Solved UC Chinese Virus

Iaro96 · Nov 29, 2016

I'll right, the Zemana Scan is running. Meanwhile, I'll do Everything Search!
Thanks for sticking with me for all this time.

Malnutrition · Nov 29, 2016

No problem, the goal is to have you leave here happy.

Iaro96 · Nov 29, 2016

Search: Chrome
#####################################################################
C:\FRST\Quarantine\C\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome
C:\ProgramData\Bluestacks\BluestacksGameManager\chrome
C:\Users\Guest\AppData\Local\Google\Chrome
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome
C:\Users\Joanne\AppData\Local\Google\Chrome
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome Cleanup Tool
C:\Users\Joanne\AppData\Local\Google\Chrome Cleanup Tool
C:\Users\Joanne\AppData\Local\Google\Chrome SxS
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Profile 1\IndexedDB\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.indexeddb.leveldb
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\chrome-signin
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\chrome-signin
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Profile 1\Storage\ext\chrome-signin
C:\Program Files (x86)\Steam\bin\chrome.pak
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\chromecast
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\Popcorn Time\node_modules\chromecast-js
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\8LYWVHS5\cdn.livestream.com\chromelessPlayer
C:\Program Files (x86)\Adobe\Adobe Help\Themes\LightChrome
C:\Windows\InfusedApps\Packages\Microsoft.ZuneMusic_3.6.19261.0_x64__8wekyb3d8bbwe\AppChrome.xbf
C:\Windows\InfusedApps\Packages\Microsoft.ZuneVideo_3.6.19281.0_x64__8wekyb3d8bbwe\AppChrome.xbf
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV_host_manifest.json
C:\Users\Ivan Reyes Ortega\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M03ZV8YD\aw-chromehead-wh[1].jpg
C:\Users\Ivan Reyes Ortega\Music\iTunes\iTunes Media\Mobile Applications\Chrome 45.2454.68.ipa
C:\Users\Ivan Reyes Ortega\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PH7H7O31\chrome-48[1].png
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage-journal
C:\FRST\Quarantine\C\Users\Ivan Reyes Ortega\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome-extension_aaaaapdcjfaomkafnbpoclmfakjianjd_0.localstorage
C:\FRST\Quarantine\C\Users\Ivan Reyes Ortega\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome-extension_aaaaapdcjfaomkafnbpoclmfakjianjd_0.localstorage-journal
C:\FRST\Quarantine\C\Users\Ivan Reyes Ortega\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome-extension_acbckhilidhkcoenjgmejpgnnmcbhjhi_0.localstorage
C:\FRST\Quarantine\C\Users\Ivan Reyes Ortega\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome-extension_acbckhilidhkcoenjgmejpgnnmcbhjhi_0.localstorage-journal
C:\Users\Ivan Reyes Ortega\AppData\Local\NexonLauncher\User Data\Default\Local Storage\chrome-extension_dobbaijafcbikgimjpakclacfgeagffm_0.localstorage
C:\Users\Ivan Reyes Ortega\AppData\Local\NexonLauncher\User Data\Default\Local Storage\chrome-extension_dobbaijafcbikgimjpakclacfgeagffm_0.localstorage-journal
C:\FRST\Quarantine\C\Users\Ivan Reyes Ortega\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome-extension_eemcgdkfndhakfknompkggombfjjjeno_0.localstorage
C:\FRST\Quarantine\C\Users\Ivan Reyes Ortega\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome-extension_eemcgdkfndhakfknompkggombfjjjeno_0.localstorage-journal
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ganhdnljaplbkmkailmkicdlndplibmd_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ganhdnljaplbkmkailmkicdlndplibmd_0.localstorage
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ganhdnljaplbkmkailmkicdlndplibmd_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ganhdnljaplbkmkailmkicdlndplibmd_0.localstorage-journal
C:\FRST\Quarantine\C\Users\Ivan Reyes Ortega\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome-extension_hkmogefbfdmboplojeicpibfpcndjjbm_0.localstorage
C:\FRST\Quarantine\C\Users\Ivan Reyes Ortega\AppData\Local\UCBrowser\User Data\Default\Local Storage\chrome-extension_hkmogefbfdmboplojeicpibfpcndjjbm_0.localstorage-journal
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal
C:\AdwCleaner\quarantine\files\uevljkkwczvfckkyfybcsxlewdsobkbq\chrome.bat.exe
C:\Users\Ivan Reyes Ortega\AppData\Local\Temp\ResetBrowser\chrome.bmp
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\chrome.browser
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\chrome.browser
C:\Windows\WinSxS\amd64_netfx4-browser_files_b03f5f7f11d50a3a_4.0.14305.0_none_ca91f5e702314acf\chrome.browser
C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.14305.0_none_123f2cbe16ad73d5\chrome.browser
C:\Autodesk\WI\Autodesk AutoCAD 2016\x64\acad\Program Files\Root\Inventor Server\Textures\Chrome.dds
C:\Program Files\Autodesk\AutoCAD 2016\Inventor Server\Textures\Chrome.dds
C:\Windows\Prefetch\CHROME.EXE-46AA1511.pf
C:\Windows\Prefetch\CHROME.EXE-46AA1513.pf
C:\Windows\Prefetch\CHROME.EXE-FDA848E2.pf
C:\Users\Ivan Reyes Ortega\Desktop\Chrome.jpg
C:\ProgramData\Bluestacks\BluestacksGameManager\chrome\chrome.manifest
C:\Program Files\MATLAB\MATLAB Production Server\R2015a\sys\jxbrowser-chromium\win64\chromium\chrome.pak
C:\Windows\WinSxS\amd64_microsoft-windows-c..xmain.views.cortana_31bf3856ad364e35_10.0.14393.0_none_e35e8e2a14f2783d\Chrome.xbf
C:\Windows\WinSxS\amd64_microsoft-windows-c..xmain.views.cortana_31bf3856ad364e35_10.0.14393.321_none_efd3c05d9c1da477\Chrome.xbf
C:\Program Files\MATLAB\MATLAB Production Server\R2015a\sys\jxbrowser-chromium\win64\chromium\chrome_100_percent.pak
C:\Users\Ivan Reyes Ortega\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\Ivan's iPad\Chrome_2015-01-25-175811_Ivans-iPad.crash
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome Cleanup Tool\chrome_cleanup_tool.log
C:\Users\Joanne\AppData\Local\Google\Chrome Cleanup Tool\chrome_cleanup_tool.log
C:\FRST\Quarantine\C\Users\Ivan Reyes Ortega\AppData\Local\UCBrowser\User Data\chrome_debug.log
C:\Users\Ivan Reyes Ortega\AppData\Local\Temp\chrome_installer.log
C:\Users\Ivan Reyes Ortega\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PH7H7O31\Chrome_Owned_96x96[1].png
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\chromecast\discovery\chromecast-discovery.js
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\Popcorn Time\src\app\images\icons\chromecast-icon.png
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\chromecast\node_modules\airplay-js\node_modules\mdns-js\node_modules\mdns-js-packet\test\fixtures\chromecast.bin
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\chromecast\node_modules\mdns-js\node_modules\mdns-js-packet\test\fixtures\chromecast.bin
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\chromecast\node_modules\airplay-js\node_modules\mdns-js\node_modules\mdns-js-packet\test\fixtures\chromecast.js
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\chromecast\node_modules\mdns-js\node_modules\mdns-js-packet\test\fixtures\chromecast.js
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\Popcorn Time\src\app\lib\device\chromecast.js
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup\chromecast_logo_grey.png
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_1\cast_setup\chromecast_logo_grey.png
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\cast_setup\chromecast_logo_grey.png
C:\Program Files (x86)\Nexon\Nexon Launcher\bin\nexon_client\chromedriver.exe
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\ChromeDWriteFontCache
C:\Program Files (x86)\Steam\bin\chromehtml.dll
C:\Program Files (x86)\Steam\SteamApps\common\Portal\bin\chromehtml.dll
C:\Program Files (x86)\Hp\Common\ChromeNativeMessagePassing.dll
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\recovery\101.3.26.8\ChromeRecovery.exe
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\recovery\101.3.28.1\ChromeRecovery.exe
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\recovery\101.3.28.17\ChromeRecovery.exe
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\recovery\101.3.26.8\ChromeRecovery.exe
C:\Users\Ivan Reyes Ortega\Downloads\ChromeSetup.exe
C:\Users\Joanne\Downloads\ChromeSetup.exe
C:\Windows\WinSxS\amd64_microsoft-windows-c..xmain.views.cortana_31bf3856ad364e35_10.0.14393.0_none_e35e8e2a14f2783d\ChromeVisualStates.xbf
C:\Windows\WinSxS\amd64_microsoft-windows-c..xmain.views.cortana_31bf3856ad364e35_10.0.14393.321_none_efd3c05d9c1da477\ChromeVisualStates.xbf
C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures\1\Mats\Doors - Windows.Door Hardware.Chrome.Satin.jpg
C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures\3\Mats\Doors - Windows.Door Hardware.Chrome.Satin.jpg
C:\Autodesk\WI\Autodesk AutoCAD 2016\x64\acad\Program Files\Root\Inventor Server\Bin\Effects\Shaders\Direct3D9\FilterMonochrome.fx
C:\Program Files\Autodesk\AutoCAD 2016\Inventor Server\Bin\Effects\Shaders\Direct3D9\FilterMonochrome.fx
C:\Autodesk\WI\Autodesk AutoCAD 2016\x64\acad\Program Files\Root\Inventor Server\Bin\Effects\Shaders\Direct3D10\FilterMonochrome10.fx
C:\Program Files\Autodesk\AutoCAD 2016\Inventor Server\Bin\Effects\Shaders\Direct3D10\FilterMonochrome10.fx
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe\css\articleReader\fodorsArChrome.css
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe\css\articleReader\frommersArChrome.css
C:\Program Files\WindowsApps\E0469640.JungleMobilization_1.0.1.84_x64__5grkq8ppsgwt4\Games\Common\GameChrome.xaml
C:\Program Files (x86)\Steam\resource\layout\gamespage_grid_chrome.layout
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
C:\Users\Guest\Desktop\Google Chrome.lnk
C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk
C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69b5b7893971c8e8\Google Chrome.lnk
C:\Users\Joanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\FRST\Quarantine\C\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk.xBAD
C:\FRST\Quarantine\C\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69b5b7893971c8e8\Google Chrome.lnk.xBAD
C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\Windows\INetCache\IE\SIMUN470\GoogleChromeStandaloneEnterprise[1].msi
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe\css\hotelArticleChrome.css
C:\Program Files\HP\HP DeskJet 1110 series\Bin\HPGoogleChromeLauncher.exe
C:\Users\Joanne\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\https_chrome.google.com_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_chrome.google.com_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\https_chrome.google.com_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_chrome.google.com_0.localstorage-journal
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen\8.711.600_0\src\icon\icon48-chrome.png
C:\Program Files (x86)\Adobe\Adobe Help\Themes\LightChrome\LightChrome.swf
C:\Program Files (x86)\Adobe\Adobe Help\Themes\LightChrome\LightChrome_cn.swf
C:\Program Files (x86)\Adobe\Adobe Help\Themes\LightChrome\LightChrome_jp.swf
C:\Program Files (x86)\Adobe\Adobe Help\Themes\LightChrome\LightChrome_m.swf
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe\css\articleReader\lonelyPlanetArChrome.css
C:\Users\Joanne\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z7TIF2NM\masthead-banner-CHROMEBOOKS-895x485[1].jpg
C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures\1\Mats\Metals.Ornamental Metals.Chrome.Satin.jpg
C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\Textures\3\Mats\Metals.Ornamental Metals.Chrome.Satin.jpg
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe\css\articleReader\michelinArAttractionsChrome.css
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe\css\articleReader\michelinArChrome.css
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe\css\articleReader\michelinArHotelsChrome.css
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe\css\articleReader\michelinArRestaurantsChrome.css
C:\Autodesk\WI\Autodesk AutoCAD 2016\x64\en-US\acad\AcadPS\Program Files\Root\UserDataCache\Plotters\Plot Styles\monochrome.ctb
C:\Program Files\Autodesk\AutoCAD 2016\UserDataCache\Plotters\Plot Styles\monochrome.ctb
C:\Users\Ivan Reyes Ortega\AppData\Roaming\Autodesk\AutoCAD 2016\R20.1\enu\Plotters\Plot Styles\monochrome.ctb
C:\Autodesk\WI\Autodesk AutoCAD 2016\x64\en-US\acad\AcadPS\Program Files\Root\UserDataCache\Plotters\Plot Styles\monochrome.stb
C:\Program Files\Autodesk\AutoCAD 2016\UserDataCache\Plotters\Plot Styles\monochrome.stb
C:\Users\Ivan Reyes Ortega\AppData\Roaming\Autodesk\AutoCAD 2016\R20.1\enu\Plotters\Plot Styles\monochrome.stb
C:\Autodesk\WI\Autodesk AutoCAD 2016\x64\acad\Program Files\Root\Drv\monochrome12.hdi
C:\Program Files\Autodesk\AutoCAD 2016\Drv\monochrome12.hdi
C:\Program Files\WindowsApps\E0469640.JungleMobilization_1.0.1.84_x64__5grkq8ppsgwt4\Stories\StoryChrome.xaml
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe\css\articleReader\tripAdvisorArChrome.css
#####################################################################

Search: Google
####################################################################

C:\FRST\Quarantine\C\Program Files (x86)\Google
C:\FRST\Quarantine\C\Users\Ivan Reyes Ortega\AppData\Local\Google
C:\Program Files\Google
C:\Program Files (x86)\Google
C:\Users\Guest\AppData\Local\Google
C:\Users\Guest\AppData\Roaming\Google
C:\Users\Ivan Reyes Ortega\AppData\Local\Google
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\Popcorn Time\node_modules\chromecast-js\node_modules\castv2-client\node_modules\castv2\node_modules\protobufjs\src\google
C:\Users\Joanne\AppData\Local\Google
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Profile 1\databases\http_tpc.googlesyndication.com_0
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Profile 1\IndexedDB\http_tpc.googlesyndication.com_0.indexeddb.leveldb
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_0.client-channel.google.com_0.indexeddb.leveldb
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_accounts.google.com_0.indexeddb.leveldb
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_apis.google.com_0.indexeddb.leveldb
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_clients4.google.com_0.indexeddb.leveldb
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_clients5.google.com_0.indexeddb.leveldb
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_clients6.google.com_0.indexeddb.leveldb
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_content.googleapis.com_0.indexeddb.leveldb
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Profile 1\IndexedDB\https_docs.google.com_0.indexeddb.leveldb
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_drive.google.com_0.indexeddb.leveldb
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Profile 1\IndexedDB\https_drive.google.com_0.indexeddb.leveldb
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_drive.google.com_0.indexeddb.leveldb
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Profile 1\databases\https_googleads.g.doubleclick.net_0
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Profile 1\IndexedDB\https_googleads.g.doubleclick.net_0.indexeddb.leveldb
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mail.google.com_0.indexeddb.leveldb
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_plus.google.com_0.indexeddb.leveldb
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_talkgadget.google.com_0.indexeddb.leveldb
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.do_0.indexeddb.leveldb
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.do_0.indexeddb.leveldb
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Profile 1\IndexedDB\https_www.google.com.do_0.indexeddb.leveldb
C:\Users\Joanne\AppData\Local\Google\Chrome SxS\User Data\Default\IndexedDB\https_www.google.com.do_0.indexeddb.leveldb
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com.do_0.indexeddb.leveldb
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.com_0.indexeddb.leveldb
C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac
C:\Program Files\MATLAB\MATLAB Production Server\R2015a\toolbox\local\classpath\3p_google-collections.jcp
C:\Users\Joanne\AppData\Local\Packages\microsoft.windows.authhost.a_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore\V0YCCWTW\accounts.google[1].xml
C:\Users\Joanne\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\WWLP718U\accounts.google[1].xml
C:\Users\Joanne\AppData\Local\Packages\microsoft.windows.authhost.a_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore\OXK7HYK2\clients5.google[1].xml
C:\ProgramData\Bluestacks\UserData\InputMapper\com.animoca.google.astroboydash.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.babycortex.google.mathRun.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.basaltgames.google.lizardrun.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.bigfishgames.google.mcfr2rgoogfull.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.bigfishgames.google.voodoowhispererfull.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.chillingo.harrythefairy.android.rowgoogleplay.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.bb2012.normal.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.caligo.normal.paidfull.google.jp.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.chocohero.normal.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.chocolatetycoon.normal.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.comeonbaby.normal.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.deadcity.normal.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.elpise.normal.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.homerunbattle2.normal.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.imo.normal.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.inotia4.normal.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.kungfupet.normal2.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.ninjastory.normal.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.nipb2013.normal.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.ovenbreak.normal.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.projecteast.normal2.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.queenscrown2.normal.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.soulcollector.normal.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.summitxsnowboard.normal.tryandbuy.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.superactionhero5.normal.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.threekingdomdefense.normal.paidfull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.threekingdomdefense2.normal.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.towerdefense.normal.freefull.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.com2us.zr.normal.adfree.google.global.android.common.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.dpgames.exceed_kr_google_kakao.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.efun.kr.hycs.google.obt.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.g5e.lsoul.google.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.gamevil.castlefantasia2.android.google.global.normal.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.gamevil.darknessreborn2.android.google.global.normal.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.gamevil.kritikamobile.android.google.global.normal.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.ggi.sidekickcyclegoogle.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.ghostgames.SGMS.google.cfg
C:\ProgramData\Bluestacks\BluestacksGameManager\UserData\Home\com.google.android.apps.photos.png
C:\ProgramData\Bluestacks\UserData\InputMapper\com.happymage.google.how.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.happymage.google.kingdomdefense.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.happymage.google.swingQuokka.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.hotheadgames.google.free.rawsniper.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.hotheadgames.google.free.zombie_ace.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.kongregate.mobile.epicskater.google.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.kongregate.mobile.run.google.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.kongregate.mobile.sheephappens.google.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.kongregate.mobile.tinydicedungeon.google.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.korea4399.theking.kakaogoogle.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.manodio.helikiwi.google.global.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.manodio.swatrun.google.global.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.panggame.gun.google.kr.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.skyboard.google.easterBunnyRun.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.skyboard.google.hardestflightever.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.skyboard.google.littlefarm.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.skyboard.google.penguinRun.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.spilgames.a10.google.crashdrive2.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.square_enix.android_googleplay.deadmanscrossww.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.square_enix.android_googleplay.FFV_GP.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.square_enix.android_googleplay.FFVI.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.square_enix.android_googleplay.finalfantasy.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.square_enix.android_googleplay.finalfantasy2.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.stargirlgames.google.bunnyrun.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.vectorunit.purple.googleplay.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.wanmei.xom.efunkr.google.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.xyrality.crazytribes.googleplay.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.yhcgame.hos.google.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\com.zynga.rwf.googleplay.cfg
C:\Users\Joanne\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UHSLF9C3\docs.google[1].xml
C:\Users\Joanne\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UHSLF9C3\drive.google[1].xml
C:\Users\Joanne\Music\iTunes\iTunes Media\Mobile Applications\Google 2.5.1.ipa
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
C:\Users\Guest\Desktop\Google Chrome.lnk
C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk
C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69b5b7893971c8e8\Google Chrome.lnk
C:\Users\Joanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\FRST\Quarantine\C\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk.xBAD
C:\FRST\Quarantine\C\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69b5b7893971c8e8\Google Chrome.lnk.xBAD
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google Docs.ico
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google Docs.ico
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google Docs.ico.md5
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Profile 1\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google Docs.ico.md5
C:\Users\Joanne\Music\iTunes\iTunes Media\Mobile Applications\Google Earth 7.1.1.ipa
C:\Users\Joanne\Music\iTunes\iTunes Media\Mobile Applications\Google Maps 4.2.0.ipa
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Profile 1\Google Profile.ico
C:\Users\Joanne\AppData\Local\Google\Chrome SxS\User Data\Default\Google Profile.ico
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
C:\Users\Guest\AppData\Roaming\Google\Local Search History\google%2Eweb.w
C:\Users\Ivan Reyes Ortega\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PH7H7O31\google-adx[1].gif
C:\Program Files\WindowsApps\FilmOnLiveTVFree.FilmOnLiveTVFree_1.3.6.115_x64__zx03kxexxb716\js\google-analytics-helper.js
C:\Program Files\MATLAB\MATLAB Production Server\R2015a\java\jarext\google-collect.jar
C:\Program Files\MATLAB\MATLAB Production Server\R2015a\appdata\components\3p\google-collections_common 1419893823 3478462396556980129.xml
C:\Program Files\MATLAB\MATLAB Production Server\R2015a\appdata\files\3p\google-collections_common 1419893823_manifest.bin
C:\Users\Joanne\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\C7AKJGGP\google-pixel-caseology-case-press-hero[1].jpg
C:\Users\Joanne\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\J6VNS85J\google-pixel-new-moves-gestures[1].jpg
C:\Users\Ivan Reyes Ortega\Pictures\^~^\Abstract\Google-Wallpaper-11.jpeg
C:\Program Files (x86)\ezvid\Google.Apis.Auth.dll
C:\Program Files (x86)\ezvid\Google.Apis.Auth.PlatformServices.dll
C:\Program Files (x86)\ezvid\Google.Apis.Core.dll
C:\Program Files (x86)\ezvid\Google.Apis.dll
C:\Program Files (x86)\Nuance\Dragon Assistant\Application\Google.Apis.dll
C:\Program Files (x86)\Nuance\Dragon Assistant\Application\Google.Apis.Orkut.v2.dll
C:\Program Files (x86)\ezvid\Google.Apis.PlatformServices.dll
C:\Program Files (x86)\ezvid\Google.Apis.YouTube.v3.dll
C:\Program Files (x86)\Nuance\Dragon Assistant\Application\Google.GData.Client.dll
C:\Program Files (x86)\Nuance\Dragon Assistant\Application\Google.GData.Contacts.dll
C:\Program Files (x86)\Nuance\Dragon Assistant\Application\Google.GData.Extensions.dll
C:\Program Files (x86)\Epson Software\Easy Photo Scan\Google.GData.LICENSE.txt
C:\Program Files (x86)\Nikon\ViewNX 2\GPSMap\google.html
C:\Program Files (x86)\Nikon\ViewNX 2\GPSMap\google.js
C:\Users\Ivan Reyes Ortega\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\Links\Google.url
C:\Users\Ivan Reyes Ortega\Favorites\Links\Google.url
C:\Program Files (x86)\Nikon\ViewNX 2\Plugin\html\LogTool\google_logtool.html
C:\Program Files (x86)\Nikon\ViewNX 2\Plugin\html\LogTool\google_logtool.js
C:\Program Files\MATLAB\MATLAB Production Server\R2015a\bin\win64\google_protocol_buffer.rights
C:\Users\Guest\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\35LG4FVQ\googleads.g.doubleclick[1].xml
C:\Users\Joanne\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\74K4S0K5\googleads.g.doubleclick[1].xml
C:\Program Files\WindowsApps\43266Element26Software.SteamTile_1.1.2.0_x64__2vng2mrd8a7zg\GoogleAnalytics.Core.winmd
C:\Program Files\WindowsApps\AccuWeather.AccuWeatherforWindows8_10.0.322.0_x64__8zz2pj9h1h1d8\GoogleAnalytics.Core.winmd
C:\Program Files\WindowsApps\43266Element26Software.SteamTile_1.1.2.0_x64__2vng2mrd8a7zg\GoogleAnalytics.winmd
C:\Program Files\WindowsApps\AccuWeather.AccuWeatherforWindows8_10.0.322.0_x64__8zz2pj9h1h1d8\GoogleAnalytics.winmd
C:\Program Files\WindowsApps\FilmOnLiveTVFree.FilmOnLiveTVFree_1.3.6.115_x64__zx03kxexxb716\GoogleAnalytics.winmd
C:\Program Files (x86)\Intel\Intel(R) Update Manager\data\html_docs\res\img\googleballs.gif
C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\Windows\INetCache\IE\SIMUN470\GoogleChromeStandaloneEnterprise[1].msi
C:\Users\Ivan Reyes Ortega\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\UYXHSYED\googleg_lodp[1].ico
C:\Program Files (x86)\Nikon\ViewNX 2\GPSMap\googlelib.js
C:\Program Files (x86)\Nikon\ViewNX 2\GPSMap\GoogleLocationSearch.js
C:\Users\Ivan Reyes Ortega\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3ZTZ4U5P\googlelogo_color_112x36dp[1].png
C:\Users\Joanne\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SKEK1H6G\googlelogo_color_112x36dp[1].png
C:\Program Files (x86)\Nikon\ViewNX 2\GPSMap\GoogleMapApiKey.js
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-5B3CDFA8.pf
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-AFD99EFF.pf
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-B7AD469C.pf
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-C327CBAA.pf
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-DE5D8DDC.pf
C:\Users\Joanne\AppData\Local\Apps\2.0\KDR2T95P.YKH\B0TCJQRO.V90\clic...exe_4fe91ede9f9bdca3_0001.0003_none_81523f7b64d98436\GoogleUpdateSetup.exe
C:\Windows\System32\Tasks_Migrated\GoogleUpdateTaskMachineCore
C:\Windows\System32\Tasks_Migrated\GoogleUpdateTaskMachineUA
C:\Program Files\VideoLAN\VLC\lua\playlist\googlevideo.luac
C:\Program Files\HP\HP DeskJet 1110 series\Bin\HPGoogleChromeLauncher.exe
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_scholar.google.com.do_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_scholar.google.com.do_0.localstorage-journal
C:\Users\Ivan Reyes Ortega\AppData\Local\Spotify\Browser\Local Storage\http_tpc.googlesyndication.com_0.localstorage
C:\Users\Ivan Reyes Ortega\AppData\Local\Spotify\Browser\Local Storage\http_tpc.googlesyndication.com_0.localstorage-journal
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.google.com.do_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.google.com.do_0.localstorage
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.google.com.do_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.google.com.do_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.google.com_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.google.com_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_accounts.google.com.do_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_accounts.google.com.do_0.localstorage-journal
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_accounts.google.com_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_accounts.google.com_0.localstorage
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_accounts.google.com_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_accounts.google.com_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\https_chrome.google.com_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_chrome.google.com_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\https_chrome.google.com_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_chrome.google.com_0.localstorage-journal
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_clients5.google.com_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_clients5.google.com_0.localstorage
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_clients5.google.com_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_clients5.google.com_0.localstorage-journal
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_docs.google.com_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_docs.google.com_0.localstorage
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_docs.google.com_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_docs.google.com_0.localstorage-journal
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_drive.google.com_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_drive.google.com_0.localstorage
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_drive.google.com_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_drive.google.com_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_hangouts.google.com_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_hangouts.google.com_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_mail.google.com_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_mail.google.com_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_myaccount.google.com_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_myaccount.google.com_0.localstorage-journal
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_plus.google.com_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_plus.google.com_0.localstorage
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_plus.google.com_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_plus.google.com_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_security.google.com_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_security.google.com_0.localstorage-journal
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_support.google.com_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_support.google.com_0.localstorage
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_support.google.com_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_support.google.com_0.localstorage-journal
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_talkgadget.google.com_0.localstorage
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_talkgadget.google.com_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_tpc.googlesyndication.com_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_tpc.googlesyndication.com_0.localstorage-journal
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.com.do_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.com.do_0.localstorage
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.com.do_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.com.do_0.localstorage-journal
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.com_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.com_0.localstorage
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.com_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.com_0.localstorage-journal
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.pl_0.localstorage
C:\Users\Joanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.google.pl_0.localstorage-journal
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7466.41227.0_x64__8wekyb3d8bbwe\images\HxA-Google.scale-100.png
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7466.41227.0_x64__8wekyb3d8bbwe\images\HxA-Google.scale-125.png
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7466.41227.0_x64__8wekyb3d8bbwe\images\HxA-Google.scale-150.png
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7466.41227.0_x64__8wekyb3d8bbwe\images\HxA-Google.scale-200.png
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7466.41227.0_x64__8wekyb3d8bbwe\images\HxA-Google.scale-250.png
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7466.41227.0_x64__8wekyb3d8bbwe\images\HxA-Google.scale-300.png
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7466.41227.0_x64__8wekyb3d8bbwe\images\HxA-Google.scale-400.png
C:\Users\Ivan Reyes Ortega\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JBGN1B8T\ic_w_google_plus_grey600_24dp[1].png
C:\Program Files\MATLAB\MATLAB Production Server\R2015a\help\includes\product\images\global\ico-google-plus-lg.png
C:\Program Files\MATLAB\MATLAB Production Server\R2015a\help\includes\product\images\global\ico-google-plus.png
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\Popcorn Time\src\app\images\icons\icon-google.png
C:\ProgramData\Bluestacks\UserData\InputMapper\jp.co.sega.puyoft.google.monthly.cfg
C:\ProgramData\Bluestacks\UserData\InputMapper\kr.co.smartstudy.rhythm_party.us.googlemarket.cfg
C:\Program Files (x86)\Lenovo\YouCam\Custom\Skin\150DPI\Webcam\Layout\YouTube\LinkYoutubeGoogleDlg.bkml
C:\Program Files (x86)\Lenovo\YouCam\Custom\Skin\Standard\Webcam\Layout\YouTube\LinkYoutubeGoogleDlg.bkml
C:\Users\Joanne\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UHSLF9C3\mail.google[1].xml
C:\Users\Joanne\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\74K4S0K5\maps.google[1].xml
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\chromecast\node_modules\airplay-js\node_modules\mdns-js\node_modules\mdns-js-packet\test\fixtures\mdns-googlecast-phone.bin
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\chromecast\node_modules\mdns-js\node_modules\mdns-js-packet\test\fixtures\mdns-googlecast-phone.bin
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\chromecast\node_modules\airplay-js\node_modules\mdns-js\node_modules\mdns-js-packet\test\fixtures\mdns-googlecast-phone.js
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\chromecast\node_modules\mdns-js\node_modules\mdns-js-packet\test\fixtures\mdns-googlecast-phone.js
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\chromecast\node_modules\airplay-js\node_modules\mdns-js\node_modules\mdns-js-packet\test\fixtures\mdns-googlecast-type47.bin
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\chromecast\node_modules\mdns-js\node_modules\mdns-js-packet\test\fixtures\mdns-googlecast-type47.bin
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\chromecast\node_modules\airplay-js\node_modules\mdns-js\node_modules\mdns-js-packet\test\fixtures\mdns-googlecast-type47.js
C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\Quarantine\Popcorn Time\chromecast\node_modules\mdns-js\node_modules\mdns-js-packet\test\fixtures\mdns-googlecast-type47.js
C:\Autodesk\AutoCAD_2016_English_Win_32_64bit_Trial_wi_en-us\en-us\Docs\acad_install_help\images\mobile-share-google.jpg
C:\Autodesk\AutoCAD_2016_English_Win_32_64bit_Trial_wi_en-us\en-us\Docs\acad_sysreq\images\mobile-share-google.jpg
C:\Program Files\Autodesk\AutoCAD 2016\Setup\en-us\Setup\en-us\Docs\acad_install_help\images\mobile-share-google.jpg
C:\Program Files\Autodesk\AutoCAD 2016\Setup\en-us\Setup\en-us\Docs\acad_sysreq\images\mobile-share-google.jpg
C:\FRST\Quarantine\C\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll.xBAD
C:\Users\Ivan Reyes Ortega\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\Orwell's 1984 vs Balaguer - Google Drive.url
C:\Users\Ivan Reyes Ortega\Favorites\Orwell's 1984 vs Balaguer - Google Drive.url
C:\Users\Joanne\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2JQESH24\plus.google[1].xml
C:\FRST\Quarantine\C\Users\Ivan Reyes Ortega\AppData\Local\UCBrowser\User Data\Default\Extensions\hkmogefbfdmboplojeicpibfpcndjjbm\1.6.1_0\inject\prefetch-google.js
C:\Users\Ivan Reyes Ortega\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CUNZEO5J\productforums.google[1].xml
C:\Users\Ivan Reyes Ortega\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\RHF3VETL\support.google[1].xml
C:\Users\Joanne\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UHSLF9C3\support.google[1].xml
C:\Users\Joanne\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UHSLF9C3\talkgadget.google[1].xml
C:\Users\Ivan Reyes Ortega\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\OAK0R4MT\translate.google[1].xml
C:\ProgramData\Bluestacks\UserData\InputMapper\uk.co.crashlab.google.twistpilot.cfg
C:\FRST\Quarantine\C\Users\Ivan Reyes Ortega\AppData\Local\UCBrowser\User Data\Default\Extensions\hdgdpmpallofembldhflnlkcfappghhc\5.0.17_0\plugins\wow_google.js
C:\Users\Guest\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\35LG4FVQ\www.google.com[1].xml
C:\Users\Ivan Reyes Ortega\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\TBK54U86\www.google.com[1].xml
C:\Users\Joanne\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UHSLF9C3\www.google.com[1].xml
C:\Users\Guest\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\K2EX7CLU\www.google[1].xml
C:\Users\Ivan Reyes Ortega\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\E6QGJW43\www.google[1].xml
C:\Users\Joanne\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UHSLF9C3\www.google[1].xml
C:\Users\Joanne\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\WWLP718U\www.google[1].xml

Malnutrition · Nov 29, 2016

Ok, awaiting the Zemana and ZHP Diag logs. I will include the google clean up when I make a new fixlist based from the info I get from the ZHP logs. I think you should try and run Browser reset tool once more to see that will help.

Iaro96 · Nov 29, 2016

It's almost done.... can't believe it, there's still UCBrowser stuff left

Iaro96 · Nov 29, 2016

Zemana AntiMalware 2.70.2.25 (Installed)
-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/11/29
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i3-3130M CPU @ 2.60GHz
BIOS Mode : UEFI
CUID : 1203285F630FDF1F3D8882
Scan Type : Custom Scan
Duration : 264m 45s
Scanned Objects : 633644
Detected Objects : 13
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
MSIDF4E.tmp
Status : Scanned
Object : %systemroot%\installer\msidf4e.tmp
MD5 : 5ACE47563F8492D21BD564B827A7814D
Publisher : APN LLC
Size : 108616
Version : 1.0.0.1
Detection : PUA:Win32/AskToolbar.Gen
Cleaning Action : Quarantine
Related Objects :
File - %systemroot%\installer\msidf4e.tmp
adobe.snr.patch-painter.exe
Status : Scanned
Object : %userprofile%\documents\adobe cc 2015 universal patcher 1.5\adobe.snr.patch-painter.exe
MD5 : 0D9B7ABE952D6C1DC24750BF47969132
Publisher : -
Size : 631808
Version : 1.5.0.0
Detection : PUA:Win32/SoftCrack.Gen
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\documents\adobe cc 2015 universal patcher 1.5\adobe.snr.patch-painter.exe
DBUpdater.exe
Status : Scanned
Object : %localappdata%\temp\dbupdater.exe
MD5 : 7C175093AA098F61B7E3D94CF558A1B0
Publisher : -
Size : 434692
Version : -
Detection : Downloader:Win32/Banload.Variant
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\temp\dbupdater.exe
DBUpdater[1].exe
Status : Scanned
Object : %localappdata%\microsoft\windows\inetcache\ie\simun470\dbupdater[1].exe
MD5 : 0B51F61452FFC527BBA4189A3BB6BD4C
Publisher : -
Size : 434688
Version : -
Detection : Downloader:Win32/Banload.Variant
Cleaning Action : Quarantine
Related Objects :
File - %localappdata%\microsoft\windows\inetcache\ie\simun470\dbupdater[1].exe
ucguard.sys.xBAD
Status : Scanned
Object : %homedrive%\frst\quarantine\c\windows\system32\drivers\ucguard.sys.xbad
MD5 : EB482DBC9786F1A9E3ED5AB6864794FA
Publisher : TAOBAO (CHINA) SOFTWARE CO.,LTD.
Size : 81792
Version : 0.1.0.85
Detection : Adware:Win32/UCBrowser-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\windows\system32\drivers\ucguard.sys.xbad
ucwifi_compat.dll
Status : Scanned
Object : %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\ucbrowser\user data\ucwifi\1.0.0.8\ucwifi_compat.dll
MD5 : 59520CC7DAC73C37A02ADEDAED870D76
Publisher : TAOBAO (CHINA) SOFTWARE CO.,LTD.
Size : 364144
Version : 1.0.0.0
Detection : Adware:Win32/UCBrowser-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\ucbrowser\user data\ucwifi\1.0.0.8\ucwifi_compat.dll
UCWiFi.exe
Status : Scanned
Object : %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\ucbrowser\user data\ucwifi\1.0.0.8\ucwifi.exe
MD5 : 260402E5F4C9EE3CA15C7AADE09EF6EA
Publisher : TAOBAO (CHINA) SOFTWARE CO.,LTD.
Size : 6635632
Version : 1.0.0.1
Detection : Adware:Win32/UCBrowser-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\ucbrowser\user data\ucwifi\1.0.0.8\ucwifi.exe
libEGL.dll
Status : Scanned
Object : %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\ucbrowser\user data\ucwifi\1.0.0.8\libegl.dll
MD5 : EF07C80D0099C80A73832D0E655FF8CF
Publisher : TAOBAO (CHINA) SOFTWARE CO.,LTD.
Size : 88736
Version : 2.1.0.0
Detection : Adware:Win32/UCBrowser-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\ucbrowser\user data\ucwifi\1.0.0.8\libegl.dll
libGLESv2.dll
Status : Scanned
Object : %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\ucbrowser\user data\ucwifi\1.0.0.8\libglesv2.dll
MD5 : 5C071CAAB5CFD60432902BCBDC14AB6F
Publisher : TAOBAO (CHINA) SOFTWARE CO.,LTD.
Size : 2081440
Version : 2.1.0.0
Detection : Adware:Win32/UCBrowser-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\ucbrowser\user data\ucwifi\1.0.0.8\libglesv2.dll
ucbrabs.exe.xBAD
Status : Scanned
Object : %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\temp\ucbrabs.exe.xbad
MD5 : 712F8A5EE24FA94450C8A86B29860296
Publisher : -
Size : 1441792
Version : -
Detection : Adware:Win32/Tazzi.A!Kaaa
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\temp\ucbrabs.exe.xbad
DBUpdater.exe.xBAD
Status : Scanned
Object : %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\temp\dbupdater.exe.xbad
MD5 : DECA5304043B116C977B5FA93F63FD91
Publisher : -
Size : 434692
Version : -
Detection : Downloader:Win32/Banload.Variant
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\temp\dbupdater.exe.xbad
DriverBoosterSetup.exe.xBAD
Status : Scanned
Object : %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\temp\driverboostersetup.exe.xbad
MD5 : E01015617CE39022F9FF8BFB410ADA37
Publisher : -
Size : 89088
Version : -
Detection : Malware:Win32/Tazzi.A!Keke
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\temp\driverboostersetup.exe.xbad
Browser_V5.7.15319.5_r_4670_(Build1608291541).exe.xBAD
Status : Scanned
Object : %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\temp\browser_v5.7.15319.5_r_4670_(build1608291541).exe.xbad
MD5 : 9534DAE671B92610585578D911C654D7
Publisher : TAOBAO (CHINA) SOFTWARE CO.,LTD.
Size : 51562496
Version : 5.7.15319.5
Detection : Adware:Win32/UCBrowser-DJ!Ep
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\frst\quarantine\c\users\ivan reyes ortega\appdata\local\temp\browser_v5.7.15319.5_r_4670_(build1608291541).exe.xbad

Cleaning Result
-------------------------------------------------------
Cleaned : 13
Reported as safe : 0
Failed : 0

Iaro96 · Nov 29, 2016

~ ZHPDiag v2016.11.29.233 By Nicolas Coolman (2016/11/29)
~ Run by Ivan Reyes Ortega (Administrator) (2016/11/29 14:51:33)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook: https://www.facebook.com/nicolascoolman1
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\Ivan Reyes Ortega\Desktop\ZHPDiag.txt
~ Report: C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 10 Home, 64-bit (Build 14393) =>.Microsoft Corporation
---\\ Internet Browsers (1) - 0s
~ MSIE: Internet Explorer v11.447.14393.0
---\\ Windows Product Information (3) - 4s
~ Windows Server License Manager Script : OK
System - VBScript Engine not found
Windows Automatic Updates : OK
---\\ System protection software (2) - 46s
Malwarebytes Anti-Malware version 2.2.1.1043 (Protection)
Windows Defender (Activate) (Protection)
---\\ System protection software (Superfluous) (1) - 46s
~ Zemana AntiMalware v2.70.25 (Superfluous)
---\\ Surveillance software (1) - 47s
~ Adobe Reader XI (Surveillance)
---\\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 6173.832 MB (50% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 384 GB (41%) free of 926 GB : OK =>.Disk Space
---\\ Connection to the system mode (3) - 0s
~ Computer Name: HOMEPC
~ User Name: Ivan Reyes Ortega
~ Logged in as Administrator
---\\ Enumeration of the disk units (1) - 0s
~ Drive C: has 384 GB free of 926 GB (System)
---\\ State of the Windows Security Center (7) - 0s
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
---\\ Search Generic System Files (24) - 7s
[MD5.43BF96FCF50945BE35C22206980C9068] - 02/11/2016 - (.Microsoft Corporation - Windows Explorer.) -- C:\WINDOWS\Explorer.exe [4673304] =>.Microsoft Windows®
[MD5.C7645D43451C6D94D87F4D07BDE59C89] - 16/07/2016 - (.Microsoft Corporation - Windows host process (Rundll32).) -- C:\WINDOWS\System32\rundll32.exe [69632] =>.Microsoft Corporation
[MD5.99A19C9A74E2F9820E501DCE77F84F70] - 16/07/2016 - (.Microsoft Corporation - Windows Start-Up Application.) -- C:\WINDOWS\System32\Wininit.exe [304240] =>.Microsoft Windows Publisher®
[MD5.7F08626131800B977DE92B7C0DF481A1] - 02/11/2016 - (.Microsoft Corporation - Internet Extensions for Win32.) -- C:\WINDOWS\System32\wininet.dll [2669056] =>.Microsoft Corporation
[MD5.D243745884BCBC21E91AB569A0AD514E] - 14/10/2016 - (.Microsoft Corporation - Windows Logon Application.) -- C:\WINDOWS\System32\Winlogon.exe [673792] =>.Microsoft Corporation
[MD5.9600B7F2F89DE60A80D13DE42F672834] - 16/07/2016 - (.Microsoft Corporation - Software Licensing Library.) -- C:\WINDOWS\System32\sppcomapi.dll [402432] =>.Microsoft Corporation
[MD5.96B8A433F6407DE34850927C96C6CE9B] - 01/10/2016 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\System32\dnsapi.dll [646136] =>.Microsoft Windows®
[MD5.227CFE3EDA82029AAC1C088A16297CD7] - 01/10/2016 - (.Microsoft Corporation - DNS Client API DLL.) -- C:\WINDOWS\Syswow64\dnsapi.dll [496872] =>.Microsoft Windows®
[MD5.323AA1953ED9C01E23F740FA891FE064] - 15/10/2016 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\WINDOWS\System32\drivers\AFD.sys [584032] =>.Microsoft Windows®
[MD5.A10F989A812B57B9695F6C305907C9C6] - 16/07/2016 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\WINDOWS\System32\drivers\atapi.sys [28512] =>.Microsoft Windows®
[MD5.F8FB51B9EF6372610E9B31A1D86B62FC] - 16/07/2016 - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\WINDOWS\System32\drivers\Cdfs.sys [92160] =>.Microsoft Corporation
[MD5.613D0137C269187FA298A157E3D14A18] - 16/07/2016 - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\WINDOWS\System32\drivers\Cdrom.sys [173056] =>.Microsoft Corporation
[MD5.0D1D392ED2597F295956D058D33BD7C3] - 05/10/2016 - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\WINDOWS\System32\drivers\DfsC.sys [144896] =>.Microsoft Corporation
[MD5.10E3515FE5DBA6656FA62C29342EC4A1] - 16/07/2016 - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\WINDOWS\System32\drivers\HDAudBus.sys [83456] =>.Microsoft Corporation
[MD5.B54B30992620C97230013A74461C8517] - 16/07/2016 - (.Microsoft Corporation - i8042 Port Driver.) -- C:\WINDOWS\System32\drivers\i8042prt.sys [114176] =>.Microsoft Corporation
[MD5.F1DAECC3B3D6399875D4F10529D6A77C] - 16/07/2016 - (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\System32\drivers\IpNat.sys [212480] =>.Microsoft Corporation
[MD5.E671EDAB0726E05ECEF4058B4CD73C4D] - 01/10/2016 - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\WINDOWS\System32\drivers\MRxSmb.sys [450392] =>.Microsoft Windows®
[MD5.6FEBB0A847FFD5F057B9AC8889F1B9A7] - 16/07/2016 - (.Microsoft Corporation - MBT Transport driver.) -- C:\WINDOWS\System32\drivers\netBT.sys [279040] =>.Microsoft Corporation
[MD5.DB69C6DA8B3DDFDC547D455CA23A8250] - 02/11/2016 - (.Microsoft Corporation - NT File System Driver.) -- C:\WINDOWS\System32\drivers\ntfs.sys [2255712] =>.Microsoft Windows®
[MD5.6B81BF7853D161DB8AC62CD8B9C2DE6B] - 16/07/2016 - (.Microsoft Corporation - Parallel Port Driver.) -- C:\WINDOWS\System32\drivers\Parport.sys [96768] =>.Microsoft Corporation
[MD5.17E565710172ED71B8531D8822E1C5D1] - 16/07/2016 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\WINDOWS\System32\drivers\Rasl2tp.sys [104960] =>.Microsoft Corporation
[MD5.7135785C21CA79D270D11037C43D3F19] - 16/07/2016 - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\WINDOWS\System32\drivers\rdpdr.sys [177152] =>.Microsoft Corporation
[MD5.9D2DD64A0B51C56285512DC9454340F6] - 16/07/2016 - (.Microsoft Corporation - TDI Translation Driver.) -- C:\WINDOWS\System32\drivers\tdx.sys [118112] =>.Microsoft Windows®
[MD5.BF2546583BB75F01DDA60A7921DFB230] - 16/07/2016 - (.Microsoft Corporation - Volume Shadow Copy driver.) -- C:\WINDOWS\System32\drivers\volsnap.sys [391520] =>.Microsoft Windows®
---\\ Non Microsoft non disabled Windows Services (32) - 7s
O23 - Service: Autodesk Application Manager Service (AdAppMgrSvc) . (.Autodesk Inc. - Autodesk Application Manager.) - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe =>.Autodesk, Inc®
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) . (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe =>.Adobe Systems Incorporated®
O23 - Service: Apple Mobile Device Service (Apple Mobile Device Service) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe =>.Apple Inc.®
O23 - Service: Autodesk Content Service (Autodesk Content Service) . (.Autodesk, Inc. - AutoCAD component.) - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe =>.Autodesk, Inc®
O23 - Service: @oem30.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Man (BcmBtRSupport) . (.Broadcom Corporation. - Bluetooth Radio Management Support.) - C:\WINDOWS\system32\BtwRSupportService.exe =>.Broadcom Corporation.
O23 - Service: Bonjour Service (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe =>.Apple Inc.®
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) - C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe =>.BlueStack Systems, Inc.®
O23 - Service: Dragon Assistant Core (DACoreService) . (.Nuance Communications, Inc. - DACore.) - C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe =>.Nuance Communications, Inc.®
O23 - Service: Epson Scanner Service (EpsonScanSvc) . (.Seiko Epson Corporation - Epson Scanner Service (64bit).) - C:\WINDOWS\system32\EscSvc64.exe =>.Seiko Epson Corporation
O23 - Service: Everything (Everything) . (.Copyright (C) 2014 David Carpenter - Everything.) - C:\Program Files\Everything\Everything.exe =>.Copyright (c) 2014 David Carpenter
O23 - Service: Garmin Device Interaction Service (Garmin Device Interaction Service) . (.Garmin Ltd. or its subsidiaries - Garmin Service.) - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe =>.Garmin International, Inc.®
O23 - Service: GoPro Device Detection Service (GoProDeviceDetectionService) . (...) - C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe =>.GoPro, Inc.®
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) . (.LogMeIn Inc. - Hamachi Client Tunneling Engine.) - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe =>.LogMeIn, Inc.®
O23 - Service: HP CUE DeviceDiscovery Service (hpqddsvc) . (.Hewlett-Packard Co. - HP CUE DeviceDiscovery Service.) - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqddsvc.dll =>.Hewlett Packard®
O23 - Service: HP Network Devices Support (HPSLPSVC) . (.Hewlett-Packard Co. - HP Network Devices Support.) - C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL =>.Hewlett-Packard Co.
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company - SolutionsFrameworkService.) - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe =>.Hewlett-Packard Company®
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation - IAStorDataSvc.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe =>.Intel Corporation - Intel® Rapid Storage Technology®
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) . (.Intel Corporation - igfxCUIService Module.) - C:\WINDOWS\system32\igfxCUIService.exe =>.Intel Corporation
O23 - Service: Intel(R) Capability Licensing Service Interface (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation - Intel(R) Capability Licensing Service Inter.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe =>.Intel® Upgrade Service®
O23 - Service: Intel(R) ME Service (Intel(R) ME Service) . (.Intel Corporation - Intel(R) ME Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe =>.Intel Corporation®
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe =>.Intel Corporation®
O23 - Service: LMIGuardianSvc (LMIGuardianSvc) . (.LogMeIn, Inc. - LMIGuardianSvc.) - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe =>.LogMeIn, Inc.®
O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation®
O23 - Service: Net Driver HPZ12 (Net Driver HPZ12) . (.Hewlett-Packard - Dot4Net Module.) - C:\Windows\System32\HPZinw12.dll =>.Hewlett-Packard
O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) . (.Nitro PDF Software - Nitro PDF Spool Service.) - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe =>.Nitro PDF Software®
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) . (.Nalpeiron Ltd. - This service enables products that use the.) - C:\Windows\SysWOW64\NLSSRV32.EXE =>.Nitro PDF Software®
O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) . (.Hewlett-Packard - PmlDrv Module.) - C:\Windows\System32\HPZipm12.dll =>.Hewlett-Packard
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) . (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe =>.DEVGURU CO LTD®
O23 - Service: Intel(R) Management and Security Application User Notificat (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe =>.Intel Corporation®
O23 - Service: ZAM Controller Service (ZAMSvc) . (.Zemana Ltd. - ZAM.) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
---\\ Services not Microsoft (SR=Run, SS=Stop) (42) - 30s
SR - Auto [04/12/2014] [ 599944] Autodesk Application Manager Service (AdAppMgrSvc) . (.Autodesk Inc..) - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe =>.Autodesk, Inc®
SR - Auto [21/10/2016] [ 82128] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
SR - Auto [26/09/2016] [ 2207960] Adobe Genuine Software Integrity Service (AGSService) . (.Adobe Systems, Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe =>.Adobe Systems Incorporated®
SR - Auto [02/03/2016] [ 83768] Apple Mobile Device Service (Apple Mobile Device Service) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe =>.Apple Inc.®
SR - Auto [05/02/2015] [ 31160] Autodesk Content Service (Autodesk Content Service) . (.Autodesk, Inc..) - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe =>.Autodesk, Inc®
SR - Auto [20/08/2015] [ 2278152] @oem30.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Man (BcmBtRSupport) . (.Broadcom Corporation..) - C:\WINDOWS\system32\BtwRSupportService.exe =>.Broadcom Corporation®
SR - Auto [12/08/2015] [ 462096] Bonjour Service (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe =>.Apple Inc.®
SS - Demand [21/07/2016] [ 445976] BlueStacks Android Service (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\Bluestacks\HD-Service.exe =>.BlueStack Systems, Inc.®
SR - Auto [21/07/2016] [ 425496] BlueStacks Log Rotator Service (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe =>.BlueStack Systems, Inc.®
SS - Demand [21/07/2016] [ 462360] BlueStacks Plus Android Service (BstHdPlusAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe =>.BlueStack Systems, Inc.®
SS - Demand [03/05/2016] [ 299488] Intel(R) Content Protection HECI Service (cphs) . (.Intel Corporation.) - C:\Windows\SysWOW64\IntelCpHeciSvc.exe =>.Intel(R) pGFX®
SR - Auto [22/02/2013] [ 430480] Dragon Assistant Core (DACoreService) . (.Nuance Communications, Inc..) - C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe =>.Nuance Communications, Inc.®
SR - Auto [17/05/2012] [ 144560] Epson Scanner Service (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\WINDOWS\system32\EscSvc64.exe =>.SEIKO EPSON Corporation®
SR - Auto [05/08/2014] [ 1441792] Everything (Everything) . (.Copyright (C) 2014 David Carpenter.) - C:\Program Files\Everything\Everything.exe =>.Copyright (c) 2014 David Carpenter
SS - Demand [05/05/2015] [ 1369856] FlexNet Licensing Service 64 (FlexNet Licensing Service 64) . (.Flexera Software LLC.) - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe =>.Flexera Software LLC®
SR - Auto [25/10/2016] [ 985616] Garmin Device Interaction Service (Garmin Device Interaction Service) . (.Garmin Ltd. or its subsidiaries.) - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe =>.Garmin International, Inc.®
SR - Auto [11/10/2016] [ 37808] GoPro Device Detection Service (GoProDeviceDetectionService) . (...) - C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe =>.GoPro, Inc.®
SR - Auto [11/11/2016] [ 2627080] LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe =>.LogMeIn, Inc.®
SR - Demand [20/09/2011] [ 254824] hpqcxs08 (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqcxs08.dll =>.Hewlett Packard®
SR - Auto [29/04/2011] [ 138600] HP CUE DeviceDiscovery Service (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqddsvc.dll =>.Hewlett Packard®
SR - Auto [18/08/2011] [ 1039360] HP Network Devices Support (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL =>.Hewlett-Packard Co.
SR - Auto [17/12/2013] [ 46904] HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe =>.Hewlett-Packard Company®
SR - Auto [31/01/2013] [ 15344] Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe =>.Intel Corporation - Intel® Rapid Storage Technology®
SS - Demand [04/04/2005] [ 69632] InstallDriver Table Manager (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe =>.Macrovision Corporation
SR - Auto [03/05/2016] [ 337888] Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) . (.Intel Corporation.) - C:\WINDOWS\system32\igfxCUIService.exe =>.Intel(R) pGFX®
SR - Auto [20/04/2012] [ 635104] Intel(R) Capability Licensing Service Interface (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe =>.Intel® Upgrade Service®
SR - Auto [26/07/2012] [ 128896] Intel(R) ME Service (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe =>.Intel Corporation®
SR - Demand [26/07/2016] [ 651576] iPod Service (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe =>.Apple Inc.®
SS - Demand [12/08/2016] [ 177376] Intel(R) Update Manager (iumsvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe =>.Intel(R) Update Manager®
SR - Auto [26/07/2012] [ 165760] Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe =>.Intel Corporation®
SR - Auto [11/11/2016] [ 419248] LMIGuardianSvc (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe =>.LogMeIn, Inc.®
SR - Auto [26/07/2012] [ 276864] Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation®
SR - Auto [06/08/2010] [ 71680] Net Driver HPZ12 (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\HPZinw12.dll =>.Hewlett-Packard
SR - Auto [14/12/2012] [ 230408] NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) . (.Nitro PDF Software.) - C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe =>.Nitro PDF Software®
SR - Auto [14/12/2012] [ 70152] Nalpeiron Licensing Service (nlsX86cc) . (.Nalpeiron Ltd..) - C:\Windows\SysWOW64\NLSSRV32.EXE =>.Nitro PDF Software®
SR - Auto [06/08/2010] [ 89600] Pml Driver HPZ12 (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\HPZipm12.dll =>.Hewlett-Packard
SS - Auto [20/09/2016] [ 324224] Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe =>.Skype Software Sarl®
SR - Auto [20/09/2016] [ 324224] SAMSUNG Mobile Connectivity Service (ss_conn_service) . (.DEVGURU Co., LTD..) - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe =>.DEVGURU CO LTD®
SS - Demand [20/09/2016] [ 324224] Steam Client Service (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe =>.Valve®
SS - Demand [20/09/2016] [ 324224] Adobe SwitchBoard (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe =>.Adobe Systems Incorporated
SR - Auto [20/09/2016] [ 324224] Intel(R) Management and Security Application User Notificat (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe =>.Intel Corporation®
SR - Auto [20/09/2016] [ 324224] ZAM Controller Service (ZAMSvc) . (.Zemana Ltd..) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
---\\ Task Planned Automatically (28) - 16s
[MD5.220ADB2D8475CF40556F61688D3A3EA3] [APT] [Adobe Acrobat Update Task] (.Adobe Systems Incorporated.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [324224] (.Activate.) =>.Adobe Systems, Incorporated®
[MD5.1315C5C5C54CE2AA37A155F97027DB59] [APT] [AdobeAAMUpdater-1.0-MicrosoftAccount-ivan.reor@gmail.com] (.Adobe Systems Incorporated.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [324224] (.Activate.) =>.Adobe Systems Incorporated®
[MD5.E516D7811B24812819A3BAC8AD350510] [APT] [Apple Diagnostics] (.Apple Inc..) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [324224] (.Activate.) =>.Apple Inc.®
[MD5.1DB1806B64366ECE281B672AA52D6380] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [324224] (.Activate.) =>.Piriform Ltd®
[MD5.26502493132A7924466D091C540584F0] [APT] [EPSON Perfection V19 Update] (.SEIKO EPSON CORPORATION.) -- C:\Program Files (x86)\epson\escndv\update\e_dtsksd.exe [324224] (.Activate.) =>.SEIKO EPSON CORPORATION®
[MD5.5AE19E6010B893B65840E8C2E3427314] [APT] [GarminUpdaterTask] (.Copyright © 2015.) -- C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [324224] (.Activate.) =>.Garmin International, Inc.®
[MD5.622BF9C46A47CF17608C501320E8EFBD] [APT] [IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473] (.Intel Corporation.) -- C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [324224] (.Activate.) =>.Intel(R) Update Manager®
[MD5.622BF9C46A47CF17608C501320E8EFBD] [APT] [IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon] (.Intel Corporation.) -- C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [324224] (.Activate.) =>.Intel(R) Update Manager®
[MD5.A1741C3B79F9DF8895E05EF43579E74B] [APT] [MirageAgent] (.CyberLink.) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [324224] (.Activate.) =>.CyberLink®
[MD5.00000000000000000000000000000000] [APT] [{8DD3EE36-D507-432E-A9B1-FA7778A3BE83}] (...) -- D:\setup.exe (.not file.) [324224] (.Activate.)
[MD5.00000000000000000000000000000000] [APT] [{DB50062B-1108-4516-B07E-CB933EB55684}] (...) -- C:\Users\Ivan Reyes Ortega\AppData\Local\Akamai\uninstall.exe (.not file.) [324224] (.Activate.) =>.Superfluous.AkamaiHD
[MD5.23985274780D27117C470AA259B79B30] [APT] [Apple\AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [324224] (.Activate.) =>.Apple Inc.®
[MD5.00000000000000000000000000000000] [APT] [Lenovo\Lenovo-31886] (...) -- C:\ProgramData\Lenovo-31886.vbs (.not file.) [324224] (.Activate.)
[MD5.00000000000000000000000000000000] [APT] [Lenovo\Lenovo-31951] (...) -- C:\ProgramData\Lenovo-31951.vbs (.not file.) [324224] (.Activate.)
O39 - APT: EPSON Perfection V19 Update - (.SEIKO EPSON CORPORATION.) -- C:\WINDOWS\Tasks\EPSON Perfection V19 Update.job [324224] =>.SEIKO EPSON CORPORATION®
O39 - APT: Unknown - (...) -- C:\WINDOWS\Tasks\MATLAB R2015a Startup Accelerator.job [324224]
O39 - APT: Adobe Acrobat Update Task - (.Adobe Systems Incorporated.) -- C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task [324224] =>.Adobe Systems, Incorporated®
O39 - APT: AdobeAAMUpdater-1.0-MicrosoftAccount-ivan.reor@gmail.com - (.Adobe Systems Incorporated.) -- C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ivan.reor@gmail.com [324224] =>.Adobe Systems Incorporated®
O39 - APT: Apple Diagnostics - (.Apple Inc..) -- C:\WINDOWS\System32\Tasks\Apple Diagnostics [324224] =>.Apple Inc.®
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) -- C:\WINDOWS\System32\Tasks\CCleanerSkipUAC [324224] =>.Piriform Ltd®
O39 - APT: EPSON Perfection V19 Update - (.SEIKO EPSON CORPORATION.) -- C:\WINDOWS\System32\Tasks\EPSON Perfection V19 Update [324224] =>.SEIKO EPSON CORPORATION®
O39 - APT: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - (.Intel Corporation.) -- C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 [324224] =>.Intel(R) Update Manager®
O39 - APT: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon - (.Intel Corporation.) -- C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon [324224] =>.Intel(R) Update Manager®
O39 - APT: MirageAgent - (.CyberLink.) -- C:\WINDOWS\System32\Tasks\MirageAgent [324224] =>.CyberLink®
O39 - APT: Unknown - (.Microsoft Corporation.) -- C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task [324224] =>.Microsoft Corporation
O39 - APT: Unknown - (...) -- C:\WINDOWS\System32\Tasks\{7C134AF1-A52C-45FB-A769-590205637799} [324224]
O39 - APT: {8DD3EE36-D507-432E-A9B1-FA7778A3BE83} - (.False.) -- C:\WINDOWS\System32\Tasks\{8DD3EE36-D507-432E-A9B1-FA7778A3BE83} [324224] (.Orphan.) =>.Superfluous.Orphan
O39 - APT: {DB50062B-1108-4516-B07E-CB933EB55684} - (.False.) -- C:\WINDOWS\System32\Tasks\{DB50062B-1108-4516-B07E-CB933EB55684} [324224] (.Orphan.) =>.Superfluous.AkamaiHD
---\\ Auto loading programs from Registry and folders (42) - 5s
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp®
O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe =>.Realtek Semiconductor Corp®
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe =>.Intel Corporation
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe =>.Apple Inc.®
O4 - HKLM\..\Run: [WindowsDefender] . (.Microsoft Corporation - Windows Defender notification icon.) -- C:\Program Files\Windows Defender\MSASCuiL.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [GoPro Tray App] . (.Copyright © 2015 - GoProDesktopSystemTray.) -- C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe =>.GoPro, Inc.®
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated®
O4 - HKLM\..\Run: [ZAM] . (.Zemana Ltd. - ZAM.) -- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe =>.Apple Inc.®
O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - iCloud Photos.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe =>.Apple Inc.®
O4 - HKCU\..\Run: [AppleIEDAV] . (.Apple Inc. - Apple IE DAV.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe =>.Apple Inc.®
O4 - HKCU\..\Run: [iCloudDrive] . (.Apple Inc. - iCloud Drive.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe =>.Apple Inc.®
O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\Ivan Reyes Ortega\AppData\Local\Akamai\netsession_win.exe (.not file.) =>.Superfluous.AkamaiHD
O4 - HKCU\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - A360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe =>.Autodesk, Inc®
O4 - HKCU\..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\SpotifyWebHelper.exe =>.Spotify AB®
O4 - HKCU\..\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\Bluestacks\HD-Agent.exe =>.BlueStack Systems, Inc.®
O4 - HKCU\..\Run: [Discord] . (.Hammer & Chisel, Inc. - Discord.) -- C:\Users\Ivan Reyes Ortega\AppData\Local\Discord\app-0.0.296\Discord.exe =>.Hammer & Chisel Inc.®
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - HKLM\..\Wow6432Node\Run: [OSD Utility] . (.Quanta Computer Inc. - Lenovo Brightness & Volume OSD Service.) -- C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe
O4 - HKLM\..\Wow6432Node\Run: [Lenovo Silver Silk Wireless Keyboard] . (.Lenovo - Lenovo Silver Silk Keyboard Software.) -- C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe =>.Lenovo
O4 - HKLM\..\Wow6432Node\Run: [YouCam Mirage] . (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe =>.CyberLink®
O4 - HKLM\..\Wow6432Node\Run: [YouCam Tray] . (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe =>.CyberLink®
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe =>.CyberLink®
O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe =>.CyberLink®
O4 - HKLM\..\Wow6432Node\Run: [Intel AppUp(SM) center] . (.Intel Corporation - Intel Services Manager.) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe =>.Intel® Services Manager®
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe =>.CyberLink®
O4 - HKLM\..\Wow6432Node\Run: [LVT] . (.Lenovo - Lenovo.) -- C:\Program Files\Lenovo\LVT\LJYZ.exe =>.Lenovo (Beijing) Limited®
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe =>.Apple Inc.®
O4 - HKLM\..\Wow6432Node\Run: [Nikon Message Center 2] . (.Nikon Corporation - Nikon Message Center 2.) -- C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe =>.Nikon Corporation
O4 - HKLM\..\Wow6432Node\Run: [ADSKAppManager] . (.Autodesk Inc. - Autodesk Application Manager.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe =>.Autodesk, Inc®
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle America, Inc.®
O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe =>.SEIKO EPSON CORPORATION®
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe =>.Adobe Systems Incorporated®
O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe =>.LogMeIn, Inc.®
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd. or its subsidiaries - Garmin Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe =>.Garmin International, Inc.®
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd. or its subsidiaries - Garmin Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe =>.Garmin International, Inc.®
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] . (.Microsoft Corporation - Microsoft OneDrive Setup.) -- C:\Windows\SysWOW64\OneDriveSetup.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-21-2198469641-46685643-2895634536-1002\..\Run: [OneDrive] . (.Microsoft Corporation - Microsoft OneDrive.) -- C:\Users\Joanne\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - HKUS\S-1-5-21-2198469641-46685643-2895634536-1002\..\Run: [GarminExpressTrayApp] . (.Garmin Ltd. or its subsidiaries - Garmin Express Tray.) -- C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe =>.Garmin International, Inc.®
---\\ Process running (65) - 5s
[MD5.00000000000000000000000000000000] - (.Intel Corporation - igfxCUIService Module.) -- C:\WINDOWS\system32\igfxCUIService.exe [0] [PID.1640] =>.Intel Corporation
[MD5.C92B0A0957ACAD3CEEF502A2CA10ACB8] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [82128] [PID.2208] =>.Adobe Systems, Incorporated®
[MD5.B52F9B2C63DF84B58E59016FE25648C0] - (.Autodesk, Inc. - AutoCAD component.) -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160] [PID.2216] =>.Autodesk, Inc®
[MD5.41C684B6229B8F0C2EAEF4A2251DFAE4] - (.LogMeIn Inc. - Hamachi Client Tunneling Engine.) -- C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080] [PID.2224] =>.LogMeIn, Inc.®
[MD5.FCE361409964B71918D0D04CC26F8BD8] - (.Microsoft - DdMgr.) -- C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [24880] [PID.2236] =>.Microsoft
[MD5.AE0F49596EE37F284D4477A0BE4B8655] - (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) -- C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496] [PID.2252] =>.BlueStack Systems, Inc.®
[MD5.B5C2F92EE1106DFE7BB1CCE4D35B6037] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [462096] [PID.2264] =>.Apple Inc.®
[MD5.021D06851E7AFF5C314039DF813608F3] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) -- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960] [PID.2272] =>.Adobe Systems Incorporated®
[MD5.3B3774C868868257533EC7E715BB6D53] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768] [PID.2280] =>.Apple Inc.®
[MD5.00000000000000000000000000000000] - (.Seiko Epson Corporation - Epson Scanner Service (64bit).) -- C:\WINDOWS\system32\EscSvc64.exe [0] [PID.2292] =>.Seiko Epson Corporation
[MD5.13B46C5D8AC698E7E5C46620516F03AC] - (.Garmin Ltd. or its subsidiaries - Garmin Service.) -- C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [985616] [PID.2304] =>.Garmin International, Inc.®
[MD5.0340E468988DBAFF5049B548EFDD78AA] - (.Nuance Communications, Inc. - DACore.) -- C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [430480] [PID.2312] =>.Nuance Communications, Inc.®
[MD5.974A1F783ED34588B45FAD6375077BA6] - (.Hewlett-Packard Company - SolutionsFrameworkService.) -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904] [PID.2344] =>.Hewlett-Packard Company®
[MD5.CBDF353624D1744734F2FD13B4786F90] - (.Autodesk Inc. - Autodesk Application Manager.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944] [PID.2352] =>.Autodesk, Inc®
[MD5.00000000000000000000000000000000] - (.Broadcom Corporation. - Bluetooth Radio Management Support.) -- C:\WINDOWS\system32\BtwRSupportService.exe [0] [PID.2360] =>.Broadcom Corporation.
[MD5.97E5D62965DE167388B9C5D08665FE43] - (.Microsoft - IdeaTouchDataServer.EducationPortal.) -- C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680] [PID.2400] =>.Microsoft
[MD5.31EB577BC7744FC784D93B264E93142F] - (.Microsoft - IdeaTouchDataServer.GamePortal.) -- C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe [7680] [PID.2428] =>.Microsoft
[MD5.C99F8E90DE4B8F0C7FE15BB1CBCD29DC] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Inter.) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe [635104] [PID.2464] =>.Intel® Upgrade Service®
[MD5.3C4002D339491AF73D663FFC7F6E5ECB] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760] [PID.2496] =>.Intel Corporation®
[MD5.0554F3B69D39D175DD110D765C11347A] - (.LogMeIn, Inc. - LMIGuardianSvc.) -- C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248] [PID.2536] =>.LogMeIn, Inc.®
[MD5.FC91D7804B8FE5C2F0B12585C612F592] - (.Nitro PDF Software - Nitro PDF Spool Service.) -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408] [PID.2552] =>.Nitro PDF Software®
[MD5.21D28C3448983A072B907E9BAC93D223] - (.Nalpeiron Ltd. - This service enables products that use the.) -- C:\Windows\SysWOW64\NLSSRV32.EXE [70152] [PID.2604] =>.Nitro PDF Software®
[MD5.9DA3B55B17B54789AFB8C657D4ACE4D7] - (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) -- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688] [PID.2764] =>.DEVGURU CO LTD®
[MD5.00000000000000000000000000000000] - (.Intel Corporation - igfxEM Module.) -- C:\WINDOWS\system32\igfxEM.exe [0] [PID.6028] =>.Intel Corporation
[MD5.00000000000000000000000000000000] - (.Intel Corporation - igfxHK Module.) -- C:\WINDOWS\system32\igfxHK.exe [0] [PID.5900] =>.Intel Corporation
[MD5.00000000000000000000000000000000] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxTray.exe [0] [PID.6320] =>.Intel Corporation
[MD5.B0666DF6D554879AE8A7C91E26A5972F] - (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872] [PID.472] =>.Realtek Semiconductor Corp®
[MD5.5E53A66C680A06E26B1234CB0C3CD99B] - (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608] [PID.3688] =>.Realtek Semiconductor Corp®
[MD5.ADEA393B2B49EB25578702F4F5525E93] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [176952] [PID.880] =>.Apple Inc.®
[MD5.89CF513A77CAF5AB1737D188D46D2719] - (.Copyright © 2015 - GoProDesktopSystemTray.) -- C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224] [PID.1328] =>.GoPro, Inc.®
[MD5.EECB45F889E99174DA56FBDF37962D25] - (.Apple Inc. - iPodService Module (64-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [651576] [PID.3036] =>.Apple Inc.®
[MD5.005B2B63719E6B3E8E2E1446A9278F8E] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360] [PID.5108] =>.Spotify AB®
[MD5.A1741C3B79F9DF8895E05EF43579E74B] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488] [PID.6828] =>.CyberLink®
[MD5.90087B948BC6AF690040B07AD6E57F66] - (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\Bluestacks\HD-Agent.exe [974360] [PID.3232] =>.BlueStack Systems, Inc.®
[MD5.EC58C1A9A3281CE0C8FCC05BDBFECB37] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816] [PID.4320] =>.Apple Inc.®
[MD5.26846FB768E1B9CEAE80BBA9DDB1BEF6] - (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384] [PID.4496] =>.Apple Inc.®
[MD5.63A2D767B9261B4F33F97BF88F2FB197] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [276328] [PID.872] =>.Hewlett Packard®
[MD5.2D6F4F038602470653CF5D27A05B913C] - (.Quanta Computer Inc. - Lenovo Brightness & Volume OSD Service.) -- C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe [18276352] [PID.7244]
[MD5.637509EA9CE862DFCE59E80B9FB1957D] - (.Lenovo - Lenovo Silver Silk Keyboard Software.) -- C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe [392192] [PID.7364] =>.Lenovo
[MD5.A1741C3B79F9DF8895E05EF43579E74B] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488] [PID.7388] =>.CyberLink®
[MD5.79EDDBCBFFC23585BC1495AFC03CC4D7] - (.CyberLink Corp. - CyberLink YouCam Tray.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024] [PID.7416] =>.CyberLink®
[MD5.0B427D9943C838620AFA30CBB24A6D77] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720] [PID.7492] =>.CyberLink®
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432] [PID.7652] =>.CyberLink®
[MD5.4F9DD96AECDC12373D4203253D665C6D] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896] [PID.7916] =>.Oracle America, Inc.®
[MD5.0B5C25E963B1475EDDBEE458F4C01ECE] - (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe [9105112] [PID.8024] =>.Piriform Ltd®
[MD5.BD0A0131D76DFD35B0C8A769C6AE1E74] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968] [PID.8044] =>.SEIKO EPSON CORPORATION®
[MD5.0EC980270F8B08C472B9BBCB59714C15] - (...) -- C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe [72192] [PID.6052] =>.Skype Technologies
[MD5.D342CD9148D4F9BC75304C658D52C25E] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192] [PID.7092] =>.Intel Corporation - Intel® Rapid Storage Technology®
[MD5.134520D3D071880B4C398FE2FFEB6088] - (...) -- C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808] [PID.2016] =>.GoPro, Inc.®
[MD5.D5854F77CEEAFC5A8405F8ECCBEC09DF] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344] [PID.2424] =>.Intel Corporation - Intel® Rapid Storage Technology®
[MD5.30E9FAC23E2537D82F2836CB81AEE186] - (.Intel Corporation - Intel(R) ME Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896] [PID.4640] =>.Intel Corporation®
[MD5.4269D44BB47A6DA5D80B11F4C8536458] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [276864] [PID.6572] =>.Intel Corporation®
[MD5.DBE2E6388379D5CC78099650541E9566] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [364416] [PID.8312] =>.Intel Corporation®
[MD5.907FF261297C196A84C1EE3D7807F90D] - (.Zemana Ltd. - ZAM.) -- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888] [PID.8224] =>.Zemana Ltd.®
[MD5.907FF261297C196A84C1EE3D7807F90D] - (.Zemana Ltd. - ZAM.) -- C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888] [PID.6356] =>.Zemana Ltd.®
[MD5.105C276BB7B43501225C419B062096D0] - (.Apple Inc. - iCloud Photos.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816] [PID.10328] =>.Apple Inc.®
[MD5.9252A687BD9F43A5F738C652B00CAF0A] - (.Apple Inc. - iCloud Photos Downloader.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe [43816] [PID.6832] =>.Apple Inc.®
[MD5.FE18DDEA98D90DBF850AFCA0158ABEC8] - (.Copyright (C) 2014 David Carpenter - Everything.) -- C:\Program Files\Everything\Everything.exe [1441792] [PID.900] =>.Copyright (c) 2014 David Carpenter
[MD5.FE18DDEA98D90DBF850AFCA0158ABEC8] - (.Copyright (C) 2014 David Carpenter - Everything.) -- C:\Program Files\Everything\Everything.exe [1441792] [PID.4468] =>.Copyright (c) 2014 David Carpenter
[MD5.7E0B4C8EFEDDEBE87D2A1F5A33B965B5] - (.Apple Inc. - Apple IE DAV.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104] [PID.12260] =>.Apple Inc.®
[MD5.5E5B1694E918A1739D46BDF45F437465] - (.Adobe Systems Incorporated - Adobe InDesign CS6.) -- C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe [4103312] [PID.8936] =>.Adobe Systems Incorporated®
[MD5.6A289BCAE430A22E342435B45BA5A950] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Ivan Reyes Ortega\Downloads\ZHPDiag3.exe [2511360] [PID.9604] =>.Nicolas Coolman
[MD5.8FE651ACBA3344E645CFEB6286FFF6B8] - (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312] [PID.6244] =>.Adobe Systems Incorporated®
[MD5.8C6BE2C144CC5C378FAD7273EDDFD10D] - (.Adobe Systems Incorporated - Adobe® Flash® Player Utility.) -- C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe [1296888] [PID.1632] =>.Microsoft Windows Third Party Application Component®
[MD5.05C67ADE5DA4325000EAC64C0C6D13D3] - (.Adobe Systems Incorporated - Adobe Application Manager.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe [2114208] [PID.6952] =>.Adobe Systems Incorporated®
---\\ Google Chrome, Start,Search,Extensions (2) - 0s
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (1) - 1s
P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Apple Inc..) -- C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll =>.Apple Inc.
---\\ Internet Explorer Extensions, Start, Search (17) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com =>.Lenovo Group Limited
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer
---\\ Internet Explorer, Proxy Management (5) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
---\\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=
---\\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)
---\\ Global shortcuts Startup (139) - 19s
O4 - GS\Desktop [Administrator]: Adobe Illustrator CS6.lnk . (.Adobe Systems Inc. - Adobe Illustrator CS6.) C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\Illustrator.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Administrator]: Adobe InDesign CS6.lnk . (.Adobe Systems Incorporated - Adobe InDesign CS6.) C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Administrator]: Adobe Photoshop CS6 (64 Bit).lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS6.) C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Administrator]: Discord.lnk . (.GitHub - Update.) C:\Users\Ivan Reyes Ortega\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
O4 - GS\Desktop [Administrator]: iTunes.lnk . (.Apple Inc. - .) C:\Program Files (x86)\iTunes\iTunes.exe =>.Apple Inc.
O4 - GS\Desktop [Administrator]: MATLAB.lnk . (.The MathWorks Inc. - MATLAB Starter Application.) C:\Program Files\MATLAB\MATLAB Production Server\R2015a\bin\matlab.exe =>.The MathWorks Inc.
O4 - GS\Desktop [Administrator]: Nеxon Launcher.lnk . (...) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat
O4 - GS\Desktop [Administrator]: Skype.lnk . (...) C:\WINDOWS\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe
O4 - GS\Desktop [Administrator]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Administrator]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\Desktop [Administrator]: ViewNX 2.lnk . (.Nikon Corporation - ViewNX 2.) C:\Program Files (x86)\Nikon\ViewNX 2\ViewNX2.exe =>.Nikon Corporation
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (...) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Quicklaunch [Administrator]: Gоogle Chrоmе.lnk . (...) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat
O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Administrator]: Lаunch Intеrnet Exрlorеr Вrowsеr.lnk . (...) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.erolpxei.bat
O4 - GS\Quicklaunch [Administrator]: Samsung Kies 3.lnk . (.Samsung - Kies.) C:\Program Files (x86)\Samsung\Kies3\Kies3.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\sendTo [Administrator]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [Administrator]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\TaskBar [Administrator]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\Startup [Administrator]: Monitor Ink Alerts - HP DeskJet 1110 series.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\WINDOWS\system32\RunDll32.exe "C:\Program Files\HP\HP DeskJet 1110 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN634281GF065S;CONNECTION=USB;MONITOR=1; =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [Administrator]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Guest]: Adobe Illustrator CS6.lnk . (.Adobe Systems Inc. - Adobe Illustrator CS6.) C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\Illustrator.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Guest]: Adobe InDesign CS6.lnk . (.Adobe Systems Incorporated - Adobe InDesign CS6.) C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Guest]: Adobe Photoshop CS6 (64 Bit).lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS6.) C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Guest]: Discord.lnk . (.GitHub - Update.) C:\Users\Ivan Reyes Ortega\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
O4 - GS\Desktop [Guest]: iTunes.lnk . (.Apple Inc. - .) C:\Program Files (x86)\iTunes\iTunes.exe =>.Apple Inc.
O4 - GS\Desktop [Guest]: MATLAB.lnk . (.The MathWorks Inc. - MATLAB Starter Application.) C:\Program Files\MATLAB\MATLAB Production Server\R2015a\bin\matlab.exe =>.The MathWorks Inc.
O4 - GS\Desktop [Guest]: Nеxon Launcher.lnk . (...) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat
O4 - GS\Desktop [Guest]: Skype.lnk . (...) C:\WINDOWS\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe
O4 - GS\Desktop [Guest]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Guest]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\Desktop [Guest]: ViewNX 2.lnk . (.Nikon Corporation - ViewNX 2.) C:\Program Files (x86)\Nikon\ViewNX 2\ViewNX2.exe =>.Nikon Corporation
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (...) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Quicklaunch [Guest]: Gоogle Chrоmе.lnk . (...) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat
O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Guest]: Lаunch Intеrnet Exрlorеr Вrowsеr.lnk . (...) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.erolpxei.bat
O4 - GS\Quicklaunch [Guest]: Samsung Kies 3.lnk . (.Samsung - Kies.) C:\Program Files (x86)\Samsung\Kies3\Kies3.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\sendTo [Guest]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [Guest]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\TaskBar [Guest]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\Startup [Guest]: Monitor Ink Alerts - HP DeskJet 1110 series.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\WINDOWS\system32\RunDll32.exe "C:\Program Files\HP\HP DeskJet 1110 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN634281GF065S;CONNECTION=USB;MONITOR=1; =>.Microsoft Corporation
O4 - GS\Programs [Guest]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [Guest]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Ivan Reyes Ortega]: Adobe Illustrator CS6.lnk . (.Adobe Systems Inc. - Adobe Illustrator CS6.) C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\Illustrator.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Ivan Reyes Ortega]: Adobe InDesign CS6.lnk . (.Adobe Systems Incorporated - Adobe InDesign CS6.) C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Ivan Reyes Ortega]: Adobe Photoshop CS6 (64 Bit).lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS6.) C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Ivan Reyes Ortega]: Discord.lnk . (.GitHub - Update.) C:\Users\Ivan Reyes Ortega\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
O4 - GS\Desktop [Ivan Reyes Ortega]: iTunes.lnk . (.Apple Inc. - .) C:\Program Files (x86)\iTunes\iTunes.exe =>.Apple Inc.
O4 - GS\Desktop [Ivan Reyes Ortega]: MATLAB.lnk . (.The MathWorks Inc. - MATLAB Starter Application.) C:\Program Files\MATLAB\MATLAB Production Server\R2015a\bin\matlab.exe =>.The MathWorks Inc.
O4 - GS\Desktop [Ivan Reyes Ortega]: Nеxon Launcher.lnk . (...) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat
O4 - GS\Desktop [Ivan Reyes Ortega]: Skype.lnk . (...) C:\WINDOWS\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe
O4 - GS\Desktop [Ivan Reyes Ortega]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Ivan Reyes Ortega]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\Desktop [Ivan Reyes Ortega]: ViewNX 2.lnk . (.Nikon Corporation - ViewNX 2.) C:\Program Files (x86)\Nikon\ViewNX 2\ViewNX2.exe =>.Nikon Corporation
O4 - GS\Desktop [Ivan Reyes Ortega]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Ivan Reyes Ortega]: Google Chrome.lnk . (...) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Quicklaunch [Ivan Reyes Ortega]: Gоogle Chrоmе.lnk . (...) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat
O4 - GS\Quicklaunch [Ivan Reyes Ortega]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Ivan Reyes Ortega]: Lаunch Intеrnet Exрlorеr Вrowsеr.lnk . (...) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.erolpxei.bat
O4 - GS\Quicklaunch [Ivan Reyes Ortega]: Samsung Kies 3.lnk . (.Samsung - Kies.) C:\Program Files (x86)\Samsung\Kies3\Kies3.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\sendTo [Ivan Reyes Ortega]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Ivan Reyes Ortega]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Ivan Reyes Ortega]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [Ivan Reyes Ortega]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\TaskBar [Ivan Reyes Ortega]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\Startup [Ivan Reyes Ortega]: Monitor Ink Alerts - HP DeskJet 1110 series.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\WINDOWS\system32\RunDll32.exe "C:\Program Files\HP\HP DeskJet 1110 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN634281GF065S;CONNECTION=USB;MONITOR=1; =>.Microsoft Corporation
O4 - GS\Programs [Ivan Reyes Ortega]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [Ivan Reyes Ortega]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Joanne]: Adobe Illustrator CS6.lnk . (.Adobe Systems Inc. - Adobe Illustrator CS6.) C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\Illustrator.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Joanne]: Adobe InDesign CS6.lnk . (.Adobe Systems Incorporated - Adobe InDesign CS6.) C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Joanne]: Adobe Photoshop CS6 (64 Bit).lnk . (.Adobe Systems, Incorporated - Adobe Photoshop CS6.) C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe =>.Adobe Systems Incorporated®
O4 - GS\Desktop [Joanne]: Discord.lnk . (.GitHub - Update.) C:\Users\Ivan Reyes Ortega\AppData\Local\Discord\Update.exe --processStart Discord.exe =>.Hammer & Chisel Inc.®
O4 - GS\Desktop [Joanne]: iTunes.lnk . (.Apple Inc. - .) C:\Program Files (x86)\iTunes\iTunes.exe =>.Apple Inc.
O4 - GS\Desktop [Joanne]: MATLAB.lnk . (.The MathWorks Inc. - MATLAB Starter Application.) C:\Program Files\MATLAB\MATLAB Production Server\R2015a\bin\matlab.exe =>.The MathWorks Inc.
O4 - GS\Desktop [Joanne]: Nеxon Launcher.lnk . (...) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat
O4 - GS\Desktop [Joanne]: Skype.lnk . (...) C:\WINDOWS\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe
O4 - GS\Desktop [Joanne]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Desktop [Joanne]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\Desktop [Joanne]: ViewNX 2.lnk . (.Nikon Corporation - ViewNX 2.) C:\Program Files (x86)\Nikon\ViewNX 2\ViewNX2.exe =>.Nikon Corporation
O4 - GS\Desktop [Joanne]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Joanne]: Google Chrome.lnk . (...) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Quicklaunch [Joanne]: Gоogle Chrоmе.lnk . (...) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat
O4 - GS\Quicklaunch [Joanne]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Joanne]: Lаunch Intеrnet Exрlorеr Вrowsеr.lnk . (...) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.erolpxei.bat
O4 - GS\Quicklaunch [Joanne]: Samsung Kies 3.lnk . (.Samsung - Kies.) C:\Program Files (x86)\Samsung\Kies3\Kies3.exe =>.Samsung Electronics CO., LTD.®
O4 - GS\sendTo [Joanne]: Bluetooth File Transfer.LNK . (.Microsoft Corporation - .) C:\Windows\System32\fsquirt.exe =>.Microsoft Corporation
O4 - GS\sendTo [Joanne]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\System32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Joanne]: Skype.lnk . (.Skype Technologies S.A. - Skype.) C:\Program Files (x86)\Skype\Phone\Skype.exe /sendto: =>.Skype Software Sarl®
O4 - GS\TaskBar [Joanne]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\TaskBar [Joanne]: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper.) C:\Program Files (x86)\Steam\Steam.exe =>.Valve®
O4 - GS\Startup [Joanne]: Monitor Ink Alerts - HP DeskJet 1110 series.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\WINDOWS\system32\RunDll32.exe "C:\Program Files\HP\HP DeskJet 1110 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN634281GF065S;CONNECTION=USB;MONITOR=1; =>.Microsoft Corporation
O4 - GS\Programs [Joanne]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [Joanne]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\CommonDesktop [Public]: Adobe Reader XI.lnk . (.Adobe Systems Incorporated - Adobe Reader.) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe =>.Adobe Systems, Incorporated®
O4 - GS\CommonDesktop [Public]: AutoCAD.lnk . (.Autodesk, Inc. - .) C:\Program Files (x86)\Autodesk\AutoCAD 2016\acad.exe /product ACAD /language "en-US" =>.Autodesk, Inc.
O4 - GS\CommonDesktop [Public]: Autodesk ReCap.lnk . (.Autodesk - .) C:\Program Files (x86)\Autodesk\Autodesk ReCap 2016\recap.exe =>.Autodesk
O4 - GS\CommonDesktop [Public]: Quik.lnk . (...) C:\Program Files (x86)\GoPro\GoPro Desktop App\Quik.exe
O4 - GS\CommonDesktop [Public]: Zemana AntiMalware.lnk . (.Zemana Ltd. - ZAM.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
O4 - GS\CommonDesktop [Public]: Ваttle.nеt.lnk . (...) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.rehcnual ten.elttab.bat
O4 - GS\Programs [Public]: OneDrive.lnk . (.Microsoft Corporation - Microsoft OneDrive.) C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\OneDrive.exe =>.Microsoft Corporation®
O4 - GS\Programs [Public]: Spotify.lnk . (.Spotify Ltd - Spotify.) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify\Spotify.exe =>.Spotify AB®
O4 - GS\Accessories [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\WINDOWS\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Startup [Public]: GoPro Importer.lnk . (...) C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
O4 - GS\Startup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe =>.Hewlett Packard®
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\WINDOWS\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Quick Assist.lnk . (.Microsoft Corporation - Quick Assist.) C:\WINDOWS\system32\quickassist.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\WINDOWS\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\WINDOWS\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Steps Recorder.lnk . (.Microsoft Corporation - Steps Recorder.) C:\WINDOWS\system32\psr.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\WINDOWS\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\WINDOWS\system32\xpsrchvw.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\WINDOWS\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Adobe Help.lnk . (...) C:\Program Files (x86)\Adobe\Adobe Help\Adobe Help.exe
O4 - GS\ProgramsCommon [Public]: Adobe Reader XI.lnk . (...) C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
O4 - GS\ProgramsCommon [Public]: Apple Software Update.lnk . (...) C:\WINDOWS\Installer\{56EC47AA-5813-4FF6-8E75-544026FBEA83}\AppleSoftwareUpdateIco.exe
O4 - GS\ProgramsCommon [Public]: Gооgle Chrоmе.lnk . (...) C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat
O4 - GS\ProgramsCommon [Public]: I.R.I.S. OCR Registration.lnk . (.I.R.I.S. Image Recognition Integarted Systems - Registration Wizard.) C:\Program Files (x86)\HP\Digital Imaging\DocProc\regipe.exe =>.IMAGE RECOGNITION INTEGRATED SYSTEMS SA®
O4 - GS\ProgramsCommon [Public]: Immersive Control Panel.lnk . (.Microsoft Corporation - Windows Control Panel.) C:\WINDOWS\System32\Control.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Lenovo Cloud Storage by SugarSync.lnk . (.SugarSync, Inc. - SugarSync Manager.) C:\Program Files (x86)\SugarSync\SugarSyncManager.exe =>.SugarSync, Inc.®
O4 - GS\ProgramsCommon [Public]: MATLAB R2015a.lnk . (.The MathWorks Inc. - .) C:\Program Files (x86)\MATLAB\MATLAB Production Server\R2015a\bin\matlab.exe =>.The MathWorks Inc.
O4 - GS\ProgramsCommon [Public]: MiracastView.lnk . (.Microsoft Corporation - MiracastView.) C:\WINDOWS\MiracastView\MiracastView.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: Movie Maker.lnk . (.Microsoft Corporation - Movie Maker.) C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Nitro Pro 8.lnk . (...) C:\windows\Installer\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}\Professional.ico
O4 - GS\ProgramsCommon [Public]: Photo Gallery.lnk . (.Microsoft Corporation - Photo Gallery.) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: PrintDialog.lnk . (.Microsoft Corporation - Print Dialog.) C:\WINDOWS\PrintDialog\PrintDialog.exe =>.Microsoft Windows®
O4 - GS\ProgramsCommon [Public]: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Live Messenger.lnk . (.Microsoft Corporation - Windows Live Messenger.) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
---\\ Lop.com/Domain Hijackers (1) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\..\{0d7355bc-6532-4c94-b735-8764407bd143}: DhcpNameServer = 10.0.0.1
---\\ Extra protocols (27) - 1s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: livecall [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll =>.Microsoft Corporation®
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\SysWOW64\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\SysWOW64\itss.dll =>.Microsoft Corporation
O18 - Handler: msnim [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll =>.Microsoft Corporation®
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: skype4com [64Bits] - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype4COM.) -- C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll =>.Skype Software Sarl®
O18 - Handler: tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) -- C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: windows.tbauth [64Bits] - {14654CA6-5711-491D-B89A-58E571679951} . (.Microsoft Corporation - TBAuth protocol handler.) -- C:\Windows\SysWOW64\tbauth.dll =>.Microsoft Corporation
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation®
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation®
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\SysWOW64\mscoree.dll =>.Microsoft Corporation
---\\ Software installed (202) - 31s
O42 - Logiciel: 1500 - (.Hewlett-Packard.) [HKLM][64Bits] -- {427385C9-AC30-484B-AC63-94A8B37225D0} =>.Hewlett-Packard
O42 - Logiciel: 1500_Help - (.Hewlett-Packard.) [HKLM][64Bits] -- {A2101ACC-DC36-42AA-A576-6FD6A8D466DA} =>.Hewlett-Packard
O42 - Logiciel: 1500Trb - (.Hewlett-Packard.) [HKLM][64Bits] -- {A4C6B32D-5088-40AF-B74D-CDABEF144F04} =>.Hewlett-Packard
O42 - Logiciel: 64 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM][64Bits] -- {FF21C3E6-97FD-474F-9518-8DCBE94C2854} =>.Hewlett-Packard
O42 - Logiciel: A360 Desktop - (.Autodesk.) [HKLM][64Bits] -- {B209E611-5511-4AD6-B4B3-9D36F93DBCD4} =>.Autodesk
O42 - Logiciel: ACA & MEP 2016 Object Enabler - (.Autodesk.) [HKLM][64Bits] -- {5783F2D7-F004-0000-5102-0060B0CE6BBA} =>.Autodesk
O42 - Logiciel: ACAD Private - (.Autodesk.) [HKLM][64Bits] -- {5783F2D7-F001-0000-3102-0060B0CE6BBA} =>.Autodesk
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {FE23D063-934D-4829-A0D8-00634CE79B4A} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe AIR =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Creative Suite 6 Master Collection - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0} =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Help Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AF37176A-78CA-545B-34EF-8B6A21514DD1} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Help Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Reader XI (11.0.14) - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1033-7B44-AB0000000001} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-0804-1033-1959-001824205020} =>.Adobe Systems Incorporated
O42 - Logiciel: AIO_CDB_ProductContext - (.Hewlett-Packard.) [HKLM][64Bits] -- {D5045A94-1D46-44A7-9C4F-7D05B40D82EC} =>.Hewlett-Packard
O42 - Logiciel: AIO_CDB_Software - (.Hewlett-Packard.) [HKLM][64Bits] -- {2DFDE21D-AFFE-4CDD-BBD4-3B7832BEC036} =>.Hewlett-Packard
O42 - Logiciel: AIO_Scan - (.Hewlett-Packard.) [HKLM][64Bits] -- {104066F4-5897-4067-85D3-4C88B67CCF75} =>.Hewlett-Packard
O42 - Logiciel: ANT Drivers Installer x64 - (.Garmin Ltd or its subsidiaries.) [HKLM][64Bits] -- {CAED120A-1F05-4B8F-B76E-A3EA5C328AB8} =>.Garmin Ltd or its subsidiaries
O42 - Logiciel: Apple Application Support (32-bit) - (.Apple Inc..) [HKLM][64Bits] -- {D4B07658-F443-4445-A261-E643996E139D} =>.Apple Inc.
O42 - Logiciel: Apple Application Support (64-bit) - (.Apple Inc..) [HKLM][64Bits] -- {A6B0442B-E159-444B-B49D-6B9AC531EAE3} =>.Apple Inc.
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM][64Bits] -- {2E4AF2A6-50EA-4260-9BA4-5E582D11879A} =>.Apple Inc.
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] -- {56EC47AA-5813-4FF6-8E75-544026FBEA83} =>.Apple Inc.
O42 - Logiciel: aTube Catcher - (.DsNET Corp.) [HKLM][64Bits] -- aTube Catcher =>.DsNET Corp
O42 - Logiciel: aTube Catcher version 3.8 - (.DsNET Corp.) [HKLM][64Bits] -- {D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1 =>.DsNET Corp
O42 - Logiciel: AutoCAD 2016 - (.Autodesk.) [HKLM][64Bits] -- {5783F2D7-F001-0000-0102-0060B0CE6BBA} =>.Autodesk
O42 - Logiciel: AutoCAD 2016 - English - (.Autodesk.) [HKLM][64Bits] -- {5783F2D7-F001-0409-2102-0060B0CE6BBA} =>.Autodesk, Inc®
O42 - Logiciel: AutoCAD 2016 Language Pack - English - (.Autodesk.) [HKLM][64Bits] -- {5783F2D7-F001-0409-1102-0060B0CE6BBA} =>.Autodesk
O42 - Logiciel: Autodesk Advanced Material Library Image Library 2016 - (.Autodesk.) [HKLM][64Bits] -- {94AD53E7-493B-4291-8714-7A3B761D2783} =>.Autodesk
O42 - Logiciel: Autodesk App Manager 2016 - (.Autodesk.) [HKLM][64Bits] -- {4ECF9E00-2978-46AF-BD80-455EFEAB7A93} =>.Autodesk
O42 - Logiciel: Autodesk Application Manager - (.Autodesk.) [HKLM][64Bits] -- Autodesk Application Manager =>.Autodesk, Inc®
O42 - Logiciel: Autodesk AutoCAD 2016 - English - (.Autodesk.) [HKLM][64Bits] -- AutoCAD 2016 - English =>.Autodesk, Inc®
O42 - Logiciel: Autodesk AutoCAD Performance Feedback Tool 1.2.4 - (.Autodesk.) [HKLM][64Bits] -- {4E20873D-BC20-495C-AFD9-B18877B7F9BB} =>.Autodesk
O42 - Logiciel: Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit - (.Autodesk.) [HKLM][64Bits] -- {4BEE127E-95C4-434D-ABAC-65155192BB24} =>.Autodesk
O42 - Logiciel: Autodesk Content Service - (.Autodesk.) [HKLM][64Bits] -- {A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F} =>.Autodesk
O42 - Logiciel: Autodesk Content Service - (.Autodesk.) [HKLM][64Bits] -- Autodesk Content Service =>.Autodesk, Inc®
O42 - Logiciel: Autodesk Content Service Language Pack - (.Autodesk.) [HKLM][64Bits] -- {A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F} =>.Autodesk
O42 - Logiciel: Autodesk Design Review 2013 - (.Autodesk, Inc..) [HKLM][64Bits] -- {153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB} =>.Autodesk, Inc.
O42 - Logiciel: Autodesk Design Review 2013 - (.Autodesk, Inc..) [HKLM][64Bits] -- Autodesk Design Review 2013 =>.Autodesk, Inc®
O42 - Logiciel: Autodesk Featured Apps 2016 - (.Autodesk.) [HKLM][64Bits] -- {D42F37CD-9AF9-4435-A474-B387C5BB6B47} =>.Autodesk
O42 - Logiciel: Autodesk Material Library 2016 - (.Autodesk.) [HKLM][64Bits] -- {29A7D6EC-63C2-42FD-8143-5812ABD2923F} =>.Autodesk
O42 - Logiciel: Autodesk Material Library Base Resolution Image Library 2016 - (.Autodesk.) [HKLM][64Bits] -- {6B4CFC6E-ECB0-47FE-95D3-65C680ED0687} =>.Autodesk
O42 - Logiciel: Autodesk Material Library Medium Resolution Image Library 2016 - (.Autodesk.) [HKLM][64Bits] -- {415A5A54-325E-4815-9940-62A889CA3877} =>.Autodesk
O42 - Logiciel: Autodesk ReCap 2016 - (.Autodesk.) [HKLM][64Bits] -- {F6FD1651-0000-1033-0102-387BAF9B3B0A} =>.Autodesk
O42 - Logiciel: Autodesk ReCap 2016 - (.Autodesk.) [HKLM][64Bits] -- Autodesk ReCap 2016 =>.Autodesk, Inc®
O42 - Logiciel: Battle.net - (.Blizzard Entertainment.) [HKLM][64Bits] -- Battle.net =>.Blizzard Entertainment, Inc.®
O42 - Logiciel: BattleBlock Theater - (.The Behemoth.) [HKLM][64Bits] -- Steam App 238460 =>.Valve®
O42 - Logiciel: BlueStacks App Player - (.BlueStack Systems, Inc..) [HKLM][64Bits] -- BlueStacks =>.BlueStack Systems, Inc.®
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM][64Bits] -- {56DDDFB8-7F79-4480-89D5-25E1F52AB28F} =>.Apple Inc.
O42 - Logiciel: Brawlhalla - (.Blue Mammoth Games.) [HKLM][64Bits] -- Steam App 291550 =>.Valve®
O42 - Logiciel: Broforce - (.Free Lives.) [HKLM][64Bits] -- Steam App 274190 =>.Valve®
O42 - Logiciel: BufferChm - (.Hewlett-Packard.) [HKLM][64Bits] -- {FA0FF682-CC70-4C57-93CD-E276F3E7537E} =>.Hewlett-Packard
O42 - Logiciel: Castle Crashers - (.The Behemoth.) [HKLM][64Bits] -- Steam App 204360 =>.Valve®
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner =>.Piriform Ltd®
O42 - Logiciel: Copy - (.Hewlett-Packard.) [HKLM][64Bits] -- {9BE466FF-70B7-4DA8-807C-DB4C3610FDAA} =>.Hewlett-Packard
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF} =>.Microsoft
O42 - Logiciel: Destinations - (.Hewlett-Packard.) [HKLM][64Bits] -- {BD7204BA-DD64-499E-9B55-6A282CDF4FA4} =>.Hewlett-Packard
O42 - Logiciel: DeviceDiscovery - (.Hewlett-Packard.) [HKLM][64Bits] -- {1458BB78-1DC5-4BC0-B9A3-2B644F5A8105} =>.Hewlett-Packard
O42 - Logiciel: Discord - (.Hammer & Chisel, Inc..) [HKCU][64Bits] -- Discord =>.Hammer & Chisel Inc.®
O42 - Logiciel: DocProc - (.Hewlett-Packard.) [HKLM][64Bits] -- {9B362566-EC1B-4700-BB9C-EC661BDE2175} =>.Hewlett-Packard
O42 - Logiciel: Dolby Home Theater v4 - (.Dolby Laboratories Inc.) [HKLM][64Bits] -- {B26438B4-BF51-49C3-9567-7F14A5E40CB9} =>.Dolby Laboratories Inc
O42 - Logiciel: Don't Starve Together Beta - (.Klei Entertainment.) [HKLM][64Bits] -- Steam App 322330 =>.Valve®
O42 - Logiciel: Dragon Assistant Application en-US version 1.5.0 - (.Nuance Communications, Inc..) [HKLM][64Bits] -- {1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1 =>.Nuance Communications, Inc.®
O42 - Logiciel: Dragon Assistant Core Recognition Service version 1.1.4 - (.Nuance Communications, Inc..) [HKLM][64Bits] -- {E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1 =>.Nuance Communications, Inc.®
O42 - Logiciel: Dragon Assistant Language Data en-US version 1.1.1 - (.Nuance Communications, Inc..) [HKLM][64Bits] -- {4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1 =>.Nuance Communications, Inc.®
O42 - Logiciel: Dragon Assistant version 1.5.0 - (.Nuance Communications, Inc..) [HKLM][64Bits] -- {D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1 =>.Nuance Communications, Inc.®
O42 - Logiciel: Driver & Application Installation - (.Lenovo.) [HKLM][64Bits] -- {BFECCF2A-F094-4066-8BFA-29CCBB7F6602} =>.Macrovision Corporation®
O42 - Logiciel: Easy Photo Scan - (.Seiko Epson Corporation.) [HKLM][64Bits] -- {1A6DED1E-A024-455D-AA82-203D6B3B0CBC} =>.Seiko Epson Corporation
O42 - Logiciel: EducationPortal - (.Lenovo.) [HKLM][64Bits] -- {65487538-FF20-421B-91DB-F6634B8D264C} =>.Lenovo
O42 - Logiciel: Elevated Installer - (.Garmin Ltd or its subsidiaries.) [HKLM][64Bits] -- {A53F1B50-A664-4D28-92FE-DD5F507F34BC} =>.Garmin Ltd or its subsidiaries
O42 - Logiciel: Epson Copy Utility 4 - (.Seiko Epson Corporation.) [HKLM][64Bits] -- {06A7E8AB-2856-4490-BAA9-F338ABE7695A} =>.Seiko Epson Corporation
O42 - Logiciel: Epson Event Manager - (.Seiko Epson Corporation.) [HKLM][64Bits] -- {17FA0444-A025-43B9-862C-81AE6307C2F2} =>.Seiko Epson Corporation
O42 - Logiciel: EPSON Scan - (.Seiko Epson Corporation.) [HKLM][64Bits] -- EPSON Scanner =>.SEIKO EPSON CORPORATION®
O42 - Logiciel: EPSON Scan OCR Component - (.SEIKO EPSON Corp..) [HKLM][64Bits] -- {563B99D8-8895-4E3E-AE8D-15BE8C05F1C1} =>.Macrovision Corporation®
O42 - Logiciel: Everything 1.3.4.686 (x64) - (..) [HKLM][64Bits] -- Everything
O42 - Logiciel: Ezvid - (.Ezvid, inc..) [HKLM][64Bits] -- {F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1 =>.Ezvid, inc.
O42 - Logiciel: FARO LS 1.1.502.0 (64bit) - (.FARO Scanner Production.) [HKLM][64Bits] -- {66D83FE0-D798-4B38-86FE-FB48151E5AEF} =>.FARO Scanner Production
O42 - Logiciel: Fax - (.Hewlett-Packard.) [HKLM][64Bits] -- {9294F169-72EE-4D74-AE92-CA25F64B4FF8} =>.Hewlett-Packard
O42 - Logiciel: Find the Differences - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- {65F9B587-24A7-466A-999A-9C5F9D452400} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: Find the Differences - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- InstallShield_{65F9B587-24A7-466A-999A-9C5F9D452400} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: Finding the Letters - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- {535FB733-FFCF-4460-8694-664A2F6C53B4} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: Finding the Letters - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: FreeRide Games - (.Exent Technologies.) [HKLM][64Bits] -- {6C26A305-4549-4A8A-9F03-25719C03B0FB}
O42 - Logiciel: Fruits - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- {AA39BFDE-71E5-46A6-A10B-44C2F45A341E} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: Fruits - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: GamePortal - (.Lenovo.) [HKLM][64Bits] -- {530A0CD0-4158-45BE-AD45-8DC7019C597F} =>.Lenovo
O42 - Logiciel: Garmin Express - (.Garmin Ltd or its subsidiaries.) [HKLM][64Bits] -- {D1B261D6-EBAE-4129-8EFB-C04E14DCEF6A} =>.Garmin Ltd or its subsidiaries
O42 - Logiciel: Garmin Express - (.Garmin Ltd or its subsidiaries.) [HKLM][64Bits] -- {d74c733b-9216-49f5-ae3a-14bf3a3d66f5} =>.Garmin International, Inc.®
O42 - Logiciel: Garmin Express Tray - (.Garmin Ltd or its subsidiaries.) [HKLM][64Bits] -- {5250BDEA-3EA9-441C-8233-9CBEC6A799BD} =>.Garmin Ltd or its subsidiaries
O42 - Logiciel: GoPro Studio - (.GoPro, Inc..) [HKLM][64Bits] -- {7BDB9575-D4C8-42B0-84EA-1CD654F63637} =>.GoPro, Inc.
O42 - Logiciel: Grow Home - (.Reflections, a Ubisoft Studio.) [HKLM][64Bits] -- Steam App 323320 =>.Valve®
O42 - Logiciel: Guacamelee! Gold Edition - (.DrinkBox Studios.) [HKLM][64Bits] -- Steam App 214770 =>.Valve®
O42 - Logiciel: HP DeskJet 1110 series Basic Device Software - (.Hewlett-Packard Co..) [HKLM][64Bits] -- {87DEBE9C-FD90-4E36-8AD8-608F871B9BD9} =>.Hewlett-Packard Co.
O42 - Logiciel: HP Imaging Device Functions 14.0 - (.HP.) [HKLM][64Bits] -- HP Imaging Device Functions =>.Hewlett Packard®
O42 - Logiciel: HP Photo Creations - (.HP Photo Creations Powered by RocketLife.) [HKLM][64Bits] -- HP Photo Creations =>.Visan Industries®
O42 - Logiciel: HP Photosmart Officejet and Deskjet All-In-One Driver Software - (.HP.) [HKLM][64Bits] -- {6F5B70F0-EA6C-4A5B-BB16-8390BD66B251} =>.Hewlett Packard®
O42 - Logiciel: HPPhotoGadget - (.Hewlett-Packard.) [HKLM][64Bits] -- {CAE4213F-F797-439D-BD9E-79B71D115BE3} =>.Hewlett-Packard
O42 - Logiciel: HPSSupply - (.Hewlett-Packard.) [HKLM][64Bits] -- {AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3} =>.Hewlett-Packard
O42 - Logiciel: iCloud - (.Apple Inc..) [HKLM][64Bits] -- {309768A4-A2BB-4930-A5A2-8169678C9B4C} =>.Apple Inc.
O42 - Logiciel: Intel AppUp(SM) center - (.Intel.) [HKLM][64Bits] -- Intel AppUp(SM) center 33057 =>.Intel AppUp(SM) center®
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A} =>.Intel Corporation®
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} =>.Intel Corporation - pGFX®
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {409CB30E-E457-4008-9B1A-ED1B9EA21140} =>.Intel Corporation
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {7629623D-F0D0-4AC6-A763-FBE06ED8288C} =>.Intel Corporation
O42 - Logiciel: Intel(R) SDK for OpenCL - CPU Only Runtime Package - (.Intel Corporation.) [HKLM][64Bits] -- {FCB3772C-B7D0-4933-B1A9-3707EBACC573} =>.Intel Corporation
O42 - Logiciel: Intel(R) Update Manager - (.Intel Corporation.) [HKLM][64Bits] -- {7224B7CE-196C-4E2A-A1AE-1D7BF259FD36} =>.Intel Corporation
O42 - Logiciel: Intel® Trusted Connect Service Client - (.Intel Corporation.) [HKLM][64Bits] -- {F4404AFD-2EF3-40C1-8C09-29E5F3B6972B} =>.Intel Corporation
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM][64Bits] -- {955524E7-79EB-4CA9-BA4D-FD2DF587651B} =>.Apple Inc.
O42 - Logiciel: Java 8 Update 51 - (.Oracle Corporation.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83218051F0} =>.Oracle Corporation
O42 - Logiciel: Java Auto Updater - (.Oracle Corporation.) [HKLM][64Bits] -- {4A03706F-666A-4037-7777-5F2748764D10} =>.Oracle Corporation
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {0BE9E708-5DC0-4963-9CFD-0AA519090E79} =>.Microsoft Corporation
O42 - Logiciel: Lenovo Bluetooth with Enhanced Data Rate Software - (.Broadcom Corporation.) [HKLM][64Bits] -- {C6D9ED03-6FCF-4410-9CB7-45CA285F9E11} =>.Broadcom Corporation
O42 - Logiciel: Lenovo BrgVolOSD - (.Lenovo.) [HKLM][64Bits] -- {B0CAB976-C41D-4800-A7BA-CBD4BF4EA920} =>.Lenovo
O42 - Logiciel: Lenovo Dashboard - (.Lenovo.) [HKLM][64Bits] -- {FEF1833C-244C-4DF2-AB67-1E1D26921ED8} =>.Lenovo
O42 - Logiciel: Lenovo Photos - (.CEWE COLOR AG u Co. OHG.) [HKLM][64Bits] -- Lenovo Photos =>.CEWE COLOR AG u Co. OHG
O42 - Logiciel: Lenovo Power2Go - (.CyberLink Corp..) [HKLM][64Bits] -- {40BF1E83-20EB-11D8-97C5-0009C5020658} =>.CyberLink®
O42 - Logiciel: Lenovo Power2Go - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658} =>.CyberLink®
O42 - Logiciel: Lenovo PowerDVD10 - (.CyberLink Corp..) [HKLM][64Bits] -- {DEC235ED-58A4-4517-A278-C41E8DAEAB3B} =>.CyberLink®
O42 - Logiciel: Lenovo PowerDVD10 - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B} =>.CyberLink®
O42 - Logiciel: Lenovo Rescue System - (.CyberLink Corp..) [HKLM][64Bits] -- {46F4D124-20E5-4D12-BE52-EC177A7A4B42} =>.CyberLink®
O42 - Logiciel: Lenovo Rescue System - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42} =>.CyberLink®
O42 - Logiciel: Lenovo Silver Silk Wireless Keyboard - (.Lenovo.) [HKLM][64Bits] -- {B88AD4F5-58A6-425D-9282-92228FEB7067} =>.Lenovo
O42 - Logiciel: Lenovo Silver Silk Wireless Keyboard - (.Lenovo.) [HKLM][64Bits] -- InstallShield_{B88AD4F5-58A6-425D-9282-92228FEB7067} =>.Lenovo
O42 - Logiciel: Lenovo USB2.0 UVC Camera - (.Vimicro Corporation.) [HKLM][64Bits] -- {70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B} =>.Macrovision Corporation®
O42 - Logiciel: Lenovo YouCam - (.CyberLink Corp..) [HKLM][64Bits] -- {01FB4998-33C4-4431-85ED-079E3EEFE75D} =>.CyberLink®
O42 - Logiciel: Lenovo YouCam - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} =>.CyberLink®
O42 - Logiciel: LenovoUtility version 1.0 - (.Lenovo.) [HKLM][64Bits] -- {4F949BD9-1E99-40C7-9102-C67E2D384995}_is1 =>.Lenovo
O42 - Logiciel: LogMeIn Hamachi - (.LogMeIn, Inc..) [HKLM][64Bits] -- {91B5DF26-717A-4A5F-AB10-CD450FAD428C} =>.LogMeIn, Inc.
O42 - Logiciel: LogMeIn Hamachi - (.LogMeIn, Inc..) [HKLM][64Bits] -- LogMeIn Hamachi =>.LogMeIn, Inc.
O42 - Logiciel: LVT - (.Lenovo.) [HKLM][64Bits] -- {9E3469A6-443A-452C-BF44-8D7CE3A9A7E2} =>.Macrovision Corporation®
O42 - Logiciel: Malwarebytes Anti-Malware version 2.2.1.1043 - (.Malwarebytes.) [HKLM][64Bits] -- Malwarebytes Anti-Malware_is1 =>.Malwarebytes
O42 - Logiciel: Manual Perfection V19_V39 versión 1.0 - (..) [HKLM][64Bits] -- UsersGuideManual Perfection V19_V39_is1 =>.Epson America, Inc.®
O42 - Logiciel: MapleStory - (..) [HKLM][64Bits] -- MapleStory =>.NEXON Korea Corporation.®
O42 - Logiciel: Mark of the Ninja - (.Klei Entertainment.) [HKLM][64Bits] -- Steam App 214560 =>.Valve®
O42 - Logiciel: Matching Roles - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- {92736E44-7608-4D80-9333-E40C82B7E8B3} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: Matching Roles - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: MATLAB R2015a - (.MathWorks.) [HKLM][64Bits] -- Matlab R2015a =>.The MathWorks, Inc.®
O42 - Logiciel: Microsoft Application Error Reporting - (.Microsoft Corporation.) [HKLM][64Bits] -- {95120000-00B9-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
O42 - Logiciel: Microsoft XNA Framework Redistributable 4.0 Refresh - (.Microsoft Corporation.) [HKLM][64Bits] -- {D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F} =>.Microsoft Corporation
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} =>.Microsoft
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9} =>.Microsoft
O42 - Logiciel: MSVCRT110 - (.Microsoft.) [HKLM][64Bits] -- {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA} =>.Microsoft
O42 - Logiciel: MSVCRT110_amd64 - (.Microsoft.) [HKLM][64Bits] -- {E9FA781F-3E80-4399-825A-AD3E11C28C77} =>.Microsoft
O42 - Logiciel: Network64 - (.Hewlett-Packard.) [HKLM][64Bits] -- {6BFAB6C1-6D46-46DB-A538-A269907C9F2F} =>.Hewlett-Packard
O42 - Logiciel: Nexon Game Manager - (..) [HKLM][64Bits] -- {EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E} =>.NEXON Korea Corporation.®
O42 - Logiciel: Nexon Launcher - (.Nexon.) [HKLM][64Bits] -- Nexon Nexon Launcher =>.Nexon
O42 - Logiciel: Nikon File Uploader 2 - (.Nikon.) [HKLM][64Bits] -- {D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599} =>.Nikon
O42 - Logiciel: Nikon Message Center 2 - (.Nikon.) [HKLM][64Bits] -- {B014EE44-9197-4513-9613-71E6EB1B514E} =>.Nikon
O42 - Logiciel: Nitro Pro 8 - (.Nitro.) [HKLM][64Bits] -- {34BE77EE-B563-49D7-A8A0-FFD76D29BBD3} =>.Nitro
O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B455E95A-B804-439F-B533-336B1635AE97} =>.NVIDIA Corporation
O42 - Logiciel: OCR Software by I.R.I.S. 14.0 - (.HP.) [HKLM][64Bits] -- HPOCR =>.Hewlett Packard®
O42 - Logiciel: OpenAL - (..) [HKLM][64Bits] -- OpenAL =>.Creative Labs Inc®
O42 - Logiciel: PDF Settings CS6 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {BFEAAE77-BD7F-4534-B286-9C5CB4697EB1} =>.Adobe Systems Incorporated
O42 - Logiciel: Picture Control Utility - (.Nikon.) [HKLM][64Bits] -- {87441A59-5E64-4096-A170-14EFE67200C3} =>.Nikon
O42 - Logiciel: Portal - (.Valve.) [HKLM][64Bits] -- Steam App 400 =>.Valve®
O42 - Logiciel: Puzzle - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- {6EB7ECE3-E3BE-481D-821B-F1AFFA244D64} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: Puzzle - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM][64Bits] -- {28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} =>Riskware.QuickTime
O42 - Logiciel: Quik - (.GoPro, Inc..) [HKLM][64Bits] -- {0d91b40f-e179-491c-a726-cd71dc297e8a} =>.GoPro, Inc.®
O42 - Logiciel: Quik - (.GoPro, Inc..) [HKLM][64Bits] -- {6249867C-ACE2-4400-AD50-4D6945A8EA8A} =>.GoPro, Inc.
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Realtek PCIE Card Reader - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {C1594429-8296-4652-BF54-9DBE4932A44C} =>.Realtek Semiconductor Corp®
O42 - Logiciel: REALTEK Wireless LAN Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] -- {B20F9D1C-A0A5-4cd8-8306-DA03872311B1} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Relic Hunters Zero - (.Rogue Snail.) [HKLM][64Bits] -- Steam App 382490 =>.Valve®
O42 - Logiciel: Risk of Rain - (..) [HKLM][64Bits] -- Steam App 248820 =>.Valve®
O42 - Logiciel: Rocket League - (.Psyonix.) [HKLM][64Bits] -- Steam App 252950 =>.Valve®
O42 - Logiciel: Samsung Kies3 - (.Samsung Electronics Co., Ltd..) [HKLM][64Bits] -- {88547073-C566-4895-9005-EBE98EA3F7C7} =>.Samsung Electronics Co., Ltd.
O42 - Logiciel: Samsung Kies3 - (.Samsung Electronics Co., Ltd..) [HKLM][64Bits] -- InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7} =>.Samsung Electronics Co., Ltd.
O42 - Logiciel: SAMSUNG USB Driver for Mobile Phones - (.SAMSUNG Electronics Co., Ltd..) [HKLM][64Bits] -- {D0795B21-0CDA-4a92-AB9E-6E92D8111E44} =>.DEVGURU CO LTD®
O42 - Logiciel: Scan - (.Hewlett-Packard.) [HKLM][64Bits] -- {06A1D88C-E102-4527-AF70-29FFD7AF215A} =>.Hewlett-Packard
O42 - Logiciel: Shared C Run-time for x64 - (.McAfee.) [HKLM][64Bits] -- {EF79C448-6946-4D71-8134-03407888C054} =>.McAfee
O42 - Logiciel: Shop for HP Supplies - (.HP.) [HKLM][64Bits] -- Shop for HP Supplies =>.Hewlett Packard®
O42 - Logiciel: SketchUp Import 2016 - (.Autodesk.) [HKLM][64Bits] -- {C769FB7C-1F55-4B31-9A2A-21CEC50F4F92} =>.Autodesk
O42 - Logiciel: Skype™ 7.30 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {FC965A47-4839-40CA-B618-18F486F042C6} =>.Skype Technologies S.A.
O42 - Logiciel: Snowflake Suite - (.Natural User Interface Technologies AB.) [HKLM][64Bits] -- {E03B9D73-3806-4466-97B1-75C4486F65DF} =>.Natural User Interface Technologies AB
O42 - Logiciel: Software Updater - (.SEIKO EPSON CORPORATION.) [HKLM][64Bits] -- {8DBC5A0A-31C4-46C7-B252-6B593EA11A87} =>.Seiko Epson Corporation
O42 - Logiciel: Spotify - (.Spotify AB.) [HKCU][64Bits] -- Spotify =>.Spotify AB®
O42 - Logiciel: StageLight version 1.0.0.3497 - (.Open Labs, LLC..) [HKLM][64Bits] -- StageLight =>.Open Labs, LLC.
O42 - Logiciel: Starbound - (..) [HKLM][64Bits] -- Steam App 211820 =>.Valve®
O42 - Logiciel: Stardew Valley - (.ConcernedApe.) [HKLM][64Bits] -- Steam App 413150 =>.Valve®
O42 - Logiciel: Status - (.Hewlett-Packard.) [HKLM][64Bits] -- {5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D} =>.Hewlett-Packard
O42 - Logiciel: Steam - (.Valve Corporation.) [HKLM][64Bits] -- Steam =>.Valve®
O42 - Logiciel: SugarSync Manager - (.SugarSync, Inc..) [HKLM][64Bits] -- SugarSync =>.SugarSync, Inc.
O42 - Logiciel: System Requirements Lab Detection - (.Husdawg, LLC.) [HKLM][64Bits] -- {06A5D553-A6B5-481C-958E-53C79C1AC3CB} =>.Husdawg, LLC
O42 - Logiciel: Terraria - (.Re-Logic.) [HKLM][64Bits] -- Steam App 105600 =>.Valve®
O42 - Logiciel: timer - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- {9CC4B8EE-A96B-4800-B674-0CF8B4560F45} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: timer - (.Tong child Research & Planning Co.,Ltd.) [HKLM][64Bits] -- InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45} =>.Tong child Research & Planning Co.,Ltd
O42 - Logiciel: Toolbox - (.Hewlett-Packard.) [HKLM][64Bits] -- {292F0F52-B62D-4E71-921B-89A682402201} =>.Hewlett-Packard
O42 - Logiciel: TrayApp - (.Hewlett-Packard.) [HKLM][64Bits] -- {CD31E63D-47FD-491C-8117-CF201D0AFAB5} =>.Hewlett-Packard
O42 - Logiciel: Unity Web Player - (.Unity Technologies ApS.) [HKCU][64Bits] -- UnityWebPlayer =>.Unity Technologies ApS
O42 - Logiciel: VFW_Codec32 - (.GoPro, Inc..) [HKLM][64Bits] -- {FCA86F94-8BCA-491D-AFF9-90921796FCD8} =>.GoPro, Inc.
O42 - Logiciel: VFW_Codec64 - (.GoPro, Inc..) [HKLM][64Bits] -- {341735D3-32CF-41BC-8C9B-FDE3975452DB} =>.GoPro, Inc.
O42 - Logiciel: Video Viewer - (.AVTECH Corporation, Inc..) [HKLM][64Bits] -- Video Viewer =>.AVTECH Corporation, Inc.
O42 - Logiciel: ViewNX 2 - (.Nikon.) [HKLM][64Bits] -- {DDD62492-32A7-412B-8AF1-2CF032AD42E3} =>.Nikon
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] -- VLC media player =>.VideoLAN
O42 - Logiciel: WebReg - (.Hewlett-Packard.) [HKLM][64Bits] -- {8EE94FD8-5F52-4463-A340-185D16328158} =>.Hewlett-Packard
O42 - Logiciel: Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (0 - (.Dynastream Innovations, Inc..) [HKLM][64Bits] -- F9D2A789F9CFF8CEC36B544F53877C80F1F73C46 =>.Microsoft Windows®
O42 - Logiciel: Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/0 - (.GoPro.) [HKLM][64Bits] -- 0B624A43DD66DBF5CF3EDFA9741A364E688062A4 =>.Microsoft Windows®
O42 - Logiciel: Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/0 - (.Silicon Labs Software.) [HKLM][64Bits] -- D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2 =>.Microsoft Windows®
O42 - Logiciel: WinRAR 5.21 (32-bit) - (.win.rar GmbH.) [HKLM][64Bits] -- WinRAR archiver =>.win.rar GmbH®
O42 - Logiciel: Zemana AntiMalware - (.Zemana Ltd..) [HKLM][64Bits] -- {8F0CD7D1-42F3-4195-95CD-833578D45057}_is1 =>.Zemana Ltd.®
---\\ HKCU & HKLM Software Keys (144) - 31s
HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
HKLM\SOFTWARE\Wow6432Node\Adware Removal Tool by TSA
HKLM\SOFTWARE\Wow6432Node\AGEIA Technologies =>.AGEIA Technologies
HKLM\SOFTWARE\Wow6432Node\Apple Computer, Inc. =>.Apple Computer, Inc.
HKLM\SOFTWARE\Wow6432Node\Apple Inc. =>.Apple Inc.
HKLM\SOFTWARE\Wow6432Node\aTube Catcher
HKLM\SOFTWARE\Wow6432Node\Autodesk =>.Autodesk
HKLM\SOFTWARE\Wow6432Node\AVTECH
HKLM\SOFTWARE\Wow6432Node\Blizzard Entertainment =>.Blizzard Entertainment
HKLM\SOFTWARE\Wow6432Node\BlueStacks =>.BlueStack Systems, Inc.
HKLM\SOFTWARE\Wow6432Node\Caphyon =>.Caphyon
HKLM\SOFTWARE\Wow6432Node\CyberLink =>.CyberLink
HKLM\SOFTWARE\Wow6432Node\EPSON =>.EPSON
HKLM\SOFTWARE\Wow6432Node\Exent =>.Exent Technologies Ltd.
HKLM\SOFTWARE\Wow6432Node\Faasoft =>.Faasoft
HKLM\SOFTWARE\Wow6432Node\Garmin =>.Garmin
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\GoPro =>.GoPro
HKLM\SOFTWARE\Wow6432Node\Hewlett-Packard =>.Hewlett-Packard
HKLM\SOFTWARE\Wow6432Node\HPS
HKLM\SOFTWARE\Wow6432Node\Icons
HKLM\SOFTWARE\Wow6432Node\IM Providers =>.IM Providers
HKLM\SOFTWARE\Wow6432Node\Image Units
HKLM\SOFTWARE\Wow6432Node\InkjetPrinter
HKLM\SOFTWARE\Wow6432Node\InstallShield =>.InstallShield
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\JavaSoft =>.JavaSoft
HKLM\SOFTWARE\Wow6432Node\JreMetrics =>.JreMetrics
HKLM\SOFTWARE\Wow6432Node\Khronos =>.Khronos
HKLM\SOFTWARE\Wow6432Node\Lake =>.Lake Sofware
HKLM\SOFTWARE\Wow6432Node\Lenovo =>.Lenovo
HKLM\SOFTWARE\Wow6432Node\Lenovo Photos
HKLM\SOFTWARE\Wow6432Node\LogMeIn Hamachi =>.LogMeIn Entreprise
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware =>.Malwarebytes' Anti-Malware
HKLM\SOFTWARE\Wow6432Node\MOVAVI =>.Movavi
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\Nalpeiron =>.Nalpeiron
HKLM\SOFTWARE\Wow6432Node\Natural User Interface Technologies AB =>.Natural User Interface Technologies AB
HKLM\SOFTWARE\Wow6432Node\NexonUS
HKLM\SOFTWARE\Wow6432Node\Nikon =>.Nikon
HKLM\SOFTWARE\Wow6432Node\Nitro =>.Nitro
HKLM\SOFTWARE\Wow6432Node\Nuance =>.Nuance
HKLM\SOFTWARE\Wow6432Node\NVIDIA Corporation =>.NVIDIA Corporation
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\OpenAL =>.Open Audio Library
HKLM\SOFTWARE\Wow6432Node\Opera Software =>.Opera Software
HKLM\SOFTWARE\Wow6432Node\Piriform =>.Piriform
HKLM\SOFTWARE\Wow6432Node\re-logic =>.Re-Logic
HKLM\SOFTWARE\Wow6432Node\Realtek =>.Realtek
HKLM\SOFTWARE\Wow6432Node\Realtek Semiconductor Corp. =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\RocketLife =>.RocketLife
HKLM\SOFTWARE\Wow6432Node\SEIKO EPSON Corp. =>.SEIKO EPSON CORP.
HKLM\SOFTWARE\Wow6432Node\Sharpcast
HKLM\SOFTWARE\Wow6432Node\Skype =>.Skype
HKLM\SOFTWARE\Wow6432Node\Valve =>.Valve
HKLM\SOFTWARE\Wow6432Node\Video Viewer
HKLM\SOFTWARE\Wow6432Node\Vimicro Corporation =>.Vimicro Corporation
HKLM\SOFTWARE\Wow6432Node\Visan =>.Visan Software
HKLM\SOFTWARE\Wow6432Node\Volatile =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\WinRAR =>.WinRAR
HKLM\SOFTWARE\Wow6432Node\Wizet
HKLM\SOFTWARE\Wow6432Node\WOW6432Node =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\Adobe Lightroom =>.Adobe Inc.
HKCU\SOFTWARE\AhnLab =>.AhnLab Inc.
HKCU\SOFTWARE\Akamai =>.Superfluous.AkamaiHD
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
HKCU\SOFTWARE\Apple Inc. =>.Apple Inc.
HKCU\SOFTWARE\Autodesk =>.Autodesk
HKCU\SOFTWARE\Blizzard Entertainment =>.Blizzard Entertainment
HKCU\SOFTWARE\BlueStacks =>.BlueStack Systems, Inc.
HKCU\SOFTWARE\Boneloaf
HKCU\SOFTWARE\Bossa Studios =>.Bossa Studios
HKCU\SOFTWARE\BugSplat =>.Bugsplat Game
HKCU\SOFTWARE\Bytescout =>.ByteScout
HKCU\SOFTWARE\CamStudioOpenSource for Nick
HKCU\SOFTWARE\CeWe Color =>.CEWE COLOR
HKCU\SOFTWARE\Chromium =>.Chromium
HKCU\SOFTWARE\CineForm =>.CineForm
HKCU\SOFTWARE\CyberLink =>.CyberLink
HKCU\SOFTWARE\Dodge Roll
HKCU\SOFTWARE\DriverBooster
HKCU\SOFTWARE\EPSON =>.EPSON
HKCU\SOFTWARE\Faasoft =>.Faasoft
HKCU\SOFTWARE\Free Lives =>.Free Lives
HKCU\SOFTWARE\Geek Uninstaller =>.Geek Uninstaller
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\GoPro =>.GoPro
HKCU\SOFTWARE\HAL
HKCU\SOFTWARE\Helper Scripts
HKCU\SOFTWARE\Hewlett-Packard =>.Hewlett-Packard
HKCU\SOFTWARE\HomePageService
HKCU\SOFTWARE\HP =>.HP
HKCU\SOFTWARE\IM Providers =>.IM Providers
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\kde.org =>.kde.org
HKCU\SOFTWARE\Lagarith
HKCU\SOFTWARE\Lake =>.Lake Sofware
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\Mathworks =>.MathWorks
HKCU\SOFTWARE\Mine =>.Microsoft Corporation
HKCU\SOFTWARE\MOVAVI =>.Movavi
HKCU\SOFTWARE\MozillaPlugins =>.MozillaPlugins
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\Nexon =>.Nexon
HKCU\SOFTWARE\Nexon Launcher
HKCU\SOFTWARE\Nikon =>.Nikon
HKCU\SOFTWARE\NITRO =>.Nitro
HKCU\SOFTWARE\Nitro PDF =>.Nitro PDF
HKCU\SOFTWARE\nwjs
HKCU\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKCU\SOFTWARE\Opera Software =>.Opera Software
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\PlayfulCorp
HKCU\SOFTWARE\QtProject =>.QtProject
HKCU\SOFTWARE\Quanta Computer Inc.
HKCU\SOFTWARE\Realtek =>.Realtek
HKCU\SOFTWARE\Reflections
HKCU\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\Samsung =>.Samsung
HKCU\SOFTWARE\Skype =>.Skype
HKCU\SOFTWARE\Spotify =>.Spotify
HKCU\SOFTWARE\SyncEngines =>.Microsoft Corporation
HKCU\SOFTWARE\Terraria
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\Unity =>.Unity
HKCU\SOFTWARE\Valve =>.Valve
HKCU\SOFTWARE\VB and VBA Program Settings =>.Microsoft Corporation
HKCU\SOFTWARE\Widcomm =>.Widcomm
HKCU\SOFTWARE\WinRAR =>.WinRAR
HKCU\SOFTWARE\WinRAR SFX =>.WinRAR
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZebHelpProcess Helper =>.Nicolas Coolman
HKCU\SOFTWARE\Zemana =>.Zemana
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow\Software\Autodesk =>.Autodesk
HKCU\SOFTWARE\AppDataLow\Software\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\AppDataLow\Software\MarkAny =>.MarkAny
HKCU\SOFTWARE\AppDataLow\Software\Unity =>.Unity
---\\ Contents of the Common Files folders (384) - 247s
O43 - CFD: 28/11/2016 - [] AD -- C:\Program Files\Adobe =>.Adobe Systems Incorporated®
O43 - CFD: 05/05/2015 - [] D -- C:\Program Files\Autodesk =>.Autodesk, Inc®
O43 - CFD: 29/04/2016 - [] AD -- C:\Program Files\Bonjour =>.Apple Inc.®
O43 - CFD: 28/11/2016 - [] D -- C:\Program Files\CCleaner =>.Piriform Ltd®
O43 - CFD: 27/11/2016 - [] D -- C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 21/10/2015 - [] D -- C:\Program Files\DIFX =>.Microsoft Windows®
O43 - CFD: 01/10/2016 - [] D -- C:\Program Files\Embedded Lockdown Manager =>.Microsoft Corporation
O43 - CFD: 29/11/2016 - [] D -- C:\Program Files\Everything =>.Everything
O43 - CFD: 28/11/2016 - [0] D -- C:\Program Files\Google =>.Google
O43 - CFD: 13/11/2016 - [] D -- C:\Program Files\GoPro =>.GoPro, Inc.®
O43 - CFD: 13/09/2016 - [] D -- C:\Program Files\HP =>.Hewlett Packard®
O43 - CFD: 01/10/2016 - [] D -- C:\Program Files\Intel =>.Intel Corporation - Intel® Rapid Storage Technology®
O43 - CFD: 01/10/2016 - [] D -- C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 12/09/2016 - [] D -- C:\Program Files\iPod =>.Apple Inc.®
O43 - CFD: 12/09/2016 - [] AD -- C:\Program Files\iTunes =>.Apple Inc.®
O43 - CFD: 20/08/2015 - [] D -- C:\Program Files\Lenovo =>.Lenovo®
O43 - CFD: 06/03/2016 - [] D -- C:\Program Files\MATLAB =>.The MathWorks, Inc.®
O43 - CFD: 15/10/2016 - [] AD -- C:\Program Files\Microsoft Silverlight =>.Microsoft Corporation®
O43 - CFD: 01/10/2016 - [] D -- C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 06/01/2014 - [] D -- C:\Program Files\OblyTile =>.Argony-OT
O43 - CFD: 16/01/2014 - [0] D -- C:\Program Files\office.tmp
O43 - CFD: 01/10/2016 - [] D -- C:\Program Files\Realtek =>.Andrea Electronics®
O43 - CFD: 01/10/2016 - [] D -- C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 23/04/2013 - [] D -- C:\Program Files\StageLight
O43 - CFD: 10/07/2015 - [0] HD -- C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 04/01/2014 - [] D -- C:\Program Files\VideoLAN =>.VideoLAN
O43 - CFD: 01/10/2016 - [] RD -- C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 10/02/2015 - [] D -- C:\Program Files\Windows Live =>.Microsoft Corporation
O43 - CFD: 12/10/2016 - [] D -- C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 28/10/2016 - [] D -- C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - [] D -- C:\Program Files\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - [] D -- C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 12/10/2016 - [] D -- C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation®
O43 - CFD: 16/07/2016 - [] D -- C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - [] SHD -- C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 23/11/2016 - [] HD -- C:\Program Files\WindowsApps =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - [] D -- C:\Program Files\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 22/06/2015 - [] D -- C:\Program Files\WinRAR =>.win.rar GmbH®
O43 - CFD: 28/11/2016 - [] AD -- C:\Program Files (x86)\Adobe =>.Adobe Systems, Incorporated®
O43 - CFD: 28/11/2016 - [] D -- C:\Program Files (x86)\Adware Removal Tool by TSA
O43 - CFD: 01/12/2015 - [0] D -- C:\Program Files (x86)\AGEIA Technologies =>.AGEIA Technologies
O43 - CFD: 28/11/2016 - [0] D -- C:\Program Files (x86)\Amazon =>.Amazon
O43 - CFD: 29/04/2016 - [] AD -- C:\Program Files (x86)\Apple Software Update =>.Apple Inc.®
O43 - CFD: 06/07/2015 - [] D -- C:\Program Files (x86)\Autodesk =>.Autodesk, Inc®
O43 - CFD: 28/11/2016 - [] AD -- C:\Program Files (x86)\Battle.net =>.Blizzard Entertainment, Inc.®
O43 - CFD: 01/08/2016 - [] D -- C:\Program Files (x86)\Bluestacks =>.BlueStack Systems, Inc.®
O43 - CFD: 29/04/2016 - [] AD -- C:\Program Files (x86)\Bonjour =>.Apple Inc.®
O43 - CFD: 07/01/2015 - [] D -- C:\Program Files (x86)\CineForm =>.CineForm
O43 - CFD: 26/11/2016 - [] D -- C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 23/04/2013 - [] D -- C:\Program Files (x86)\Cyberlink =>.CyberLink®
O43 - CFD: 20/08/2015 - [] AD -- C:\Program Files (x86)\Dolby Home Theater v4 =>.Dolby Laboratories, Inc.®
O43 - CFD: 13/01/2014 - [] D -- C:\Program Files (x86)\DsNET Corp =>.DsNET Corp
O43 - CFD: 30/12/2015 - [] D -- C:\Program Files (x86)\epson =>.Epson America, Inc.®
O43 - CFD: 30/12/2015 - [] AD -- C:\Program Files (x86)\Epson Software =>.SEIKO EPSON CORPORATION®
O43 - CFD: 25/05/2015 - [] D -- C:\Program Files (x86)\ezvid
O43 - CFD: 23/04/2013 - [] AD -- C:\Program Files (x86)\FreeRide Games =>.Exent Technologies Ltd.®
O43 - CFD: 04/11/2016 - [] AD -- C:\Program Files (x86)\Garmin =>.Garmin International, Inc.®
O43 - CFD: 28/11/2016 - [] D -- C:\Program Files (x86)\Google =>.Google
O43 - CFD: 13/11/2016 - [] AD -- C:\Program Files (x86)\GoPro =>.GoPro
O43 - CFD: 13/09/2016 - [] D -- C:\Program Files (x86)\Hewlett-Packard =>.Hewlett-Packard Company®
O43 - CFD: 28/11/2016 - [] AD -- C:\Program Files (x86)\Hp =>.Hewlett Packard®
O43 - CFD: 14/02/2014 - [] D -- C:\Program Files (x86)\HP Photo Creations =>.Visan Industries®
O43 - CFD: 28/11/2016 - [] HD -- C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield Software
O43 - CFD: 12/11/2014 - [] D -- C:\Program Files (x86)\Intel =>.Intel Corporation
O43 - CFD: 01/10/2016 - [] D -- C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 28/11/2016 - [0] D -- C:\Program Files (x86)\IObit =>.IObit
O43 - CFD: 12/09/2016 - [] D -- C:\Program Files (x86)\iTunes =>.Apple Inc.
O43 - CFD: 20/08/2015 - [] D -- C:\Program Files (x86)\Java =>.Oracle America, Inc.®
O43 - CFD: 28/11/2016 - [] D -- C:\Program Files (x86)\Lenovo =>.CyberLink®
O43 - CFD: 23/04/2013 - [] D -- C:\Program Files (x86)\LenovoPhotos
O43 - CFD: 23/04/2013 - [] AD -- C:\Program Files (x86)\LenovoUtility
O43 - CFD: 28/11/2016 - [] AD -- C:\Program Files (x86)\LogMeIn Hamachi =>.LogMeIn, Inc.®
O43 - CFD: 28/11/2016 - [] D -- C:\Program Files (x86)\Malwarebytes Anti-Malware =>.Malwarebytes Corporation®
O43 - CFD: 28/11/2016 - [0] D -- C:\Program Files (x86)\Microsoft =>.Microsoft
O43 - CFD: 23/04/2013 - [] D -- C:\Program Files (x86)\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 15/10/2016 - [] AD -- C:\Program Files (x86)\Microsoft Silverlight =>.Microsoft Corporation®
O43 - CFD: 06/01/2014 - [] D -- C:\Program Files (x86)\Microsoft SkyDrive =>.Microsoft Corporation®
O43 - CFD: 10/02/2015 - [] AD -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition =>.Microsoft Corporation
O43 - CFD: 16/12/2015 - [] D -- C:\Program Files (x86)\Microsoft XNA =>.Microsoft Corporation®
O43 - CFD: 16/07/2016 - [] D -- C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [] D -- C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 12/08/2015 - [] D -- C:\Program Files (x86)\Nexon {04EAD2DBE06A257FF5202EA26AE5C868} =>.Nexon
O43 - CFD: 10/02/2014 - [] D -- C:\Program Files (x86)\Nikon =>.Nikon
O43 - CFD: 23/04/2013 - [] D -- C:\Program Files (x86)\Nitro =>.Nitro PDF Software®
O43 - CFD: 23/04/2013 - [] D -- C:\Program Files (x86)\Nuance =>.Nuance Communications, Inc.®
O43 - CFD: 01/12/2015 - [] D -- C:\Program Files (x86)\NVIDIA Corporation =>.NVIDIA Corporation
O43 - CFD: 23/04/2013 - [] D -- C:\Program Files (x86)\OpenAL =>.Creative Labs Inc®
O43 - CFD: 25/05/2015 - [] D -- C:\Program Files (x86)\Opera =>.Opera Software
O43 - CFD: 26/11/2016 - [] D -- C:\Program Files (x86)\Overwatch =>.Blizzard Entertainment
O43 - CFD: 17/01/2015 - [] D -- C:\Program Files (x86)\RAR Password Unlocker
O43 - CFD: 23/04/2013 - [] D -- C:\Program Files (x86)\Realtek =>.Realtek Semiconductor Corp®
O43 - CFD: 23/04/2013 - [] AD -- C:\Program Files (x86)\REALTEK 11n USB Wireless LAN Driver
O43 - CFD: 01/10/2016 - [] D -- C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 30/03/2015 - [] D -- C:\Program Files (x86)\Samsung =>.DEVGURU CO LTD®
O43 - CFD: 24/11/2016 - [] RD -- C:\Program Files (x86)\Skype =>.Skype Software Sarl®
O43 - CFD: 26/11/2016 - [] D -- C:\Program Files (x86)\Steam =>.Valve®
O43 - CFD: 23/04/2013 - [] D -- C:\Program Files (x86)\SugarSync =>.SugarSync, Inc.®
O43 - CFD: 19/10/2015 - [] AD -- C:\Program Files (x86)\SystemRequirementsLab
O43 - CFD: 14/03/2016 - [0] HD -- C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 23/04/2013 - [] D -- C:\Program Files (x86)\Vimicro Corporation =>.Vimicro Corporation
O43 - CFD: 01/10/2016 - [] D -- C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 10/02/2015 - [] AD -- C:\Program Files (x86)\Windows Live =>.Microsoft Corporation®
O43 - CFD: 01/10/2016 - [] D -- C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 28/10/2016 - [] D -- C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - [] D -- C:\Program Files (x86)\Windows Multimedia Platform =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - [] D -- C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 12/10/2016 - [] D -- C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation®
O43 - CFD: 16/07/2016 - [] D -- C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - [] SHD -- C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - [] D -- C:\Program Files (x86)\WindowsPowerShell =>.Microsoft Corporation
O43 - CFD: 22/06/2015 - [] AD -- C:\Program Files (x86)\WinRAR =>.win.rar GmbH®
O43 - CFD: 29/11/2016 - [] D -- C:\Program Files (x86)\Zemana AntiMalware =>.Zemana Ltd.®
O43 - CFD: 16/07/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 10/11/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 10/11/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 28/11/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher =>.DsNET
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk =>.Autodesk
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk ReCap 2016
O43 - CFD: 28/11/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net =>.Games Software
O43 - CFD: 28/11/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform
O43 - CFD: 20/08/2015 - [0] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON =>.EPSON
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software =>.Epson/Seico
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ezvid
O43 - CFD: 04/11/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin =>.Garmin
O43 - CFD: 13/11/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro =>.GoPro
O43 - CFD: 28/11/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP =>.Hewlett-Packard
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud =>.Apple Inc.
O43 - CFD: 01/10/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel =>.Intel Corporation
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes =>.Apple Inc.
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java =>.Oracle
O43 - CFD: 28/11/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo =>.Lenovo
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Photos
O43 - CFD: 01/10/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Rescue System
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo USB2.0 UVC Camera
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot =>.Skillbrains
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon =>.Nikon
O43 - CFD: 28/11/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi =>.LogMeIn Entreprise
O43 - CFD: 16/07/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 28/11/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware =>.Malwarebytes
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
O43 - CFD: 12/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon =>.Nexon
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance =>.Nuance
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung =>.Samsung
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype =>.Skype
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StageLight
O43 - CFD: 01/10/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam =>.SteamApps
O43 - CFD: 16/07/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 28/11/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN =>.VideoLAN
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
O43 - CFD: 01/10/2016 - [] RD -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 29/11/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware =>.Zemana
O43 - CFD: 26/11/2015 - [] D -- C:\ProgramData\.mono
O43 - CFD: 06/01/2015 - [] D -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 =>.GEAR Software, Inc.
O43 - CFD: 29/11/2016 - [] D -- C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 28/11/2016 - [0] D -- C:\ProgramData\ALM =>.ALM
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\Ant =>.Garmin International
O43 - CFD: 03/06/2014 - [] D -- C:\ProgramData\Apple =>.Apple Inc.
O43 - CFD: 01/01/2014 - [] D -- C:\ProgramData\Apple Computer =>.Apple Inc.
O43 - CFD: 01/10/2016 - [0] SHD -- C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 04/12/2015 - [] AD -- C:\ProgramData\Autodesk =>.Autodesk
O43 - CFD: 26/11/2016 - [] D -- C:\ProgramData\Battle.net =>.Games Software
O43 - CFD: 26/11/2016 - [] D -- C:\ProgramData\Blizzard Entertainment =>.Blizzard Entertainment
O43 - CFD: 01/08/2016 - [] D -- C:\ProgramData\Bluestacks =>.BlueStack Systems, Inc.
O43 - CFD: 07/08/2016 - [0] D -- C:\ProgramData\BlueStacksSetup =>.BlueStack Systems, Inc.
O43 - CFD: 27/11/2016 - [] D -- C:\ProgramData\boost_interprocess =>.boost.org
O43 - CFD: 16/07/2016 - [0] D -- C:\ProgramData\Comms =>.Microsoft Corporation
O43 - CFD: 23/04/2013 - [] D -- C:\ProgramData\CyberLink =>.CyberLink
O43 - CFD: 01/10/2016 - [0] SHD -- C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [0] SHD -- C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 29/04/2016 - [] D -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
O43 - CFD: 10/02/2014 - [] D -- C:\ProgramData\EnterNHelp
O43 - CFD: 28/03/2016 - [] D -- C:\ProgramData\Epson =>.EPSON
O43 - CFD: 05/05/2015 - [] D -- C:\ProgramData\FARO =>.FARO
O43 - CFD: 06/05/2015 - [] D -- C:\ProgramData\FLEXnet =>.Flexera Software
O43 - CFD: 23/04/2013 - [] D -- C:\ProgramData\FreeRide Games
O43 - CFD: 21/10/2015 - [] D -- C:\ProgramData\Garmin =>.Garmin
O43 - CFD: 28/11/2016 - [] AD -- C:\ProgramData\HP =>.Hewlett-Packard
O43 - CFD: 14/02/2014 - [] AD -- C:\ProgramData\HP Photo Creations =>.HP Photo Creations
O43 - CFD: 04/01/2014 - [] D -- C:\ProgramData\hps
O43 - CFD: 03/05/2014 - [] D -- C:\ProgramData\Intel =>.Intel Corporation
O43 - CFD: 03/05/2014 - [] D -- C:\ProgramData\Intel(R) Update Manager
O43 - CFD: 23/04/2013 - [] D -- C:\ProgramData\Lenovo =>.Lenovo
O43 - CFD: 27/12/2013 - [] D -- C:\ProgramData\LogMeIn =>.LogMeIn
O43 - CFD: 28/11/2016 - [] D -- C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 06/03/2016 - [] D -- C:\ProgramData\MathWorks =>.MathWorks
O43 - CFD: 23/04/2013 - [] D -- C:\ProgramData\McAfee =>.McAfee
O43 - CFD: 28/11/2016 - [] SD -- C:\ProgramData\Microsoft =>.Microsoft
O43 - CFD: 02/10/2016 - [] D -- C:\ProgramData\Microsoft OneDrive =>.Microsoft Corporation
O43 - CFD: 11/01/2015 - [] D -- C:\ProgramData\Movavi =>.Movavi
O43 - CFD: 10/03/2015 - [] D -- C:\ProgramData\Nexon =>.Nexon
O43 - CFD: 10/03/2015 - [] D -- C:\ProgramData\NexonUS
O43 - CFD: 10/02/2014 - [] D -- C:\ProgramData\Nikon =>.Nikon
O43 - CFD: 23/04/2013 - [] D -- C:\ProgramData\Nitro =>.Nitro
O43 - CFD: 23/04/2013 - [] D -- C:\ProgramData\Nuance =>.Nuance
O43 - CFD: 23/04/2013 - [] D -- C:\ProgramData\OneKey Recovery =>.Lenovo
O43 - CFD: 22/12/2013 - [] D -- C:\ProgramData\OpenLabs
O43 - CFD: 20/08/2015 - [] D -- C:\ProgramData\Oracle =>.Oracle
O43 - CFD: 10/02/2014 - [] D -- C:\ProgramData\Organic
O43 - CFD: 13/11/2016 - [] D -- C:\ProgramData\Package Cache =>.Microsoft Corporation
O43 - CFD: 10/02/2014 - [] D -- C:\ProgramData\People
O43 - CFD: 10/02/2014 - [] D -- C:\ProgramData\Piano Med
O43 - CFD: 20/08/2015 - [] D -- C:\ProgramData\PRICache =>.Microsoft Corporation
O43 - CFD: 28/11/2016 - [] D -- C:\ProgramData\regid.1986-12.com.adobe =>.Adobe Inc.
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\regid.1991-06.com.microsoft =>.Microsoft Corporation
O43 - CFD: 30/03/2015 - [] D -- C:\ProgramData\Samsung =>.Samsung
O43 - CFD: 24/11/2016 - [] D -- C:\ProgramData\Skype =>.Skype
O43 - CFD: 16/07/2016 - [0] D -- C:\ProgramData\SoftwareDistribution =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [0] SHD -- C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 21/06/2014 - [] D -- C:\ProgramData\Sun =>.Oracle
O43 - CFD: 01/10/2016 - [0] SHD -- C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 24/12/2015 - [] D -- C:\ProgramData\tmp
O43 - CFD: 10/02/2014 - [] D -- C:\ProgramData\Ultima_T15
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\USOPrivate =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [] D -- C:\ProgramData\USOShared =>.Microsoft Corporation
O43 - CFD: 14/02/2014 - [] D -- C:\ProgramData\WEBREG =>.Hewlett-Packard
O43 - CFD: 28/11/2016 - [] AD -- C:\Program Files (x86)\Common Files\Adobe =>.Adobe
O43 - CFD: 26/11/2016 - [] AD -- C:\Program Files (x86)\Common Files\Adobe AIR =>.Adobe Inc.
O43 - CFD: 29/04/2016 - [] D -- C:\Program Files (x86)\Common Files\Apple =>.Apple Inc.
O43 - CFD: 06/07/2015 - [] AD -- C:\Program Files (x86)\Common Files\Autodesk Shared =>.Autodesk
O43 - CFD: 14/02/2014 - [] D -- C:\Program Files (x86)\Common Files\Hewlett-Packard =>.Hewlett-Packard
O43 - CFD: 14/02/2014 - [] D -- C:\Program Files (x86)\Common Files\HP =>.Hewlett-Packard
O43 - CFD: 10/02/2014 - [] D -- C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield
O43 - CFD: 01/10/2016 - [] D -- C:\Program Files (x86)\Common Files\Intel =>.Intel Corporation
O43 - CFD: 23/04/2013 - [] D -- C:\Program Files (x86)\Common Files\Intel Corporation =>.Intel Corporation
O43 - CFD: 20/08/2015 - [] D -- C:\Program Files (x86)\Common Files\Java =>.Oracle
O43 - CFD: 01/10/2016 - [] D -- C:\Program Files (x86)\Common Files\Microsoft Shared =>.Microsoft Corporation
O43 - CFD: 10/02/2014 - [] D -- C:\Program Files (x86)\Common Files\Nikon =>.Nikon
O43 - CFD: 23/04/2013 - [] D -- C:\Program Files (x86)\Common Files\Nitro =>.Nitro
O43 - CFD: 23/04/2013 - [] D -- C:\Program Files (x86)\Common Files\postureAgent =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - [] D -- C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 24/11/2016 - [] AD -- C:\Program Files (x86)\Common Files\Skype =>.Skype
O43 - CFD: 14/10/2016 - [] D -- C:\Program Files (x86)\Common Files\Steam =>.SteamApps
O43 - CFD: 16/07/2016 - [] D -- C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 10/02/2015 - [] D -- C:\Program Files (x86)\Common Files\Windows Live =>.Microsoft Corporation
O43 - CFD: 26/11/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\.mono
O43 - CFD: 29/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 07/01/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Apple Computer =>.Apple Inc.
O43 - CFD: 04/12/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Autodesk =>.Autodesk
O43 - CFD: 26/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Battle.net =>.Games Software
O43 - CFD: 02/11/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\BrawlhallaAir
O43 - CFD: 05/03/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\CyberLink =>.CyberLink
O43 - CFD: 05/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\discord =>.GitHub
O43 - CFD: 28/03/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Epson =>.EPSON
O43 - CFD: 29/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Everything =>.Everything
O43 - CFD: 24/01/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Faasoft Video Converter
O43 - CFD: 02/02/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Garmin =>.Garmin
O43 - CFD: 28/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Geek Uninstaller =>.Geek Uninstaller
O43 - CFD: 18/10/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\GoPro =>.GoPro
O43 - CFD: 15/02/2014 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\HP =>.Hewlett-Packard
O43 - CFD: 29/07/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Identities =>.Microsoft Corporation
O43 - CFD: 25/12/2013 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Intel Corporation =>.Intel Corporation
O43 - CFD: 25/12/2013 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 25/05/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\MangoApps
O43 - CFD: 12/01/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\MathWorks =>.MathWorks
O43 - CFD: 01/10/2016 - [] SD -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft =>.Microsoft
O43 - CFD: 01/08/2016 - [0] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Mozilla =>.Mozilla Corporation
O43 - CFD: 07/01/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\NexonLauncher
O43 - CFD: 10/02/2014 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Nikon =>.Nikon
O43 - CFD: 19/02/2014 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Nitro =>.Nitro
O43 - CFD: 29/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Nitro PDF =>.Nitro PDF
O43 - CFD: 25/05/2015 - [0] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Opera Software =>.Opera Software
O43 - CFD: 21/06/2014 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Oracle =>.Oracle
O43 - CFD: 26/12/2013 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Rovio =>.Rovio
O43 - CFD: 30/03/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Samsung =>.Samsung
O43 - CFD: 25/05/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Shortcut =>.Shortcut Software
O43 - CFD: 24/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Skype =>.Skype
O43 - CFD: 28/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Spotify =>.Spotify
O43 - CFD: 27/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
O43 - CFD: 19/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\StardewValley
O43 - CFD: 12/01/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Subversion
O43 - CFD: 25/05/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\TinyTake by MangoApps
O43 - CFD: 24/07/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\vlc =>.VideoLAN
O43 - CFD: 29/07/2016 - [0] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Windows Live Writer =>.Microsoft Corporation
O43 - CFD: 01/06/2014 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\WinRAR =>.WinRAR
O43 - CFD: 02/02/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Yacht Club Games =>.Yacht Club Games
O43 - CFD: 29/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 14/03/2016 - [0] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\ActiveSync =>.Microsoft Corporation
O43 - CFD: 29/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Adobe =>.Adobe
O43 - CFD: 06/01/2014 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Amazon_Services_LLC
O43 - CFD: 07/01/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Apple =>.Apple Inc.
O43 - CFD: 11/01/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Apple Computer =>.Apple Inc.
O43 - CFD: 07/01/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Apple Inc =>.Apple Inc.
O43 - CFD: 01/10/2016 - [0] SHD -- C:\Users\Ivan Reyes Ortega\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 04/12/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Autodesk =>.Autodesk
O43 - CFD: 28/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Battle.net =>.Games Software
O43 - CFD: 26/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Blizzard Entertainment =>.Blizzard Entertainment
O43 - CFD: 01/08/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Bluestacks =>.BlueStack Systems, Inc.
O43 - CFD: 25/12/2013 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Broadcom =>.Broadcom
O43 - CFD: 23/08/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\CEF =>.CEF
O43 - CFD: 20/08/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Comms =>.Microsoft Corporation
O43 - CFD: 02/10/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\ConnectedDevicesPlatform =>.Microsoft Corporation
O43 - CFD: 28/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Crashpad
O43 - CFD: 03/09/2016 - [0] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 05/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Discord =>.GitHub
O43 - CFD: 29/08/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Downloaded Installations =>.Microsoft Corporation
O43 - CFD: 18/06/2016 - [0] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation
O43 - CFD: 05/07/2015 - [0] SHD -- C:\Users\Ivan Reyes Ortega\AppData\Local\EmieBrowserModeList =>.Enterprise mode Site List Mgr
O43 - CFD: 05/07/2015 - [0] SHD -- C:\Users\Ivan Reyes Ortega\AppData\Local\EmieSiteList =>.Enterprise mode Site List Mgr
O43 - CFD: 05/07/2015 - [0] SHD -- C:\Users\Ivan Reyes Ortega\AppData\Local\EmieUserList =>.Enterprise mode Site List Mgr
O43 - CFD: 25/05/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\ezvid,_inc
O43 - CFD: 02/02/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Garmin_Ltd._or_its_subsid =>.Garmin Ltd
O43 - CFD: 28/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Google =>.Google
O43 - CFD: 18/10/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\GoPro =>.GoPro
O43 - CFD: 03/06/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\GWX =>.GWX
O43 - CFD: 01/10/2016 - [0] SHD -- C:\Users\Ivan Reyes Ortega\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 13/09/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\HP =>.Hewlett-Packard
O43 - CFD: 26/11/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\I Am Bread
O43 - CFD: 25/12/2013 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Lenovo =>.Lenovo
O43 - CFD: 27/12/2013 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\LogMeIn =>.LogMeIn
O43 - CFD: 28/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\LogMeIn Hamachi =>.LogMeIn Entreprise
O43 - CFD: 01/08/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Macromedia =>.Macromedia
O43 - CFD: 12/01/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\MathWorks =>.MathWorks
O43 - CFD: 02/10/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft =>.Microsoft
O43 - CFD: 20/08/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\MicrosoftEdge =>.Microsoft Corporation
O43 - CFD: 20/10/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\MissingTranslation
O43 - CFD: 11/01/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Movavi =>.Movavi
O43 - CFD: 03/01/2014 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Natural User Interface Technologies AB =>.Natural User Interface Technologies AB
O43 - CFD: 20/08/2015 - [0] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\NetworkTiles =>.NetworkTiles
O43 - CFD: 28/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\NexonLauncher
O43 - CFD: 10/02/2014 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Nikon =>.Nikon
O43 - CFD: 25/05/2015 - [0] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Opera Software =>.Opera Software
O43 - CFD: 22/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Packages =>.Microsoft Corporation
O43 - CFD: 25/12/2013 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Power2Go =>.Power2Go
O43 - CFD: 26/06/2014 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 20/08/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Publishers =>.Microsoft Corporation
O43 - CFD: 28/03/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\RelicHuntersZero
O43 - CFD: 26/11/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Risk_of_Rain
O43 - CFD: 30/03/2015 - [0] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Samsung =>.Samsung
O43 - CFD: 05/01/2016 - [0] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Skype =>.Skype
O43 - CFD: 22/08/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\speech =>.Microsoft Corporation
O43 - CFD: 28/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Spotify =>.Spotify
O43 - CFD: 05/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\SquirrelTemp =>.Squirrels
O43 - CFD: 21/04/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Steam =>.SteamApps
O43 - CFD: 29/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [0] SHD -- C:\Users\Ivan Reyes Ortega\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 25/10/2016 - [0] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign3068897a4b1eb3ee
O43 - CFD: 25/10/2016 - [0] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign975f6ce473cdd938
O43 - CFD: 25/10/2016 - [0] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9f2bb262de7593b7
O43 - CFD: 25/10/2016 - [0] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc72dfdeceed18e91
O43 - CFD: 25/10/2016 - [0] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigndfa06b53a3425ad3
O43 - CFD: 20/08/2015 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\TileDataLayer =>.Microsoft Corporation
O43 - CFD: 13/09/2014 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Unity =>.Unity
O43 - CFD: 04/03/2014 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 29/07/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Windows Live =>.Microsoft Corporation
O43 - CFD: 29/07/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Windows Live Writer =>.Microsoft Corporation
O43 - CFD: 29/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Zemana =>.Zemana
O43 - CFD: 26/06/2014 - [0] D -- C:\Users\Ivan Reyes Ortega\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [] RD -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility =>.Microsoft Corporation
O43 - CFD: 29/11/2016 - [] RD -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 10/11/2016 - [] RD -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 12/11/2014 - [0] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
O43 - CFD: 05/11/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc =>.Hammer & Chisel, Inc
O43 - CFD: 16/07/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 10/11/2016 - [] RD -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam =>.SteamApps
O43 - CFD: 01/10/2016 - [] RD -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools =>.Microsoft Corporation
O43 - CFD: 16/07/2016 - [] RD -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [] D -- C:\Users\Ivan Reyes Ortega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR =>.WinRAR
O43 - CFD: 01/10/2016 - [0] SHD -- C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [0] SHD -- C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 28/11/2016 - [] D -- C:\Users\Default\AppData\Local\LogMeIn Hamachi =>.LogMeIn Entreprise
O43 - CFD: 16/07/2016 - [] D -- C:\Users\Default\AppData\Local\Microsoft =>.Microsoft
O43 - CFD: 16/07/2016 - [0] D -- C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [0] SHD -- C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [0] SHD -- C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [0] SHD -- C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 28/11/2016 - [] D -- C:\Users\Default User\AppData\Local\LogMeIn Hamachi =>.LogMeIn Entreprise
O43 - CFD: 16/07/2016 - [] D -- C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft
O43 - CFD: 16/07/2016 - [0] D -- C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 01/10/2016 - [0] SHD -- C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 25/10/2016 - [] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Adobe =>.Adobe
O43 - CFD: 02/10/2016 - [] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\assembly =>.Assembly
O43 - CFD: 15/10/2016 - [] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Garmin_Ltd._or_its_subsid =>.Garmin Ltd
O43 - CFD: 15/10/2016 - [] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Microsoft =>.Microsoft
O43 - CFD: 29/11/2016 - [] -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Zemana =>.Zemana
O43 - CFD: 28/11/2016 - [] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Roaming\Microsoft =>.Microsoft
---\\ ShellIconOverlayIdentifiers (SIOI) (8) - 0s
O106 - SIOI: ErrorOverlayHandler Class [ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SharedOverlayHandler Class [ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SharedSyncingOverlayHandler Class [ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: UpToDateOverlayHandler Class [ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SyncingOverlayHandler Class [ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: UpToDateOverlayHandler Class [ SkyDrive1] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: SyncingOverlayHandler Class [ SkyDrive2] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll =>.Microsoft Corporation®
O106 - SIOI: ErrorOverlayHandler Class [ SkyDrive3] - {BBACC218-34EA-4666-9D7A-C78F2274A524}. (.Microsoft Corporation - Microsoft OneDrive Shell Extension.) -- C:\Users\Ivan Reyes Ortega\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncShell.dll =>.Microsoft Corporation®
---\\ System Drivers List (71) - 19s
O58 - SDL:2016/07/16 07:41:53 A . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\WINDOWS\System32\drivers\3ware.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.PMC-Sierra - PMC-Sierra Storport Driver For SPC8x6G SAS.) -- C:\WINDOWS\System32\drivers\adp80xx.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Advanced Micro Devices - AHCI 1.3 Device Driver.) -- C:\WINDOWS\System32\drivers\amdsata.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) -- C:\WINDOWS\System32\drivers\amdsbs.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\WINDOWS\System32\drivers\amdxata.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\WINDOWS\System32\drivers\arcsas.sys [324224] =>.Microsoft Windows®
O58 - SDL:2015/08/20 18:38:15 A . (.Broadcom Corporation. - Broadcom Bluetooth Firmware Download Filter.) -- C:\WINDOWS\System32\drivers\bcbtums.sys [324224] =>.Broadcom Corporation®
O58 - SDL:2016/07/16 07:41:53 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\WINDOWS\System32\drivers\bcmfn.sys [324224] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2016/07/16 07:41:53 A . (.Windows (R) Win 7 DDK provider - BCM Function 2 Device Driver.) -- C:\WINDOWS\System32\drivers\bcmfn2.sys [324224] =>.Windows (R) Win 7 DDK provider
O58 - SDL:2015/08/20 18:38:17 A . (.Broadcom Corporation. - Broadcom Bluetooth USB AMP Filter.) -- C:\WINDOWS\System32\drivers\btwampfl.sys [324224] =>.Broadcom Corporation®
O58 - SDL:2016/07/16 07:41:52 A . (.QLogic Corporation - QLogic Gigabit Ethernet VBD.) -- C:\WINDOWS\System32\drivers\bxvbda.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Chelsio Communications - Chelsio iSCSI Crash Dump Driver.) -- C:\WINDOWS\System32\drivers\cht4dx64.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Chelsio Communications - Chelsio iSCSI VMiniport Driver.) -- C:\WINDOWS\System32\drivers\cht4sx64.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Chelsio Communications - Virtual Bus Driver for Chelsio ® T4 Chipset.) -- C:\WINDOWS\System32\drivers\cht4vx64.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:52 A . (.QLogic Corporation - QLogic 10 GigE VBD.) -- C:\WINDOWS\System32\drivers\evbda.sys [324224] =>.Microsoft Windows®
O58 - SDL:2012/08/21 14:01:20 A . (.GEAR Software Inc. - CD DVD Filter.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [324224] =>.GEAR Software Inc.®
O58 - SDL:2015/08/03 12:12:32 N . (.LogMeIn Inc. - LogMeIn Hamachi Virtual Miniport Driver.) -- C:\WINDOWS\System32\drivers\Hamdrv.sys [324224] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2012/07/26 22:12:26 A . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\WINDOWS\System32\drivers\HECIx64.sys [324224] =>.Intel Corporation®
O58 - SDL:2016/07/16 07:41:53 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) -- C:\WINDOWS\System32\drivers\HpSAMD.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:54 A . (.Intel(R) Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iagpio.sys [324224] =>.Intel(R) Corporation
O58 - SDL:2016/07/16 07:41:54 A . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) -- C:\WINDOWS\System32\drivers\iai2c.sys [324224] =>.Intel(R) Corporation
O58 - SDL:2016/07/16 07:41:54 A . (.Intel Corporation - Intel(R) Serial IO GPIO Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [324224] =>.Intel Corporation
O58 - SDL:2016/07/16 07:41:54 A . (.Intel Corporation - Intel(R) Serial IO I2C Driver v2.) -- C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [324224] =>.Intel Corporation - Embedded Subsystems and IP Blocks Group®
O58 - SDL:2016/07/16 07:41:52 A . (.Intel Corporation - Intel(R) Serial IO GPIO Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [324224] =>.Intel Corporation - Client Components Group®
O58 - SDL:2016/07/16 07:41:50 A . (.Intel Corporation - Intel(R) Serial IO I2C Controller Driver.) -- C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [324224] =>.Intel Corporation
O58 - SDL:2013/01/31 18:20:10 A . (.Intel Corporation - Intel Rapid Storage Technology driver - x64.) -- C:\WINDOWS\System32\drivers\iaStorA.sys [324224] =>.Intel Corporation - Intel® Rapid Storage Technology®
O58 - SDL:2016/07/16 07:41:53 A . (.Intel Corporation - Intel(R) Rapid Storage Technology driver (i.) -- C:\WINDOWS\System32\drivers\iaStorAV.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\WINDOWS\System32\drivers\iaStorV.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - InfiniBand Fabric Bus Driver.) -- C:\WINDOWS\System32\drivers\ibbus.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/05/03 23:30:46 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\WINDOWS\System32\drivers\igdkmd64.sys [324224] =>.Intel(R) pGFX®
O58 - SDL:2015/08/21 11:50:48 N . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) -- C:\WINDOWS\System32\drivers\IntcDAud.sys [324224] =>.Intel Corporation - Client Components Group®
O58 - SDL:2015/07/20 15:45:04 A . (.Intel Corporation - Intel® WiDi Solution.) -- C:\WINDOWS\System32\drivers\intelaud.sys [324224] =>.Intel(R) Wireless Display®
O58 - SDL:2015/12/01 15:46:03 A . (.Intel Corporation - Intel® WiDi Solution.) -- C:\WINDOWS\System32\drivers\iwdbus.sys [324224] =>.Intel(R) Wireless Display®
O58 - SDL:2015/10/21 13:43:40 A . (.http://libusb-win32.sourceforge.net - LibUSB-Win32 - Kernel Driver.) -- C:\WINDOWS\System32\drivers\libusb0.sys [324224] =>.Akeo Consulting®
O58 - SDL:2016/07/16 07:41:53 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas2i.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Avago Technologies - Avago SAS Gen3 Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sas3i.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.LSI Corporation - LSI SSS PCIe/Flash Driver (StorPort).) -- C:\WINDOWS\System32\drivers\lsi_sss.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/03/10 14:08:54 A . (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\WINDOWS\System32\drivers\mbam.sys [324224] =>.Malwarebytes Corporation®
O58 - SDL:2016/03/10 14:08:58 A . (.Malwarebytes - Malwarebytes Chameleon Protection Driver.) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [324224] =>.Malwarebytes Corporation®
O58 - SDL:2016/11/29 00:03:40 A . (.Malwarebytes - Malwarebytes Anti-Malware.) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [324224] =>.Malwarebytes Corporation®
O58 - SDL:2016/07/16 07:41:53 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\megasas.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/10/05 06:09:07 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\MegaSas2i.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\WINDOWS\System32\drivers\megasr.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - MLX4 Bus Driver.) -- C:\WINDOWS\System32\drivers\mlx4_bus.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) -- C:\WINDOWS\System32\drivers\mvumis.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/03/10 14:09:10 A . (.Malwarebytes Corporation - Malwarebytes Web Access Control.) -- C:\WINDOWS\System32\drivers\mwac.sys [324224] =>.Malwarebytes Corporation®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - NetworkDirect Support Filter Driver.) -- C:\WINDOWS\System32\drivers\ndfltr.sys [324224] =>.Microsoft Windows®
O58 - SDL:2013/07/25 17:53:46 A . (.Apple Inc. - Apple Mobile Device Ethernet.) -- C:\WINDOWS\System32\drivers\netaapl64.sys [324224] =>.Apple Inc.
O58 - SDL:2016/07/16 07:42:03 A . (.Authors - .) -- C:\WINDOWS\System32\drivers\NetAdapterCx.sys [324224] =>.Microsoft Corporation
O58 - SDL:2016/07/16 07:41:53 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\WINDOWS\System32\drivers\nvraid.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\WINDOWS\System32\drivers\nvstor.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas2i.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Avago Technologies - MEGASAS RAID Controller Driver for Windows.) -- C:\WINDOWS\System32\drivers\percsas3i.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Realtek - Realtek 8136/8168/8169 NDIS 6.40 64-bit Dri.) -- C:\WINDOWS\System32\drivers\rt640x64.sys [324224] =>.Realtek
O58 - SDL:2012/07/31 06:10:34 A . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\WINDOWS\System32\drivers\RTKVHD64.sys [324224] =>.Realtek Semiconductor Corp®
O58 - SDL:2016/03/08 13:02:41 A . (.Realtek Semiconductor Corp. - Realtek Pcie CardReader Driver for 2K/XP/Vi.) -- C:\WINDOWS\System32\drivers\RtsP2Stor.sys [324224] =>.Realtek Semiconductor Corp®
O58 - SDL:2016/07/16 07:41:52 A . (.Realtek Semiconductor Corporation - Realtek WLAN USB NDIS Driver 28199.) -- C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [324224] =>.Realtek Semiconductor Corporation
O58 - SDL:2016/07/16 07:41:53 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid2.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\WINDOWS\System32\drivers\sisraid4.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/09/05 05:47:06 A . (.Samsung Electronics Co., Ltd. - SAMSUNG USB Composite Device Driver.) -- C:\WINDOWS\System32\drivers\ssudbus.sys [324224] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/09/05 05:47:12 A . (.Samsung Electronics Co., Ltd. - SAMSUNG Android Modem Device Driver.) -- C:\WINDOWS\System32\drivers\ssudmdm.sys [324224] =>.Samsung Electronics CO., LTD.®
O58 - SDL:2016/07/16 07:41:53 A . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Wind.) -- C:\WINDOWS\System32\drivers\stexstor.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/03/08 13:02:42 A . (.Vimicro Corporation - Vimicro USB Video Class Camera.) -- C:\WINDOWS\System32\drivers\vmc412.sys [324224] =>.Microsoft Windows Hardware Compatibility Publisher®
O58 - SDL:2016/07/16 07:41:53 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\WINDOWS\System32\drivers\vsmraid.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.VIA Corporation - VIA StorX RAID Controller Driver.) -- C:\WINDOWS\System32\drivers\VSTXRAID.SYS [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - Kernel WinMad.) -- C:\WINDOWS\System32\drivers\winmad.sys [324224] =>.Microsoft Windows®
O58 - SDL:2016/07/16 07:41:53 A . (.Mellanox - Kernel WinVerbs.) -- C:\WINDOWS\System32\drivers\winverbs.sys [324224] =>.Microsoft Windows®
O58 - SDL:2012/06/13 20:10:32 A . (."CyberLink - Cyberlink Virtual Disk Driver.) -- C:\WINDOWS\System32\drivers\wsvd.sys [324224] =>.CyberLink®
O58 - SDL:2016/11/29 10:20:22 A . (.Zemana Ltd. - ZAM.) -- C:\WINDOWS\System32\drivers\zam64.sys [324224] =>.Zemana Ltd.®
O58 - SDL:2016/11/29 10:20:14 A . (.Zemana Ltd. - ZAM.) -- C:\WINDOWS\System32\drivers\zamguard64.sys [324224] =>.Zemana Ltd.®
---\\ Last modified or created user files (1) - 403s
O61 - LFC: 2016/11/28 12:31:54 A . (.Copyright © 2015.) -- C:\Users\Ivan Reyes Ortega\Desktop\Defenses\Adware Removal Tool by TSA.exe [752296] {317DD1C55F51AC2756D9C93C060C6FA5}
---\\ File Associations Shell Spawning (11) - 1s
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> <UCHTML>[HKCU\..\open\Command] (...) -- C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
---\\ Start Menu Internet (4) - 0s
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
---\\ Search Browser Infection (7) - 0s
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKCU] {1898CB3E-8BBA-4F65-AF7A-D32185E768EF} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKCU] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKCU] {BF47303B-CFAA-40F3-84BE-AFFFAA87AA21} - (Google) - http://www.google.com/ =>.Google Inc.
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {1898CB3E-8BBA-4F65-AF7A-D32185E768EF} - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} - (Google) - http://www.google.com/ =>.Google Inc.
---\\ Search Svchost Services (45) - 2s
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\WINDOWS\System32\certprop.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) -- C:\WINDOWS\System32\certprop.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\WINDOWS\System32\gpsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\WINDOWS\System32\ikeext.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) -- C:\WINDOWS\System32\iphlpsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\WINDOWS\system32\seclogon.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\WINDOWS\System32\appinfo.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\WINDOWS\system32\iscsiexe.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\WINDOWS\System32\eapsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\WINDOWS\system32\schedsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\System32\browser.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\SessEnv.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\WINDOWS\System32\wercplsupport.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: shpamsvc (shpamsvc) . (.Microsoft Corporation - SharedPC.AccountManager.) -- C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\WINDOWS\system32\themeservice.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation - Geolocation Service.) -- C:\WINDOWS\System32\lfsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: DmEnrollmentSvc (DmEnrollmentSvc) . (.Microsoft Corporation - Windows Managent Service DLL.) -- C:\Windows\System32\Windows.Internal.Management.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Infrared Monitor.) -- C:\WINDOWS\System32\irmon.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\System32\rasauto.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\System32\rasmans.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\System32\sens.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\WINDOWS\System32\ipnathlp.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\WINDOWS\system32\wuaueng.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\WINDOWS\System32\qmgr.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: dmwappushservice (dmwappushservice) . (.Microsoft Corporation - dmwappushsvc.) -- C:\WINDOWS\system32\dmwappushsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: WpnService (WpnService) . (.Microsoft Corporation - Windows Push Notification System Service.) -- C:\WINDOWS\system32\WpnService.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: XboxNetApiSvc (XboxNetApiSvc) . (.Microsoft Corporation - Xbox Live Networking Service.) -- C:\WINDOWS\system32\XboxNetApiSvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: DcpSvc (DcpSvc) . (.Microsoft Corporation - dcpsvc Task.) -- C:\WINDOWS\system32\dcpsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: RetailDemo (RetailDemo) . (.Microsoft Corporation - RDXService.) -- C:\WINDOWS\system32\RDXService.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\WINDOWS\System32\bdesvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Device Setup Manager.) -- C:\WINDOWS\System32\DeviceSetupManager.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Microsoft Network Connectivity Assistant Se.) -- C:\WINDOWS\System32\ncasvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\WINDOWS\system32\profsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: UserManager (UserManager) . (.Microsoft Corporation - UserMgr.) -- C:\WINDOWS\System32\usermgr.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: XblAuthManager (XblAuthManager) . (.Microsoft Corporation - Xbox Live Auth Manager.) -- C:\WINDOWS\System32\XblAuthManager.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: XblGameSave (XblGameSave) . (.Microsoft Corporation - Xbox Live Game Save Service.) -- C:\WINDOWS\System32\XblGameSave.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: UsoSvc (UsoSvc) . (.Microsoft Corporation - Update Session Orchestrator Core.) -- C:\WINDOWS\system32\usocore.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: wisvc (wisvc) . (.Microsoft Corporation - Flight Settings.) -- C:\WINDOWS\system32\flightsettings.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Microsoft® Account Service.) -- C:\WINDOWS\system32\wlidsvc.dll [324224] =>.Microsoft Corporation
O83 - Search Svchost Services: NetSetupSvc (NetSetupSvc) . (.Microsoft Corporation - Network Setup Service.) -- C:\WINDOWS\System32\NetSetupSvc.dll [324224] =>.Microsoft Corporation
---\\ Firewall Active Exception List (4) - 2s
O87 - FAEL: "TCP Query User{35EB6970-F44A-4BA5-854A-5D1F0BC262F4}C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe" [In-None-P6-TRUE] .(...) -- C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe (.not file.) =>.Superfluous.AkamaiHD
O87 - FAEL: "UDP Query User{4D64E4B3-39A9-4A78-9299-6A2837D9FEA6}C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe" [In-None-P17-TRUE] .(...) -- C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe (.not file.) =>.Superfluous.AkamaiHD
O87 - FAEL: "{7285CD80-EF16-48A6-8F6C-9E0050FC57C0}" [In-None-P17-TRUE] .(...) -- C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe (.not file.) =>.Superfluous.AkamaiHD
O87 - FAEL: "{165B5F0A-2DDA-4FAC-B848-4558F4DA785B}" [In-None-P6-TRUE] .(...) -- C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe (.not file.) =>.Superfluous.AkamaiHD
---\\ Additional Scan (O88) (4) - 0s
C:\WINDOWS\System32\Tasks\{DB50062B-1108-4516-B07E-CB933EB55684} =>.Superfluous.AkamaiHD
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} =>Riskware.QuickTime
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} =>Riskware.QuickTime
HKCU\SOFTWARE\Akamai =>.Superfluous.AkamaiHD
---\\ Summary of the elements found (2) - 0s
https://www.nicolascoolman.com/fr/logiciels-superflus =>.Superfluous.AkamaiHD
https://www.anti-malware.top/2016/04/21/riskware-quicktime/ =>Riskware.QuickTime
~ End of the scan, 72155 items in 00h25mn28s (1429)

Malnutrition · Nov 30, 2016

Iaro96 said:
can't believe it, there's still UCBrowser stuff left

Those items were already in quarantine, it will take me a while to go over these logs.

Malnutrition · Nov 30, 2016

FRST Fix

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

After you have ran the fixlist, then grab Patch My PC and update all of your software as well install Google Chrome from within Patch My PC.

Iaro96 · Nov 30, 2016

Alright, I will do that right away.

The Zemana Antimalware program just popped up, informing me about 4 new threats. How come they keep spawning? Do they reproduce or something?

Zemana AntiMalware 2.70.2.25 (Installed)
-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/11/30
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i3-3130M CPU @ 2.60GHz
BIOS Mode : UEFI
CUID : 1203285F630FDF1F3D8882
Scan Type : Scheduled Scan
Duration : 33m 34s
Scanned Objects : 212617
Detected Objects : 4
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
ClockworkMod
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8E9FBA4F0A0974EF5DA6939F17D49F682C78E76E\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Root CA
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8E9FBA4F0A0974EF5DA6939F17D49F682C78E76E\Blob = 1900000001000000100000004321E029B1DFB58332B4E12D3684B1BA0F00000001000000140000004197EEB33C029DA9C95DF96F3E79C000823926060300000001000000140000008E9FBA4F0A0974EF5DA6939F17D49F682C78E76E14000000010000001400000043A30E1537E622AF0B33246E665F1ABA53273694200000000100000000030000308202FC308201E8A003020102021045FFC961E0ED6DBC4F552B7D1451104A300906052B0E03021D05003017311530130603550403130C436C6F636B776F726B4D6F64301E170D3133303430373233313334345A170D3339313233313233353935395A3017311530130603550403130C436C6F636B776F726B4D6F6430820122300D06092A864886F70D01010105000382010F003082010A0282010100DA79369D868709997C40830E263A887C28CD8E64E569B7BA0FEF133AB825E80633BFF9B8A8439518ABAC49C394061A0A82E3A314FAABDEDB0ACF45DA482B18A1F303BB2434A0886B1F44F50B3CE96E4AFB7E90B0A6F2EB2241D4004AAB7B89BA94240E190753B5509E0EEF626B5BDF75BAEC8B2ED66B5D66144057CEBD98C1635D186B9B9A4E216813D90C7561CEB1B21C9863515587B7A1D0494294C96C8F096CB92772D26CE1F44E86953E47CE641FF67C0C83B818030583F7AC560D8E6FBDDCD98CC8B03F535D0515F157551E09C1AEDD794AD8E9D45649437BE48A88F7B3225C92A95E9C0D54BA57F3C6D7F9EAC1AECF624718912FA6B8DC7CCAD13415270203010001A34C304A30480603551D010441303F8010A7571CAADAC4F456624305DC75A92FEEA1193017311530130603550403130C436C6F636B776F726B4D6F64821045FFC961E0ED6DBC4F552B7D1451104A300906052B0E03021D05000382010100003CDC97A66A3D5B012A163EF57499E469595BBAA1CA37A7B27EFFE614889E76F586DAB0DD60E2D3C1C6B2E1583C4614747D696E75C82B7051FFE3DE80486A59E643329B9C751E429B27CAD025FC1BE66F1ED5910AAA79C70293196B9E13FE8D2239A3672737400DCC67B8D9510D594C9041FCC27A41BE8F08A1F49B922FCD4E3E2049B7D5C378DB362498F0E9B2A370E384D764259DB230F09F7F8A77D0A71EF07CEF836F7EB69A69ECA2DFE1ACD8AA4D50D31FDAE05FC8C7A8684BE4790B98F2A12DD26A06F2A4929031EEA3FD9E6A13363B8C7DCF36797034B20EECB7F4F8795CA6081C29BD6632F1D964D5FF48FA54FAC117CF16F0785ABE5DB375880538
USB\VID_04E8&PID_685D (libwdi autogenerated)
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\79A1536CB59231522B32C99ECE8D4FCB7CC677C1\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Root CA
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\79A1536CB59231522B32C99ECE8D4FCB7CC677C1\Blob = 190000000100000010000000EA23AE460AAC660DAD41B96E649979130F00000001000000140000008E2E21C85680BCBBEBB8BE8E7A40D697FC9C07DC03000000010000001400000079A1536CB59231522B32C99ECE8D4FCB7CC677C10B000000010000000E0000006C006900620077006400690000001400000001000000140000003C8181F38BEEC3904667DF2B9936D7B1965C84592000000001000000CC020000308202C830820231A003020102021054CBAC55D9DBA2A54AE78B36CEDB5630300D06092A864886F70D010105050030633161305F06035504031E58005500530042005C005600490044005F00300034004500380026005000490044005F003600380035004400200028006C006900620077006400690020006100750074006F00670065006E0065007200610074006500640029301E170D3134303130343233323631395A170D3239303130313030303030305A30633161305F06035504031E58005500530042005C005600490044005F00300034004500380026005000490044005F003600380035004400200028006C006900620077006400690020006100750074006F00670065006E006500720061007400650064002930819F300D06092A864886F70D010101050003818D0030818902818100922BD152C23E25F04124F289793D15BBA93834827D24C97DA736FAE3E2F917E6381A5EAA245854E8195B735755A012CBD8C03C000DE973B30E06F8C2CA0EF7A0E5B79C4D7A0C3D4B00F71BD3C6BB9CA4DFC93461E12B4F1F93EB90E2D59FDEF0B81A366DD0C451AFDF0F4EE45D507B3FEFA42AA66D8F306DDD9B33E6B72DB0850203010001A37D307B30160603551D250101FF040C300A06082B0601050507030330200603551D07041930178615687474703A2F2F6C69627764692E616B656F2E6965303F0603551D2004383036303406082B060105050702013028302606082B06010505070201161A687474703A2F2F6C69627764692D6370732E616B656F2E696500300D06092A864886F70D01010505000381810023C45519D40EC7A82B885A7073E46BAA19FAAC09B43B6AD4E6279DF73BE9C03BE7DC874EDC408D4947376A7B79C8C485B8DB4981873225E5FD6DEBB0B50B0B04C645A9F0D4EA00968AED428329B8B55DD7CB1FBAAB4075E8A3669D7117C4E2137ABFCAF6EC6EB219706DAE3277CF4009994112CD8CADA7082CF4388D6FA278FE
Nuance
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\512D194D2864CCBB67432E67BD4C9B6A4F006AD5\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Root CA
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\512D194D2864CCBB67432E67BD4C9B6A4F006AD5\Blob = 1900000001000000100000006D7D9B0308D38C91862F03859F5D2E4D0F0000000100000014000000AEA51AFF6E4BA2826EB5E149295C248CA58EDD1A030000000100000014000000512D194D2864CCBB67432E67BD4C9B6A4F006AD5140000000100000014000000FD455B25788F847C61C1250E918AE1EE1C9C38342000000001000000EE020000308202EA308201D6A003020102021098EF9DF59A1E598D4DB75200D595E6A3300906052B0E03021D05003011310F300D060355040313064E75616E6365301E170D3132313032323138343334375A170D3339313233313233353935395A3011310F300D060355040313064E75616E636530820122300D06092A864886F70D01010105000382010F003082010A0282010100D31934ECCECFCFC0DB3284E59F954FA33F6CDF6B367ABAC0D0CE5D5FD938406D51FBF8D277AFBF5433F2D94DBE0BDDA49FDABA20690F251FD75AB02799723707ECCCD740D4715352EF68BE884EE224A5DB3E7BA2E2C8856CCCF532F6416A4FA1CF5CFAC8C512C789B498A906BE466BA4AC104AABA94D80D23FE7202321A1EE865125213DAEDC3E3A78B2A8AA410858D31C7E95EFCA090E2E8A1810D3FCAC514D56B4043CD9BA73DA833204B5A6000F9D45DA2D439259562F25C2A2FD181BF40C316BCE18D18F77C042894055EB96ADC872325682ED4ECA267DCC592507A73E0294DFA19D15B0D17329214E9A0A2FC5853C1FBED8AA89CF10CF590959D3809C7D0203010001A346304430420603551D01043B303980104CB273B8AE0148893E32016E3B4BF96BA1133011310F300D060355040313064E75616E6365821098EF9DF59A1E598D4DB75200D595E6A3300906052B0E03021D0500038201010037BBD2A49C8F8BD226E687FC3C3B82E5BDEB3EFA1DF58D54E87EB953631275B6E55F69B42F1D65C07DB2BC20520EACF4A2074592E3A3D8FB83535827BF72362B97F282E74C3916AFAB0556CCC0A868E84035A1AA7EC2FF589D1DA60798746F7ED251C6F7C586F63918F0BC02B53182F2B63F04C12A9256B727020830188BD9C070D240D636E973079DD127BFAC10EF629E834DEC8EDE07C6512E2AA15DD58F635194A8873E702829A9257829DCE00FD3179F4225A3AAF1B3F0F609DB3EEA20452162EDEAD8DD3432F514C1B3CD3A9B8E11CC7C832D8BAFF04CD45544AE1721C22678F9C5218177A3C05AAFA061CB57DB17BB0DCB5F84E5361C26DE4997CA1D7A
Trojan:Win32/Poweliks
Status : Scanned
Object : %systemroot%\system32\tasks\{7c134af1-a52c-45fb-a769-590205637799}|c:\program files\internet explorer\iexplore.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Fileless Malware
Cleaning Action : Delete
Related Objects :
Scheduled Task - C:\WINDOWS\System32\Tasks\{7C134AF1-A52C-45FB-A769-590205637799}

Cleaning Result
-------------------------------------------------------
Cleaned : 4
Reported as safe : 0
Failed : 0

Iaro96 · Nov 30, 2016

Here is the fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
Ran by Ivan Reyes Ortega (30-11-2016 01:18:18) Run:2
Running from C:\Users\Ivan Reyes Ortega\Desktop\Defenses\FRST
Loaded Profiles: Ivan Reyes Ortega (Available Profiles: Joanne & Ivan Reyes Ortega & Guest)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Program Files\Google
C:\Program Files (x86)\Google
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome
C:\Users\Ivan Reyes Ortega\AppData\Local\Google
C:\Program Files\WindowsApps\FilmOnLiveTVFree.FilmOnLiveTVFree_1.3.6.115_x64__zx03kxexxb716\js\google-analytics-helper.js
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-5B3CDFA8.pf
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-AFD99EFF.pf
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-B7AD469C.pf
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-C327CBAA.pf
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-DE5D8DDC.pf
C:\Windows\Prefetch\CHROME.EXE-46AA1511.pf
C:\Windows\Prefetch\CHROME.EXE-46AA1513.pf
C:\Windows\Prefetch\CHROME.EXE-FDA848E2.pf
C:\Windows\System32\Tasks_Migrated\GoogleUpdateTaskMachineCore
C:\Windows\System32\Tasks_Migrated\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
C:\WINDOWS\System32\Tasks\Apple Diagnostics
C:\WINDOWS\System32\Tasks\{8DD3EE36-D507-432E-A9B1-FA7778A3BE83}
C:\WINDOWS\System32\Tasks\{DB50062B-1108-4516-B07E-CB933EB55684}
C:\WINDOWS\System32\Tasks\{7C134AF1-A52C-45FB-A769-590205637799}
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat
C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.erolpxei.bat
C:\Program Files (x86)\Amazon
C:\Program Files\Google
C:\Program Files (x86)\Google
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC???
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
C:\ProgramData\McAfee
C:\ProgramData\EnterNHelp
C:\ProgramData\Ultima_T15
C:\Users\Ivan Reyes Ortega\AppData\Local\Amazon_Services_LLC
C:\Users\Ivan Reyes Ortega\AppData\Local\Google
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign3068897a4b1eb3ee
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9f2bb262de7593b7
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9f2bb262de7593b7
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc72dfdeceed18e91
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigndfa06b53a3425ad3
C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe
C:\WINDOWS\System32\Tasks\{DB50062B-1108-4516-B07E-CB933EB55684}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\aTube Catcher
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Google
DeleteKey: HKCU\SOFTWARE\AhnLab
DeleteKey: HKCU\SOFTWARE\Google
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Emptytemp:
reboot:
end
*****************
Restore point was successfully created.
Processes closed successfully.
C:\Program Files\Google => moved successfully
C:\Program Files (x86)\Google => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Google\Chrome => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Google => moved successfully
C:\Program Files\WindowsApps\FilmOnLiveTVFree.FilmOnLiveTVFree_1.3.6.115_x64__zx03kxexxb716\js\google-analytics-helper.js => moved successfully
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-5B3CDFA8.pf => moved successfully
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-AFD99EFF.pf => moved successfully
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-B7AD469C.pf => moved successfully
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-C327CBAA.pf => moved successfully
C:\Windows\Prefetch\GOOGLEUPDATE.EXE-DE5D8DDC.pf => moved successfully
C:\Windows\Prefetch\CHROME.EXE-46AA1511.pf => moved successfully
C:\Windows\Prefetch\CHROME.EXE-46AA1513.pf => moved successfully
C:\Windows\Prefetch\CHROME.EXE-FDA848E2.pf => moved successfully
C:\Windows\System32\Tasks_Migrated\GoogleUpdateTaskMachineCore => moved successfully
C:\Windows\System32\Tasks_Migrated\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\CCleanerSkipUAC => moved successfully
C:\WINDOWS\System32\Tasks\Apple Diagnostics => moved successfully
C:\WINDOWS\System32\Tasks\{8DD3EE36-D507-432E-A9B1-FA7778A3BE83} => moved successfully
C:\WINDOWS\System32\Tasks\{DB50062B-1108-4516-B07E-CB933EB55684} => moved successfully
"C:\WINDOWS\System32\Tasks\{7C134AF1-A52C-45FB-A769-590205637799}" => not found.
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" => not found.
"C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.emorhc.bat" => not found.
"C:\Users\Ivan Reyes Ortega\AppData\Roaming\Browsers\exe.erolpxei.bat" => not found.
C:\Program Files (x86)\Amazon => moved successfully
"C:\Program Files\Google" => not found.
"C:\Program Files (x86)\Google" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC???" => not found.
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 => moved successfully
C:\ProgramData\McAfee => moved successfully
C:\ProgramData\EnterNHelp => moved successfully
C:\ProgramData\Ultima_T15 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Amazon_Services_LLC => moved successfully
"C:\Users\Ivan Reyes Ortega\AppData\Local\Google" => not found.
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign3068897a4b1eb3ee => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9f2bb262de7593b7 => moved successfully
"C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsign9f2bb262de7593b7" => not found.
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsignc72dfdeceed18e91 => moved successfully
C:\Users\Ivan Reyes Ortega\AppData\Local\Tempzxpsigndfa06b53a3425ad3 => moved successfully
"C:\users\ivan reyes ortega\appdata\local\akamai\netsession_win.exe" => not found.
"C:\WINDOWS\System32\Tasks\{DB50062B-1108-4516-B07E-CB933EB55684}" => not found.
HKLM\SOFTWARE\Wow6432Node\aTube Catcher => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google => key removed successfully
HKCU\SOFTWARE\AhnLab => key removed successfully
HKCU\SOFTWARE\Google => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} => key removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 146552395 B
Java, Flash, Steam htmlcache => 103942407 B
Windows/system/drivers => 138939 B
Edge => 93035769 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => -652 B
Joanne => 0 B
Ivan Reyes Ortega => 1101165442 B
Guest => 0 B
RecycleBin => 132275 B
EmptyTemp: => 1.3 GB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 01:20:17 ====

Iaro96 · Nov 30, 2016

This thing popped up again. The "Quik Tray App" thing... Not sure if it is related to the infection. But the first time I saw it was after the Chinese UC virus.

Malnutrition · Nov 30, 2016

Your machine was certainly a mess.... lets run a couple more....

Please download Malwarebytes Anti-Rootkit from here

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

9-Lab Scan.

Download 9-Lab Removal Tool.
CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
Install the program onto your computer, then right click the icon run as administrator.
Update the program and then run a full scan!
Make sure the program updates, might be better to install it update reboot and check for updates again.
You need to make sure the database updates!!!
Upon Scan Completion Click on Show Results.
Then Click On Clean
Then Click on Save Log.
Save it to your desktop, copy and paste the contents of the log here in your next reply.

Iaro96 · Nov 30, 2016

Additionally, I still feel like it's behaving a bit slow, especially when opening programs (Browser, iTunes, Adobe Reader, etc). At the moment of typing this message, for example, characters lag sometimes before appearing. I suppose it might be because of Zemana Anti-Malware which is running in the background. I'll run those two and then Patch My PC.

Malnutrition · Nov 30, 2016

Iaro96 said:
Additionally, I still feel like it's behaving a bit slow, especially when opening programs (Browser, iTunes, Adobe Reader, etc).

I provided instructions to try and address this, there are lot of things running on your machine that are not needed.

Clean up temp files and reduce startup load with CCleaner.

Download CCleaner from here.
After install Click Options.
Go to monitoring.
Uncheck All Monitoring items.
Go to advanced -- Click close program after cleaning.
Go to settings -- click run ccleaner when the computer starts.
Now that you have ccleaner installed and set-up:
Open the program.
Go to Tools
Go to Startup
Now double click each item. To Disable.
You have a large amount of items starting, you should only keep three. Pick your fabvorite apps to start then disable the rest.
Then disable All items in your scheduled task as well.
Unless they are related to windows defender.
Reboot the machine.

Here are the same instructions with Pictures...

Ccleaner To disable Useless Startups.

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

CCleaner - Free Download - Piriform

Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up then under the Windows Tab select each item then disable. Also under the scheduled task tab, you are safe to disable all task. Only disable items under the windows tab and scheduled task tab!

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

Hit options.
Settings.
Place a tick to run Ccleaner when the computer starts.

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

Reboot the machine after.

Iaro96 · Nov 30, 2016

Will leave Malwarebytes Anti-Rootkit overnight, then run 9-Lab Scan, CC Cleaner and finally Patch My PC. Will be posting all the logs. Again @Malnutrition , can't stress how thankful I am. Thanks for everything sir! Night.

Iaro96 · Nov 30, 2016

The buttons on the screen of my computer are touch and they get glitched from time to time. Had to turn the computer off and on. Could not see or get the results of the log. Will be re-doing it.

Malnutrition · Nov 30, 2016

Alright, awaiting the logs.

jmarket · Nov 30, 2016

I need you to run aswMBR. If it's being persistent, I want to ensure that it isn't hiding in your MBR.

Please download aswMBR from here

Save aswMBR.exe to your Desktop

Double click aswMBR.exe to run it

Click the Scan button to start the scan as illustrated below (Note that it may seem like the scan is frozen or stuck at times. It is not stuck. Please let it finish)

Note: Do not take action against any **Rootkit** entries until we have reviewed the log. Often there are false positives.

Once the scan finishes click Save log to save the log to your Desktop.

Copy and paste the contents of aswMBR.txt in your post for review by our Security Team.

Iaro96 · Dec 1, 2016

Malnutrition said:
Alright, awaiting the logs.

The same thing happened again. Went to college and left the scan running (This time I didn't manually turn my screen off, but the computer went to sleep). It wouldn't turn on...
However I checked the logs of the program and this is that I found:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.447.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 6322003968, free: 3039768576
Downloaded database version: v2016.11.30.02
Downloaded database version: v2016.11.20.01
Downloaded database version: v2016.11.29.02
Initializing...
=======================================
Driver version: 0.3.0.4
------------ Kernel report ------------
11/30/2016 01:57:49
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\Hamdrv.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\libusb0.sys
\SystemRoot\system32\drivers\bcbtums.sys
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\system32\drivers\BthA2DP.sys
\SystemRoot\system32\drivers\btampm.sys
\SystemRoot\System32\drivers\BthAvrcpTg.sys
\SystemRoot\System32\drivers\bthhfenum.sys
\SystemRoot\System32\drivers\hidbth.sys
\SystemRoot\System32\Drivers\VMC412.sys
\SystemRoot\system32\DRIVERS\BthHfAud.sys
\SystemRoot\System32\drivers\BthHFHid.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\rtwlanu_oldIC.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2016.11.30.02
rootkit: v2016.11.20.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff9b0c3e8bf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff9b0c3e8bfae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9b0c3e8bf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffff9b0c3c1db040, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff9b0c3c1d5060, DeviceName: \Device\00000029\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 1B3DE834
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3327256683
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 60b89d9d-52e-4f73-8220-e0792bdb1cb5
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3327256683
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 60b89d9d-52e-4f73-8220-e0792bdb1cb5
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 4b21a05d-e898-415e-83fc-5f3b9a8c77f
FirstLBA 2048 Last LBA 2050047
Attributes 1
Partition Name
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 74b99b7d-11-4808-bff-dfb0fb96717c
FirstLBA 2050048 Last LBA 2582527
Attributes 0
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
Partition ID e331c708-877a-42b0-a26e-b01daac248a8
FirstLBA 2582528 Last LBA 3606527
Attributes 1
Partition Name
Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID d74b076d-cf80-41cf-9590-94f1489131e
FirstLBA 3606528 Last LBA 3868671
Attributes 0
Partition Name Microsoft reserved partition
Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 4fa1e888-db2c-42af-89f8-e35793ba8e5
FirstLBA 3868672 Last LBA 1901402111
Attributes 0
Partition Name Basic data partition
Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 8d41c442-39b4-4a5e-a85f-684c8ff09515
FirstLBA 1901402112 Last LBA 1902323711
Attributes 1
Partition Name
Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID e2b4d-775e-4b4e-a0af-d5b1557ea6d5
FirstLBA 1902323712 Last LBA 1953523711
Attributes 1
Partition Name
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507ded2cb4f7f4c\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\mscoree.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\40571abae9422cd2ca6fafbbde1c3cdc\mscorlib.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08da6b6698b412866e6910ae9b84f363\System.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
File "C:\Windows\System32\avrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcr80.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcr90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wevtapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime\c222377567372f3384a612b0437c9d06\System.Runtime.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\213003369298faf75651a6b8981dce12\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f6ebd52be27fe627fed0d185c6a9c0d5\System.Core.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\aa9c29b70b4cceab890eb841f89d73e9\System.Configuration.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7532301b00fac8def2f526ca8b480e11\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSCORSECIMPL.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSCORSECIMPL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c2abcda8f96d67fa6ff5665fd21dddff\System.Drawing.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c02fbf560e52a1aab432a90d4c613af4\System.Windows.Forms.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a390fa28b40e5b0bfd357371211f470d\System.ServiceModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\2b901873687e343684064998783c1f8d\System.Data.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\6ba98b6eeadccf682c0cc876bcc548da\System.Net.Http.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6e975e2acfc33e1c706f00bf2942e187\System.Xml.Linq.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PORTABLEDEVICEAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PORTABLEDEVICEAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1b144b0155aa14719ac0b83f038abbd5\SMDiagnostics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\a280fac0c231c9d6d5f1274c2180d594\System.Management.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wmiutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\d842ac6dc0b94d7516b2d43a62b8f4d7\System.ServiceModel.Internals.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rtutils.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv30e99c02#\08ebdebb9c6eb538ca4d0b42155dfb7d\System.ServiceModel.Channels.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\3e5136588f123be6d20335e2596424c4\System.ServiceModel.Web.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\5802392cd3e3a6f3921aabc3241bb561\System.IdentityModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\httpapi.dll" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcp90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wldp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shfolder.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshqos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSHTCPIP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wship6.dll" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msxml3.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe" is sparse (flags = 32768)
File "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCHOST.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MSASCuiL.exe" is sparse (flags = 32768)
File "C:\Windows\System32\devenum.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdmo.dll" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MpCmdRun.exe" is sparse (flags = 32768)
File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Faultrep.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\security.dll" is sparse (flags = 32768)
File "C:\Windows\System32\riched20.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msls31.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcacli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devrtl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\idndl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\normaliz.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ieframe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ieframe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mstask.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wer.dll" is sparse (flags = 32768)
File "C:\Windows\System32\xmllite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\loadperf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pdh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cabinet.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.321_none_baab3cb4359688b4\GdiPlus.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mlang.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONECOREUAPCOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONECOREUAPCOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\PERFCOUNTER.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\PERFCOUNTER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LOCATIONAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LOCATIONAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LOCATIONFRAMEWORKPS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LOCATIONFRAMEWORKPS.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIASYMREADER.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIASYMREADER.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\b5bd1926660d2d17f74fd4ee135f4c4b\System.Web.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WEBENGINE4.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WEBENGINE4.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msiltcfg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cryptui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINET_UTILS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oledlg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hid.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcp80.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll" is sparse (flags = 32768)
File "C:\Windows\System32\riched32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wmp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wmp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WMVCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WMASF.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wmploc.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiadss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sti.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiatrace.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LOCATIONNOTIFICATIONWINDOWS.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\LOCATIONNOTIFICATIONWINDOWS.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\atlthunk.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcLayers.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcLayers.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NTLMSHARED.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptdll.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srclient.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vssapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vsstrace.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\taskschd.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netprofm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\npmproxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\jsproxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NapiNSP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpnsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winrnr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshbth.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshbth.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.28b9ef5a#\6ef777676757b8f23c86111711f26545\System.Web.Extensions.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcm90.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5751e969e4789e60d3ad463cb6024006\WindowsBase.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\051a282e157a228405b2e0d867c3ce1d\PresentationCore.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\5272cb4aeec65bec2fffb45e9cb22910\PresentationFramework.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ntdsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\logoncli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemdisp.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcGenral.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcGenral.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dsound.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdmaud.drv" is sparse (flags = 32768)
File "C:\Windows\System32\ksuser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.drv" is sparse (flags = 32768)
File "C:\Windows\System32\midimap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SensApi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MICROSOFTEDGE.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MICROSOFTEDGE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\BROWSER_BROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\BROWSER_BROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MICROSOFTEDGECP.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MICROSOFTEDGECP.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\INSTALLAGENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\INSTALLAGENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETWORKEXPLORER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETWORKEXPLORER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BACKGROUNDTASKHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\BACKGROUNDTASKHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Macromed\Flash\FLASHUTIL_ACTIVEX.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\Macromed\Flash\FLASHUTIL_ACTIVEX.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\wab.exe" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthHfAud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthHfAud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rfcomm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rfcomm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthpan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthA2DP.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\registry.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tunnel.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\xusb22.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\xusb22.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\irmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.83" is compressed (flags = 1)
File "C:\Users\Ivan Reyes Ortega\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.447.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 6322003968, free: 4115992576
Downloaded database version: v2016.11.30.03
Downloaded database version: v2016.11.30.04
Downloaded database version: v2016.11.30.05
Downloaded database version: v2016.11.30.06
Downloaded database version: v2016.11.30.07
Downloaded database version: v2016.11.30.08
Downloaded database version: v2016.11.30.09
Downloaded database version: v2016.11.30.10
Initializing...
======================
Driver version: 0.3.0.4
------------ Kernel report ------------
11/30/2016 15:11:07
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\Hamdrv.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\libusb0.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\drivers\WinUSB.SYS
\SystemRoot\System32\drivers\usbscan.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\bcbtums.sys
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\drivers\rtwlanu_oldIC.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\Drivers\VMC412.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\system32\drivers\BthA2DP.sys
\SystemRoot\system32\drivers\btampm.sys
\SystemRoot\System32\drivers\BthAvrcpTg.sys
\SystemRoot\System32\drivers\bthhfenum.sys
\SystemRoot\System32\drivers\hidbth.sys
\SystemRoot\system32\DRIVERS\BthHfAud.sys
\SystemRoot\System32\drivers\BthHFHid.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F77479EC-B37D-446D-AA9A-BDB22F748F76}\MpKslDrv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2016.11.30.10
rootkit: v2016.11.20.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff998ad30bf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff998ad30bfae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff998ad30bf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffff998acff8fab0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff998acff8b060, DeviceName: \Device\00000029\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 1B3DE834
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3327256683
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 60b89d9d-52e-4f73-8220-e0792bdb1cb5
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3327256683
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 60b89d9d-52e-4f73-8220-e0792bdb1cb5
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 4b21a05d-e898-415e-83fc-5f3b9a8c77f
FirstLBA 2048 Last LBA 2050047
Attributes 1
Partition Name
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 74b99b7d-11-4808-bff-dfb0fb96717c
FirstLBA 2050048 Last LBA 2582527
Attributes 0
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
Partition ID e331c708-877a-42b0-a26e-b01daac248a8
FirstLBA 2582528 Last LBA 3606527
Attributes 1
Partition Name
Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID d74b076d-cf80-41cf-9590-94f1489131e
FirstLBA 3606528 Last LBA 3868671
Attributes 0
Partition Name Microsoft reserved partition
Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 4fa1e888-db2c-42af-89f8-e35793ba8e5
FirstLBA 3868672 Last LBA 1901402111
Attributes 0
Partition Name Basic data partition
Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 8d41c442-39b4-4a5e-a85f-684c8ff09515
FirstLBA 1901402112 Last LBA 1902323711
Attributes 1
Partition Name
Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID e2b4d-775e-4b4e-a0af-d5b1557ea6d5
FirstLBA 1902323712 Last LBA 1953523711
Attributes 1
Partition Name
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507ded2cb4f7f4c\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ninput.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\avrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcr80.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcr90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wevtapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscoree.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\40571abae9422cd2ca6fafbbde1c3cdc\mscorlib.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08da6b6698b412866e6910ae9b84f363\System.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcp90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wldp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shfolder.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f6ebd52be27fe627fed0d185c6a9c0d5\System.Core.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\aa9c29b70b4cceab890eb841f89d73e9\System.Configuration.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7532301b00fac8def2f526ca8b480e11\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\httpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshqos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSHTCPIP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wship6.dll" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msxml3.dll" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\devenum.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdmo.dll" is sparse (flags = 32768)
File "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe" is sparse (flags = 32768)
File "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCHOST.EXE" is sparse (flags = 32768)
Scan Interrupted
File "C:\Program Files\Windows Defender\MSASCuiL.exe" is sparse (flags = 32768)
Scan was aborted.
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.447.14393.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 6322003968, free: 3949359104
Initializing...
======================
Driver version: 0.3.0.4
------------ Kernel report ------------
11/30/2016 15:17:35
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\Hamdrv.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\libusb0.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\drivers\WinUSB.SYS
\SystemRoot\System32\drivers\usbscan.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\bcbtums.sys
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\drivers\rtwlanu_oldIC.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\Drivers\VMC412.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\system32\drivers\BthA2DP.sys
\SystemRoot\system32\drivers\btampm.sys
\SystemRoot\System32\drivers\BthAvrcpTg.sys
\SystemRoot\System32\drivers\bthhfenum.sys
\SystemRoot\System32\drivers\hidbth.sys
\SystemRoot\system32\DRIVERS\BthHfAud.sys
\SystemRoot\System32\drivers\BthHFHid.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F77479EC-B37D-446D-AA9A-BDB22F748F76}\MpKslDrv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2016.11.30.10
rootkit: v2016.11.20.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff998ad30bf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff998ad30bfae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff998ad30bf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffff998acff8fab0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff998acff8b060, DeviceName: \Device\00000029\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 1B3DE834
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3327256683
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 60b89d9d-52e-4f73-8220-e0792bdb1cb5
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3327256683
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 60b89d9d-52e-4f73-8220-e0792bdb1cb5
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 4b21a05d-e898-415e-83fc-5f3b9a8c77f
FirstLBA 2048 Last LBA 2050047
Attributes 1
Partition Name
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 74b99b7d-11-4808-bff-dfb0fb96717c
FirstLBA 2050048 Last LBA 2582527
Attributes 0
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
Partition ID e331c708-877a-42b0-a26e-b01daac248a8
FirstLBA 2582528 Last LBA 3606527
Attributes 1
Partition Name
Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID d74b076d-cf80-41cf-9590-94f1489131e
FirstLBA 3606528 Last LBA 3868671
Attributes 0
Partition Name Microsoft reserved partition
Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 4fa1e888-db2c-42af-89f8-e35793ba8e5
FirstLBA 3868672 Last LBA 1901402111
Attributes 0
Partition Name Basic data partition
Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 8d41c442-39b4-4a5e-a85f-684c8ff09515
FirstLBA 1901402112 Last LBA 1902323711
Attributes 1
Partition Name
Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID e2b4d-775e-4b4e-a0af-d5b1557ea6d5
FirstLBA 1902323712 Last LBA 1953523711
Attributes 1
Partition Name
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507ded2cb4f7f4c\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\avrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcr80.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcr90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wevtapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscoree.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\40571abae9422cd2ca6fafbbde1c3cdc\mscorlib.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08da6b6698b412866e6910ae9b84f363\System.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcp90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wldp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shfolder.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f6ebd52be27fe627fed0d185c6a9c0d5\System.Core.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\aa9c29b70b4cceab890eb841f89d73e9\System.Configuration.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7532301b00fac8def2f526ca8b480e11\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\httpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshqos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSHTCPIP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wship6.dll" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msxml3.dll" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\devenum.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdmo.dll" is sparse (flags = 32768)
File "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe" is sparse (flags = 32768)
File "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCHOST.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MSASCuiL.exe" is sparse (flags = 32768)
File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Faultrep.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\security.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\riched20.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msls31.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcacli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devrtl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\idndl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\normaliz.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ieframe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ieframe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mstask.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wer.dll" is sparse (flags = 32768)
File "C:\Windows\System32\xmllite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\loadperf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pdh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cabinet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.321_none_baab3cb4359688b4\GdiPlus.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mlang.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONECOREUAPCOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONECOREUAPCOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c2abcda8f96d67fa6ff5665fd21dddff\System.Drawing.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c02fbf560e52a1aab432a90d4c613af4\System.Windows.Forms.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\a280fac0c231c9d6d5f1274c2180d594\System.Management.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wmiutils.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\PERFCOUNTER.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\PERFCOUNTER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LOCATIONAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LOCATIONAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rasman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rtutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIASYMREADER.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIASYMREADER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LOCATIONFRAMEWORKPS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LOCATIONFRAMEWORKPS.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\b5bd1926660d2d17f74fd4ee135f4c4b\System.Web.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WEBENGINE4.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WEBENGINE4.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msiltcfg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINET_UTILS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oledlg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hid.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcp80.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll" is sparse (flags = 32768)
File "C:\Windows\System32\riched32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wmp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wmp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WMVCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WMASF.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wmploc.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiadss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sti.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiatrace.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\atlthunk.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcLayers.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcLayers.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a390fa28b40e5b0bfd357371211f470d\System.ServiceModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1b144b0155aa14719ac0b83f038abbd5\SMDiagnostics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\d842ac6dc0b94d7516b2d43a62b8f4d7\System.ServiceModel.Internals.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\213003369298faf75651a6b8981dce12\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\3e5136588f123be6d20335e2596424c4\System.ServiceModel.Web.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\5802392cd3e3a6f3921aabc3241bb561\System.IdentityModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NTLMSHARED.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptdll.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\taskschd.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dssenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\LOCATIONNOTIFICATIONWINDOWS.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\LOCATIONNOTIFICATIONWINDOWS.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\netprofm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\npmproxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\jsproxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NapiNSP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpnsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winrnr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshbth.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshbth.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.28b9ef5a#\6ef777676757b8f23c86111711f26545\System.Web.Extensions.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\srclient.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vssapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vsstrace.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcm90.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\2b901873687e343684064998783c1f8d\System.Data.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5751e969e4789e60d3ad463cb6024006\WindowsBase.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\051a282e157a228405b2e0d867c3ce1d\PresentationCore.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\5272cb4aeec65bec2fffb45e9cb22910\PresentationFramework.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\ImmersiveControlPanel\SYSTEMSETTINGS.EXE" is sparse (flags = 32768)
File "C:\Windows\ImmersiveControlPanel\SYSTEMSETTINGS.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MpCmdRun.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\wab.exe" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthHfAud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthHfAud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rfcomm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rfcomm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthpan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthA2DP.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\registry.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tunnel.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\xusb22.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\xusb22.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\irmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-F4DA725336EA18DF60F1AF72E32EEF3700795F21.bin.83" is compressed (flags = 1)
File "C:\Users\Ivan Reyes Ortega\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)

Iaro96

Malnutrition

Malnurished Admin

Iaro96

Malnutrition

Malnurished Admin

Iaro96

Iaro96

Iaro96

Malnutrition

Malnurished Admin

Malnutrition

Malnurished Admin

Attachments

Iaro96

Iaro96

Iaro96

Attachments

Malnutrition

Malnurished Admin

Iaro96

Malnutrition

Malnurished Admin

Iaro96

Iaro96

Malnutrition

Malnurished Admin

jmarket

PCHF's Almighty Ruler

Iaro96

Search

Search

Solved UC Chinese Virus

We value your privacy