.79” is compressed (flags = 1)
File “C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.79” is compressed (flags = 1)
File “C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.7C” is compressed (flags = 1)
File “C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.83” is compressed (flags = 1)
File “C:\Users\Ivan Reyes Ortega\AppData\Local\Comms\UnistoreDB\store.vol” is sparse (flags = 32768)
File “C:\Windows\System32\config\systemprofile\AppData\ Local\DataSharing\Storage\DSTokenDB2.dat” is sparse (flags = 32768)

UC Chinese Virus

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment