Malware #SL9DW61 message

Juliet · Nov 24, 2016

MalwareBytes for the time being is an anti-malware scanner (Can be bought as a premium package)
SpyBot (unless it's the security package) works along the same way and works with onboard antivirus software.
McAfee is an antivirus and/or can be obtained as a security package too.

We ready to remove tools and quarantine folders?

Astonmad · Nov 25, 2016

Yes ready for this

Juliet · Nov 25, 2016

Please download DelFix or from Here and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

********************

Answers to common security questions - Best Practices by quietman7, MVP
How Malware Spreads - How did I get infected? by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
How to Prevent Malware by miekiemoes, MVP
How to backup and restore your data using Cobian Backup by YourHighness
Slow Computer/browser? It May Not Be Malware by quietman7, MVP

AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
Secunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.

Astonmad · Nov 28, 2016

Have run delfix and everything looks fine
Thanks for all the links!

Juliet · Nov 28, 2016

We're glad to help

Astonmad · Nov 29, 2016

Juliet said:
We're glad to help

Hi Juliet

I think I may still have a problem
After signing off I was working on my PC and using an internet banking app when I got the Buzzing Dhol Trojan screen displayed. Needless to say I shut down immediately and checked my account via an iPad. No damage done I believe.
Then I followed Lawrence Abrams Malware Removal guide.
1. Checked Task Manager to remove to terminate process - nothing found
2. Uninstall program in Control panel - Nothing found
3. Use Rkill to terminate suspicious programs - results below

Checking Windows Service Integrity:

* gagp30kx [Missing Service]
* IEEtwCollectorService [Missing Service]
* IoQos [Missing Service]
* nv_agp [Missing Service]
* TimeBroker [Missing Service]
* uagp35 [Missing Service]
* uliagpkx [Missing Service]
* WcsPlugInService [Missing
Checking Windows Service Integrity:

* gagp30kx [Missing Service]
* IEEtwCollectorService [Missing Service]
* IoQos [Missing Service]
* nv_agp [Missing Service]
* TimeBroker [Missing Service]
* uagp35 [Missing Service]
* uliagpkx [Missing Service]
* WcsPlugInService [Missing Service]
* wpcfltr [Missing Service]
* WSService [Missing Service]

* agp440 [Missing ImagePath]

* AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
* WpnService => %sysService]
* wpcfltr [Missing Service]
* WSService [Missing Service]

* agp440 [Missing ImagePath]

* AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
* WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

* vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
* vmicvss => %SystemRoot%\System32\icsvcext.dll [Inctemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

* vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
* vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:
orrect ServiceDLL]

Searching for Missing Digital Signatures:

* No issues found.

* No issues found.

Checking HOSTS File:

Checking HOSTS File:

* Cannot edit the HOSTS file.

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100s
* HOSTS file entries found:

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com

20 out of 15589 HOSTS entries shown.
Please review HOSTS file for further entries.
exlinks.com
127.0.0.1 100sexlinks.com

Program finished at: 11/28/2016 08:38:58 PM
Execution time: 0 hours(s), 2 minute(s), and 19 seconds(s)

20 out of 15589 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 11/28/2016 08:38:58 PM
Execution time: 0 hours(s), 0 minute(s), and 56 seconds(s)

4. Use Malwarebytes o clean infection - Rootkits enabled

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28/11/2016
Scan Time: 22:46
Logfile: Buzzing.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.28.17
Rootkit Database: v2016.11.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Martin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 448993
Time Elapsed: 40 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

5. Use AdwCleaner - nothing for Buzzing Dhol found

6. Use Hitman Pro to to scan for badware - 2 hits

My concern is that there is something buried deep in my computer that still hasn't been found and eradicated. DO you have any ideas as to what is happening please?

Juliet · Nov 29, 2016

Don't know whats up, we'll have to search

Scan with Zemana AntiMalware Free:

Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
Please or download and install Zemana AntiMalware Free
Double-click software shortcut on the desktop and follow the prompts to install the program .
If an update is available, click the Update now button.
At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
Auto Launch > Untick the box next
Scan type > Smart scan (Default)
Close all open files, folders and browsers
Click scan now ''Run as Administrator'' and a threat Scan will begin.
When the scan is complete, Press report and send me report.
Please PC restart now.

~~~

Find your version of Farbar Recovery Scan Tool and delete it so we can get an updated copy.

Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select

Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

~~~

Malwarebytes Anti-Rootkit

Download Malwarebytes Anti-Rootkit
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.

Please click by the introduction screen on the Next button to continue.

Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.

When the update has finished, click on the Next button.

Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.

When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.

There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
- For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.

Astonmad · Nov 30, 2016

Zemana results

Zemana AntiMalware 2.70.179.25 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/11/30
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
BIOS Mode : Legacy
CUID : 1204AA09F3342AA13920DE
Scan Type : System Scan
Duration : 22m 52s
Scanned Objects : 212865
Detected Objects : 4
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Edge Homepage
Status : Scanned
Object : http://en.4yendex.com/?utm_source=sdkw&utm_medium=uk02&utm_campaign=bfdd8eb17ff0571a0eba11a8b79cd366
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Edge Homepage

Chrome Homepage
Status : Scanned
Object : http://uk.yardood.com/?tn=sdkw_inner_hp_01_yardood_uk&guid=bfdd8eb17ff0571a0eba11a8b79cd366
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Chrome Homepage

miniinstall.exe
Status : Scanned
Object : M:\Users\Martin\Downloads\miniinstall.exe
MD5 : FB89C60C198F7D316065D25C73322891
Publisher : Media Labs Limited
Size : 308560
Version : 0.1.0.23
Detection : Adware:Win32/BrowserHijack.Gen
Cleaning Action : Quarantine
Related Objects :
File - M:\Users\Martin\Downloads\miniinstall.exe

picasawin10-setup.exe
Status : Scanned
Object : M:\Users\Martin\Downloads\picasawin10-setup.exe
MD5 : 3000834990C081CD8256663285B3321C
Publisher : iLight Media LP
Size : 953720
Version : 0.0.0.0
Detection : Adware:Win32/InstallCore.Variant!Sig
Cleaning Action : Quarantine
Related Objects :
File - M:\Users\Martin\Downloads\picasawin10-setup.exe

Cleaning Result
-------------------------------------------------------
Cleaned : 4
Reported as safe : 0
Failed : 0

Astonmad · Nov 30, 2016

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2016
Ran by Martin (administrator) on MARTIN-HP (30-11-2016 23:12:54)
Running from M:\Users\Martin\Downloads
Loaded Profiles: Martin (Available Profiles: Martin & Anna & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Mirics Semiconductor Ltd) C:\Windows\System32\Hauppauge\hcwD3dvb\DVBT\DVBservice.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Google Inc.) C:\Users\Martin\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MHN\AlertHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VX3000] => C:\WINDOWS\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-08-15] (Hewlett-Packard )
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1813128 2015-12-11] (NVIDIA Corporation)
HKLM\...\Run: [IgfxTray] => "C:\WINDOWS\system32\igfxtray.exe"
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-04] (Hewlett-Packard)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [612872 2014-01-03] (EasyBits Software AS)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [61440 2006-09-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [616272 2015-05-13] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-09-11] (Western Digital Technologies, Inc.)
HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.)
HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [Google+ Auto Backup] => C:\Users\Martin\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\RunOnce: [Uninstall C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-533333334-2176733419-3778265130-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\GPhotos.scr [4587520 2015-10-13] (Google Inc.)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2014-11-08] (SEIKO EPSON CORPORATION)
ShellExecuteHooks: - {E54729E8-643D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook64.dll [773192 2014-01-05] ()
ShellExecuteHooks-x32: - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook32.dll [484936 2014-01-05] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-11-06]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2011-05-25]
ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2011-01-23]
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{49fd34a8-7140-4b34-baed-7569201fc946}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{6c148f43-6317-48e1-a91a-95a97bf9803f}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d2676523-a682-4f50-bf4b-ac96a89cc311}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll (McAfee, Inc.)
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> DefaultScope {0177F507-A638-4EAE-A88E-5D09F41D8713} URL =
SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2011-03-21] (TechSmith Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-11-24] (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-24] (Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2011-03-21] (TechSmith Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2011-03-21] (TechSmith Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2011-03-21] (TechSmith Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-08-05] (Belarc, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-24] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-24] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-24] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-24] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-10-03] (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-05-13] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\3t3y5vyl.default-1479993367878 [2016-11-30]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-10-18]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-11-17] [not signed]
FF Extension: (Motive Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2014-10-14] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-11-17] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-11-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll [2010-10-28] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-11-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-533333334-2176733419-3778265130-1001: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-11-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-11-11] (Apple Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR RestoreOnStartup: Default -> "hxxp:\/\/uk.yardood.com\/?tn=sdkw_inner_hp_01_yardood_uk&guid=bfdd8eb17ff0571a0eba11a8b79cd366"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\pdf.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => No File
CHR Plugin: (Skype Toolbars) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (McAfee Virtual Technician) - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll => No File
CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll => No File
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2016-11-30]
CHR Extension: (SiteAdvisor) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-10-02]
CHR Extension: (Skype Click to Call) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-02]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-01]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-01]
CHR HKLM-x32\...\Chrome\Extension: [hdpkpbhapgfjahbajejahjjcghiclegg] - C:\Program Files (x86)\bttb\toolbar.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2016-10-30] (Microsoft Corporation)
S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-11-26] (CyberLink)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-08-01] (CHENGDU YIWO Tech Development Co., Ltd)
R2 hcwD3bda_dvbt; C:\WINDOWS\system32\hauppauge\hcwD3dvb\DVBT\DVBService.exe [2641920 2010-12-16] (Mirics Semiconductor Ltd)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-11-28] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [681528 2010-08-06] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [166152 2016-10-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-10-28] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307576 2015-10-28] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
R1 epp; C:\EEK\bin64\epp.sys [116944 2016-06-30] (Emsisoft Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R3 hcwD3bda; C:\WINDOWS\system32\DRIVERS\hcwD3bda64.sys [116352 2010-06-29] (Mirics)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2016-11-30] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-30] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
R0 mfedisk; C:\WINDOWS\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdcwu.inf_amd64_16f6c9b501baeb7d\nvlddmkm.sys [13754928 2016-08-26] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [65576 2015-06-16] (Safer-Networking Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-11-30] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-11-30] (Zemana Ltd.)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-30 23:12 - 2016-11-30 23:12 - 00000000 ____D C:\FRST
2016-11-30 23:00 - 2016-11-30 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-11-30 22:57 - 2016-11-30 22:57 - 00000000 ___HD C:\OneDriveTemp
2016-11-30 22:25 - 2016-11-30 23:18 - 02019761 _____ C:\WINDOWS\ZAM.krnl.trace
2016-11-30 22:25 - 2016-11-30 23:18 - 00345589 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-11-30 22:25 - 2016-11-30 22:25 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-11-30 22:25 - 2016-11-30 22:25 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-11-30 22:25 - 2016-11-30 22:25 - 00001254 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-11-30 22:25 - 2016-11-30 22:25 - 00000000 ____D C:\Users\Martin\AppData\Local\Zemana
2016-11-30 22:25 - 2016-11-30 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-11-30 22:25 - 2016-11-30 22:25 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-11-29 12:31 - 2016-11-30 22:54 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2016-11-29 12:24 - 2016-11-29 12:25 - 00545492 _____ C:\WINDOWS\Minidump\112916-27453-01.dmp
2016-11-28 23:56 - 2016-11-28 23:55 - 00453211 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-235612.backup
2016-11-28 23:55 - 2016-11-28 23:55 - 00453235 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-235542.backup
2016-11-28 23:55 - 2016-11-28 23:54 - 00453259 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-235516.backup
2016-11-28 23:54 - 2016-11-28 23:49 - 00453280 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-235459.backup
2016-11-28 23:49 - 2016-11-28 23:48 - 00453303 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-234902.backup
2016-11-28 23:48 - 2016-11-28 23:48 - 00453328 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-234850.backup
2016-11-28 23:48 - 2016-11-28 23:46 - 00453353 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-234818.backup
2016-11-28 23:46 - 2016-11-28 23:43 - 00453378 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20161128-234612.backup
2016-11-28 23:44 - 2016-11-28 23:43 - 00453378 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-234409.backup
2016-11-28 23:43 - 2016-11-28 23:43 - 00453403 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-234348.backup
2016-11-28 23:43 - 2016-11-23 00:30 - 00453430 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-234342.backup
2016-11-28 22:16 - 2016-11-28 22:16 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2016-11-28 21:56 - 2016-11-28 21:56 - 00001999 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-11-28 21:56 - 2016-11-28 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-11-28 21:56 - 2016-11-28 21:56 - 00000000 ____D C:\Program Files\HitmanPro
2016-11-28 21:53 - 2016-11-28 22:19 - 00000000 ____D C:\ProgramData\HitmanPro
2016-11-28 21:38 - 2016-11-28 21:45 - 00000000 ____D C:\AdwCleaner
2016-11-28 17:55 - 2016-11-28 17:56 - 00530588 _____ C:\WINDOWS\Minidump\112816-35218-01.dmp
2016-11-28 17:27 - 2016-11-28 17:27 - 00000555 _____ C:\DelFix.txt
2016-11-28 16:53 - 2016-11-06 11:52 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-11-28 00:16 - 2016-11-28 00:17 - 00534772 _____ C:\WINDOWS\Minidump\112816-25375-01.dmp
2016-11-27 19:34 - 2016-11-27 19:35 - 00534804 _____ C:\WINDOWS\Minidump\112716-26281-01.dmp
2016-11-27 14:48 - 2016-11-29 12:24 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-27 14:48 - 2016-11-27 14:49 - 00538236 _____ C:\WINDOWS\Minidump\112716-25015-01.dmp
2016-11-24 17:16 - 2016-11-28 17:12 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-11-24 17:16 - 2016-11-24 17:16 - 00002530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-11-24 17:16 - 2016-11-24 17:16 - 00002529 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-11-24 17:16 - 2016-11-24 17:16 - 00002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-11-24 17:16 - 2016-11-24 17:16 - 00002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-11-24 17:16 - 2016-11-24 17:16 - 00002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-11-24 17:16 - 2016-11-24 17:16 - 00002472 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-11-24 17:16 - 2016-11-24 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-11-24 17:03 - 2016-11-24 17:03 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-11-23 14:32 - 2016-11-23 15:34 - 00000000 ____D C:\EEK
2016-11-23 13:01 - 2016-11-30 22:33 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-23 13:00 - 2016-11-23 13:00 - 00001208 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-23 13:00 - 2016-11-23 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-23 13:00 - 2016-11-23 13:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-23 13:00 - 2016-11-23 13:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-23 13:00 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-11-23 13:00 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-23 13:00 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-11-23 00:30 - 2016-11-09 00:30 - 00453430 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161123-003049.backup
2016-11-22 20:22 - 2016-11-22 20:22 - 00002484 _____ C:\Users\Martin\Desktop\JRT.txt
2016-11-22 09:34 - 2016-11-22 09:34 - 00003334 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-11-20 15:33 - 2016-11-20 15:33 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-MARTIN-HP-Windows-10-Pro-(64-bit).dat
2016-11-20 15:32 - 2016-11-20 15:32 - 00002345 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-11-20 15:32 - 2016-11-20 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-11-20 15:32 - 2016-11-20 15:32 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-11-20 15:31 - 2016-11-20 15:32 - 00017993 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-11-18 20:01 - 2016-11-30 22:57 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\Mozilla
2016-11-17 23:58 - 2016-11-30 22:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-10 11:13 - 2016-11-10 11:13 - 00001859 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-10 11:13 - 2016-11-10 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-10 11:11 - 2016-11-10 11:13 - 00000000 ____D C:\Program Files\iTunes
2016-11-10 11:11 - 2016-11-10 11:11 - 00000000 ____D C:\Program Files\iPod
2016-11-10 05:59 - 2016-11-10 05:59 - 00002258 _____ C:\Users\Public\Desktop\Google Earth.lnk
2016-11-10 05:59 - 2016-11-10 05:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-11-09 08:31 - 2016-11-02 12:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-09 08:31 - 2016-11-02 11:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-09 08:31 - 2016-11-02 11:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-09 08:31 - 2016-11-02 11:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-09 08:31 - 2016-11-02 11:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-09 08:31 - 2016-11-02 11:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-09 08:31 - 2016-11-02 11:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-09 08:31 - 2016-11-02 11:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-09 08:31 - 2016-11-02 11:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-09 08:31 - 2016-11-02 11:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-09 08:31 - 2016-11-02 11:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-09 08:31 - 2016-11-02 11:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-09 08:31 - 2016-11-02 11:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-09 08:31 - 2016-11-02 10:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-09 08:31 - 2016-11-02 10:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-09 08:31 - 2016-11-02 10:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-09 08:31 - 2016-11-02 10:37 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2016-11-09 08:31 - 2016-11-02 10:36 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2016-11-09 08:31 - 2016-11-02 10:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-09 08:31 - 2016-11-02 10:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-09 08:31 - 2016-11-02 10:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-09 08:31 - 2016-11-02 10:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-09 08:31 - 2016-11-02 10:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-09 08:31 - 2016-11-02 10:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-09 08:31 - 2016-11-02 10:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-09 08:31 - 2016-11-02 10:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-09 08:31 - 2016-11-02 10:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-09 08:31 - 2016-11-02 10:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-09 08:31 - 2016-11-02 10:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-09 08:31 - 2016-11-02 10:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-09 08:31 - 2016-11-02 10:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-09 08:31 - 2016-11-02 10:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-09 08:31 - 2016-11-02 10:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-09 08:31 - 2016-11-02 10:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-09 08:31 - 2016-11-02 10:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-09 08:31 - 2016-11-02 10:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-09 08:31 - 2016-11-02 10:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-09 08:31 - 2016-11-02 10:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-09 08:31 - 2016-11-02 10:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-09 08:31 - 2016-11-02 10:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-09 08:31 - 2016-11-02 08:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-09 08:30 - 2016-11-02 12:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-09 08:30 - 2016-11-02 11:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-09 08:30 - 2016-11-02 11:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-09 08:30 - 2016-11-02 11:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-09 08:30 - 2016-11-02 11:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-09 08:30 - 2016-11-02 11:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-09 08:30 - 2016-11-02 11:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-09 08:30 - 2016-11-02 11:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-09 08:30 - 2016-11-02 11:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-09 08:30 - 2016-11-02 11:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-09 08:30 - 2016-11-02 11:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-09 08:30 - 2016-11-02 11:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-09 08:30 - 2016-11-02 11:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-09 08:30 - 2016-11-02 10:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-09 08:30 - 2016-11-02 10:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-09 08:30 - 2016-11-02 10:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-09 08:30 - 2016-11-02 10:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-09 08:30 - 2016-11-02 10:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-09 08:30 - 2016-11-02 10:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-09 08:30 - 2016-11-02 10:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-09 08:30 - 2016-11-02 10:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-09 08:30 - 2016-11-02 10:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-09 08:30 - 2016-11-02 10:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-09 08:30 - 2016-11-02 10:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-09 08:30 - 2016-11-02 10:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-09 08:30 - 2016-11-02 10:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-09 08:30 - 2016-11-02 10:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-09 08:30 - 2016-11-02 10:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-09 08:30 - 2016-11-02 10:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-09 08:30 - 2016-11-02 10:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-09 08:30 - 2016-11-02 10:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-09 08:30 - 2016-11-02 10:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-09 08:30 - 2016-11-02 10:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-09 08:30 - 2016-11-02 10:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-09 08:30 - 2016-11-02 10:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-09 08:30 - 2016-11-02 10:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-09 08:30 - 2016-11-02 10:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-09 08:30 - 2016-11-02 10:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-09 08:30 - 2016-11-02 10:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-09 08:30 - 2016-11-02 10:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-09 08:30 - 2016-11-02 10:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-09 08:30 - 2016-11-02 10:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-09 08:30 - 2016-11-02 10:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-09 08:30 - 2016-11-02 10:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-09 08:30 - 2016-11-02 10:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-09 08:30 - 2016-11-02 10:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-09 08:30 - 2016-11-02 10:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-09 08:30 - 2016-11-02 10:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-09 08:30 - 2016-11-02 10:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-09 08:30 - 2016-11-02 10:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-09 08:30 - 2016-11-02 10:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-09 08:30 - 2016-11-02 10:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-09 08:30 - 2016-11-02 10:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-09 08:30 - 2016-11-02 10:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-09 08:30 - 2016-11-02 10:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-09 08:30 - 2016-11-02 10:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-09 08:30 - 2016-11-02 10:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-09 08:30 - 2016-11-02 10:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-09 08:30 - 2016-11-02 10:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-09 08:30 - 2016-11-02 10:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-09 08:30 - 2016-11-02 10:18 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-11-09 08:30 - 2016-11-02 10:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-09 08:30 - 2016-11-02 10:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-09 08:30 - 2016-11-02 10:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-09 08:30 - 2016-11-02 10:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-09 08:30 - 2016-11-02 10:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-09 08:30 - 2016-11-02 10:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-09 08:30 - 2016-11-02 10:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-09 08:30 - 2016-11-02 10:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-09 08:30 - 2016-11-02 10:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-09 08:30 - 2016-11-02 10:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-09 08:30 - 2016-11-02 10:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-09 08:29 - 2016-11-02 11:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-09 08:29 - 2016-11-02 11:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-09 08:29 - 2016-11-02 11:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-09 08:29 - 2016-11-02 11:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-09 08:29 - 2016-11-02 11:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-09 08:29 - 2016-11-02 11:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-09 08:29 - 2016-11-02 11:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-09 08:29 - 2016-11-02 11:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-09 08:29 - 2016-11-02 11:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-09 08:29 - 2016-11-02 11:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-09 08:29 - 2016-11-02 11:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-09 08:29 - 2016-11-02 11:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-09 08:29 - 2016-11-02 11:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-09 08:29 - 2016-11-02 11:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-09 08:29 - 2016-11-02 11:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-09 08:29 - 2016-11-02 11:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-09 08:29 - 2016-11-02 10:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-09 08:29 - 2016-11-02 10:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-09 08:29 - 2016-11-02 10:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-09 08:29 - 2016-11-02 10:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-09 08:29 - 2016-11-02 10:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-09 08:29 - 2016-11-02 10:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-09 08:29 - 2016-11-02 10:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-09 08:29 - 2016-11-02 10:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-09 08:29 - 2016-11-02 10:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-09 08:29 - 2016-11-02 10:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-09 08:29 - 2016-11-02 10:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-09 08:29 - 2016-11-02 10:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-09 08:29 - 2016-11-02 10:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-09 08:29 - 2016-11-02 10:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-09 08:29 - 2016-11-02 10:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-09 08:29 - 2016-11-02 10:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-09 08:29 - 2016-11-02 10:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-09 08:29 - 2016-11-02 10:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-09 08:29 - 2016-11-02 10:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-09 08:29 - 2016-11-02 10:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-09 08:29 - 2016-11-02 10:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-09 08:29 - 2016-11-02 10:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-09 08:29 - 2016-11-02 10:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-09 08:29 - 2016-11-02 10:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-09 08:29 - 2016-11-02 10:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-09 08:29 - 2016-11-02 10:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-09 08:29 - 2016-11-02 10:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-09 08:29 - 2016-11-02 10:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-09 08:29 - 2016-11-02 10:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-09 08:29 - 2016-11-02 10:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-09 08:29 - 2016-11-02 10:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-09 08:29 - 2016-11-02 10:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-09 08:29 - 2016-11-02 10:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-09 08:29 - 2016-11-02 10:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-09 08:29 - 2016-11-02 10:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-09 08:29 - 2016-11-02 10:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-09 08:29 - 2016-11-02 10:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 08:29 - 2016-11-02 10:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-09 08:29 - 2016-11-02 10:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-09 08:29 - 2016-11-02 10:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-09 08:29 - 2016-11-02 10:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-09 08:29 - 2016-11-02 10:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-09 08:29 - 2016-11-02 10:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-09 08:29 - 2016-11-02 10:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-09 08:29 - 2016-11-02 10:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-09 08:29 - 2016-11-02 10:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-09 08:29 - 2016-11-02 10:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-09 08:29 - 2016-11-02 10:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-09 08:29 - 2016-11-02 10:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-09 08:29 - 2016-11-02 10:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-09 08:29 - 2016-11-02 10:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-09 08:29 - 2016-11-02 10:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-09 08:29 - 2016-11-02 10:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-09 08:29 - 2016-11-02 10:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-09 08:29 - 2016-11-02 10:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-09 08:29 - 2016-11-02 10:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-09 08:29 - 2016-11-02 10:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-09 08:29 - 2016-11-02 10:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-09 08:29 - 2016-11-02 10:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-09 08:29 - 2016-11-02 10:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-09 08:29 - 2016-11-02 10:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-09 08:29 - 2016-11-02 10:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-09 08:29 - 2016-11-02 10:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-09 08:29 - 2016-11-02 10:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-09 08:29 - 2016-11-02 10:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-09 08:29 - 2016-11-02 10:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-09 08:29 - 2016-11-02 10:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-09 08:29 - 2016-11-02 10:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-09 08:29 - 2016-11-02 10:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-09 08:29 - 2016-11-02 10:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-09 08:29 - 2016-11-02 10:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-09 08:29 - 2016-11-02 10:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-09 08:29 - 2016-11-02 10:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-09 08:29 - 2016-11-02 10:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-09 08:29 - 2016-11-02 10:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-09 08:29 - 2016-11-02 10:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-09 08:29 - 2016-11-02 10:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-09 08:29 - 2016-11-02 10:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-09 08:29 - 2016-11-02 10:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-09 08:29 - 2016-08-02 04:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-09 08:28 - 2016-11-02 11:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-09 08:28 - 2016-11-02 11:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-09 08:28 - 2016-11-02 11:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-09 08:28 - 2016-11-02 11:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-09 08:28 - 2016-11-02 11:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-09 08:28 - 2016-11-02 11:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-09 08:28 - 2016-11-02 11:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-09 08:28 - 2016-11-02 11:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-09 08:28 - 2016-11-02 10:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-09 08:28 - 2016-11-02 10:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-09 08:28 - 2016-11-02 10:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-09 08:28 - 2016-11-02 10:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-09 08:28 - 2016-11-02 10:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-09 08:28 - 2016-11-02 10:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-09 08:28 - 2016-11-02 10:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-09 08:28 - 2016-11-02 10:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-09 08:28 - 2016-11-02 10:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-09 08:28 - 2016-11-02 10:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-09 08:28 - 2016-11-02 10:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-09 08:28 - 2016-11-02 10:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-09 08:28 - 2016-11-02 10:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-09 08:28 - 2016-11-02 10:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-09 08:28 - 2016-11-02 10:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-09 08:28 - 2016-11-02 10:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-09 08:28 - 2016-11-02 10:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 08:28 - 2016-11-02 10:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-09 08:28 - 2016-11-02 10:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-09 08:28 - 2016-11-02 10:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-09 08:28 - 2016-11-02 10:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-09 08:28 - 2016-11-02 10:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-09 08:28 - 2016-11-02 10:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-09 08:28 - 2016-11-02 10:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-09 08:28 - 2016-11-02 10:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-09 08:28 - 2016-11-02 10:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-09 08:28 - 2016-11-02 10:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-09 08:28 - 2016-11-02 10:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-09 08:28 - 2016-11-02 10:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-09 08:28 - 2016-11-02 10:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-09 08:28 - 2016-11-02 10:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-09 08:28 - 2016-11-02 10:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-09 08:28 - 2016-11-02 10:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-09 08:28 - 2016-11-02 10:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-09 08:28 - 2016-11-02 10:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-09 08:28 - 2016-11-02 10:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-09 08:28 - 2016-11-02 10:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-09 08:28 - 2016-11-02 10:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-09 08:28 - 2016-11-02 10:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-09 08:28 - 2016-11-02 09:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-09 08:28 - 2016-11-02 09:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-09 00:30 - 2016-11-02 00:30 - 00453380 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161109-003048.backup
2016-11-06 11:47 - 2016-11-06 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-11-02 00:30 - 2016-10-25 23:45 - 00453330 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161102-003054.backup
2016-10-31 11:18 - 2016-10-31 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-30 22:57 - 2015-09-20 15:43 - 00000000 ___RD C:\Users\Martin\OneDrive
2016-11-30 22:56 - 2015-05-09 07:10 - 00000000 ___RD C:\Users\Martin\iCloudDrive
2016-11-30 22:54 - 2016-10-28 01:00 - 00000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMartin.job
2016-11-30 22:54 - 2016-09-26 21:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-30 22:54 - 2016-09-26 20:57 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-30 22:54 - 2015-09-19 21:59 - 00144368 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_C6F09094.sys
2016-11-30 22:54 - 2011-04-01 23:32 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMARTIN-HP$.job
2016-11-30 22:53 - 2016-07-16 06:04 - 07340032 _____ C:\WINDOWS\system32\config\BBI
2016-11-30 22:34 - 2016-09-26 20:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-30 20:58 - 2015-09-19 23:02 - 00000000 ____D C:\Users\Martin\AppData\Local\Packages
2016-11-30 19:52 - 2016-09-26 21:41 - 00003268 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMARTIN-HP$
2016-11-30 19:43 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-30 14:06 - 2012-05-04 06:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-30 14:03 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-29 23:20 - 2016-10-28 01:00 - 00003252 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMartin
2016-11-29 14:11 - 2016-09-26 21:02 - 00000000 ____D C:\Users\Martin
2016-11-29 12:25 - 2016-07-16 06:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-11-29 12:24 - 2016-01-09 13:48 - 622957295 _____ C:\WINDOWS\MEMORY.DMP
2016-11-29 08:51 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-28 22:16 - 2014-10-14 10:02 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\bttb
2016-11-28 16:41 - 2016-09-26 20:55 - 05109456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-28 16:33 - 2015-10-30 09:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-11-28 16:33 - 2011-01-23 00:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-28 16:29 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-11-28 11:06 - 2014-05-23 16:50 - 00000000 ____D C:\Program Files (x86)\4Team Corporation
2016-11-27 13:02 - 2011-01-23 00:30 - 00000000 ____D C:\ProgramData\PDFC
2016-11-24 17:46 - 2016-07-16 11:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-24 17:36 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-24 11:26 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\System
2016-11-24 10:29 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-11-24 10:26 - 2016-09-26 21:02 - 00000000 ____D C:\Users\DefaultAppPool
2016-11-24 10:26 - 2016-09-26 21:02 - 00000000 ____D C:\Users\Anna
2016-11-23 14:23 - 2016-09-26 21:41 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-11-22 09:34 - 2015-09-20 15:43 - 00002409 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-11-22 09:27 - 2015-09-19 19:14 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-11-22 02:20 - 2011-06-30 16:36 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\Temp
2016-11-22 00:41 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-11-22 00:41 - 2009-07-14 03:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-11-18 02:31 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-16 10:36 - 2015-09-10 05:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-15 17:42 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-15 17:42 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-15 17:42 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-15 17:41 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-15 17:41 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-15 17:41 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-12 15:39 - 2011-02-14 09:06 - 00000000 ____D C:\Users\Martin\AppData\Local\Microsoft Help
2016-11-12 09:59 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-11 15:34 - 2016-09-26 21:01 - 01172814 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-11 15:30 - 2012-05-04 06:14 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-10 11:11 - 2011-02-15 09:03 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-10 05:58 - 2011-02-15 22:32 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-09 19:48 - 2011-04-14 08:30 - 00000000 ____D C:\Program Files\McAfee
2016-11-09 09:21 - 2011-02-14 08:02 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-09 03:12 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-09 03:12 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-07 15:53 - 2016-09-26 21:41 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-06 11:47 - 2015-11-13 20:24 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-11-06 11:47 - 2015-11-13 20:24 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-11-04 17:17 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-11-04 17:16 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-11-04 17:10 - 2016-07-16 11:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-11-04 14:01 - 2015-11-05 18:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-01 11:04 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp

==================== Files in the root of some directories =======

2011-03-05 12:26 - 2010-04-07 13:08 - 0076351 _____ () C:\Program Files\Photoshop CS5 Read Me.pdf
2012-06-28 22:12 - 2012-07-02 12:22 - 0000132 _____ () C:\Users\Martin\AppData\Roaming\Adobe PNG Format CS5 Prefs
2011-03-06 18:27 - 2011-03-06 18:27 - 0000000 _____ () C:\Users\Martin\AppData\Roaming\chrtmp
2012-07-26 09:58 - 2014-09-04 17:28 - 0038464 _____ () C:\Users\Martin\AppData\Roaming\Comma Separated Values (Windows).ADR
2011-07-29 17:09 - 2011-09-16 20:45 - 0001854 _____ () C:\Users\Martin\AppData\Roaming\GhostObjGAFix.xml
2011-03-06 18:26 - 2011-03-06 18:26 - 1574214 _____ () C:\Users\Martin\AppData\Roaming\winrar-x64-40b6.exe
2011-02-15 23:00 - 2011-05-20 16:53 - 0004608 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-15 11:54 - 2016-05-15 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{39896441-36D6-4A19-85ED-70E46C484B9E}
2016-05-10 11:54 - 2016-05-10 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{3DC4A054-97E5-49D2-8BD3-B2EFCA7C0289}
2016-05-08 11:54 - 2016-05-08 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{52ECCB76-F0DE-4A69-BF92-7F326FD8EFFC}
2016-08-18 19:56 - 2016-08-18 19:56 - 0000000 _____ () C:\Users\Martin\AppData\Local\{6635B36E-BCB8-45A7-9667-46FE8900ABED}
2016-05-12 11:54 - 2016-05-12 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{6865FABC-F7DA-4FA5-9B22-61E0BC21E0F7}
2016-08-17 19:56 - 2016-08-17 19:56 - 0000000 _____ () C:\Users\Martin\AppData\Local\{78DEEE97-95B0-486F-AB7C-60B4BEBCA112}
2016-05-14 11:54 - 2016-05-14 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{8B1AE2C7-3520-47DD-9780-AF265D0476C4}
2016-05-16 11:54 - 2016-05-16 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{A118CC6C-6CE1-4CB2-A802-3B5BB8236CC9}
2016-04-04 11:54 - 2016-04-04 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{A820FF9E-AAE3-4D30-8E8F-6786781C086D}
2016-04-01 11:54 - 2016-04-01 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{B838EDBB-A5DF-4258-9262-6538EABE2B28}
2016-04-03 11:54 - 2016-04-03 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{B9DACA50-F153-41BC-A339-56E0B1321660}
2016-05-13 11:54 - 2016-05-13 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{C819706A-1EA4-4AB0-966F-C23FBD4F2234}
2016-05-11 11:54 - 2016-05-11 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{D3680DE6-A4F8-4DD3-9FCB-CCEAF49D6B41}
2016-07-17 14:51 - 2016-07-17 14:51 - 0000000 _____ () C:\Users\Martin\AppData\Local\{EB723B99-43B4-4B02-8DF0-AA9C7048738E}
2016-05-09 11:54 - 2016-05-09 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{F176CB85-633A-44EC-9F1C-2D4E0A736C84}

Some files in TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\libeay32.dll
C:\Users\Martin\AppData\Local\Temp\msvcr120.dll
C:\Users\Martin\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-21 22:02

==================== End of FRST.txt ============================

Astonmad · Nov 30, 2016

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2016
Ran by Martin (30-11-2016 23:19:27)
Running from M:\Users\Martin\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-26 21:46:52)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-533333334-2176733419-3778265130-500 - Administrator - Disabled)
Anna (S-1-5-21-533333334-2176733419-3778265130-1003 - Limited - Enabled) => C:\Users\Anna
DefaultAccount (S-1-5-21-533333334-2176733419-3778265130-503 - Limited - Disabled)
Guest (S-1-5-21-533333334-2176733419-3778265130-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-533333334-2176733419-3778265130-1002 - Limited - Enabled)
Martin (S-1-5-21-533333334-2176733419-3778265130-1001 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Spybot - Search and Destroy (Disabled - Up to date) {1A0DDE8C-B4BA-EFDD-22A8-0F557C7985F0}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Akamai) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Belarc Advisor 8.5a (HKLM-x32\...\Belarc Advisor) (Version: 8.5.1.0 - Belarc Inc.)
BenVista PhotoZoom Pro 4.1 (HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\PhotoZoom Pro 4) (Version: 4.1 - BenVista Ltd.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version: - )
Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EaseUS Todo Backup Workstation 8.9 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.9 - CHENGDU YIWO Tech Development Co., Ltd)
EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version: - SEIKO EPSON Corporation)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
honestech VHS to DVD 7.0 Deluxe (HKLM-x32\...\{AC242562-1F9E-42C9-B461-E8B839093FEB}) (Version: 7.0 - honestech)
honestech VHS to DVD 7.0 Deluxe (x32 Version: 7.0 - honestech) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.14.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.37 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
iCloud (HKLM\...\{29AAC3D3-23FC-496D-8266-0E3833686758}) (Version: 6.0.2.10 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6302.0 - IDT)
Image Scan Tool (HKLM-x32\...\{C1FEE8D6-6775-4B67-BC02-281898C40988}) (Version: 1.00.0062 - 35mm Film Scanner)
iMazing 1.3.9.0 (HKLM\...\iMazing_is1) (Version: 1.3.9.0 - DigiDNA)
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.2 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 8.2 - EasyBits Software AS)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.1076 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.427.2 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 6.0.0.0 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.279 - McAfee, Inc.)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MioMore Desktop 7.50 (HKLM-x32\...\{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50) (Version: 7.50.0108.122 - Mio Technology)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mosaic Creator 3.1 (HKLM-x32\...\Mosaic Creator_is1) (Version: - )
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 50.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.1 (x86 en-US)) (Version: 50.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.1.6171 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicStation (HKLM-x32\...\MusicStationNetstaller) (Version: 1.0.1.5 - Hewlett-Packard)
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
Network Guide EPSON BX535WD Series (HKLM-x32\...\EPSON BX535WD Series Netg) (Version: - )
NVIDIA 3D Vision Driver 353.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.82 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5936 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.82 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7426.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.53.0 - Mediatek)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Serif CraftArtist (HKLM-x32\...\{C1B148C9-FACF-45F1-8356-4E1C5E3DAA5B}) (Version: 1.0.5.043 - Serif (Europe) Ltd)
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.1.008 - Serif (Europe) Ltd)
Serif PagePlus X6 (HKLM-x32\...\{E2B22002-9C8B-43CC-A75B-464B6ED4FF6B}) (Version: 16.0.3.29 - Serif (Europe) Ltd)
Serif PanoramaPlus X4 (HKLM-x32\...\{35EDE682-4AE5-47D6-B44F-103F859951DC}) (Version: 4.0.3.010 - Serif (Europe) Ltd)
Serif Photo Projects (HKLM-x32\...\{D87677F6-5F58-4BB9-8D50-78A1BF9C2F33}) (Version: 1.0.2.024 - Serif (Europe) Ltd)
Serif PhotoPlus Starter Edition (HKLM-x32\...\{A0765939-76F5-48D8-82B1-8D0BBFAD0702}) (Version: 2.0.0.002 - Serif (Europe) Ltd)
Serif PhotoPlus X6 (HKLM\...\{CCD2C5E4-F484-4499-BCB3-61E787416757}) (Version: 16.0.1.029 - Serif (Europe) Ltd)
Serif WebPlus X5 (HKLM-x32\...\{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}) (Version: 13.0.3.029 - Serif (Europe) Ltd)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Snagit 10.0.1 (HKLM-x32\...\{22FC7536-BE5C-4E88-8069-C24689D34EC5}) (Version: 10.0.1 - TechSmith Corporation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.2 - Tweaking.com)
User's Guide EPSON BX535WD Series (HKLM-x32\...\EPSON BX535WD Series Useg) (Version: - )
VIDBOX Driver (HKLM-x32\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 4.0.0 - honestech)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WD Quick View (HKLM-x32\...\{5AEBFB66-61FE-4833-ACE3-E966980E40D5}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{739778ED-D095-4725-BF78-ADFF96004C52}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{e72369b3-306a-4d10-a766-3433a65e8dc2}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.25 - Zemana Ltd.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05AE89DC-A543-4920-B0F4-E20E4FFCA8F1} - System32\Tasks\{FFEE2FD5-E28F-4F70-B151-B63B57D9454A} => C:\Program Files (x86)\35mm Film Scanner\FilmScan.exe [2009-07-03] ()
Task: {0614E216-9586-4DC9-9417-9663E71FFA81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {09DD22EA-249F-4834-94E9-2F324E944E0D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0CD58D6C-2089-4F31-B5CC-B899D7FF3FC9} - System32\Tasks\{6228F42C-E425-4399-B21B-E586A00CA1DF} => pcalua.exe -a C:\Users\Martin\Downloads\115-INST-WIN7-A(1).EXE -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {0E5D93F3-1611-48C8-85E8-05CB0E7D881D} - System32\Tasks\Symantec\Norton Error Processor 18.5.0.125 => C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\SymErr.exe
Task: {0E8551ED-005D-40C6-90E3-80D5843F8DBB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {12284962-F2BE-4AC1-85AD-AEC697294BC3} - System32\Tasks\Microsoft_Hardware_Launch_vVX3000_exe => C:\WINDOWS\vVX3000.exe [2010-05-20] (Microsoft Corporation)
Task: {14446A5D-88D3-4FDB-93EE-EE32E4F58142} - System32\Tasks\HPCeeScheduleForMartin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {1598057A-7424-46EA-A48E-8D78E4531E85} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-28] ()
Task: {187099FF-FE18-4331-9C41-B02AADDFF755} - System32\Tasks\{DE2F76FB-B155-4B2E-9846-71432718037E} => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe [2006-04-21] (Macromedia, Inc.)
Task: {215E25A8-2541-437F-9A2C-465441E8307A} - System32\Tasks\Western Digital\SmartWare\____Volume_4b465ed5_26a1_11e0_bb51_806e6f6e6963__dropbox_23dfcfe8_f183_4963_a22e_b9dc3ae8a55e_dropbox_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-10-28] (Western Digital Technologies, Inc.)
Task: {26E14C57-552E-49CF-8956-A5A72019799B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {27C411B7-E322-486B-938E-48EF225CFC07} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2F0B2903-9F5B-4E96-8394-51698C1980DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3691FF85-D708-409B-BE7A-284ADA2BCFB2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {392AAB2B-15F7-48B1-B07E-0BE480D834F6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3C3AF73B-1EA9-4250-8FAD-C9DF989355E3} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-05-06] (McAfee, Inc.)
Task: {3CE545F3-0B06-4985-B51E-D63CD1773699} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09] (Adobe Systems Incorporated)
Task: {3CFC37AD-32B2-4DC6-A426-A306BA854455} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {3E0E9501-F7DC-47E5-B011-4F1450ACA57E} - System32\Tasks\{29D7B097-F55A-4436-A447-8977E1986E20} => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe [2006-04-21] (Macromedia, Inc.)
Task: {4174D0B1-D662-4442-BE05-E74FDA7AB687} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {42DEC54C-DB9E-4D53-8039-70F74ED236C6} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {4D89D042-9FB4-4E7D-BA19-9E9C33F1F719} - System32\Tasks\Daily => C:\Program Files (x86)\Spybot - Search & Destroy 2\Scripts\Example 02 - example scans.sds [2012-10-29] ()
Task: {510AB855-474D-4E43-BCE3-662568D0E596} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {56A2763D-6CBC-4348-A246-DECE18E3A875} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {598BB8AC-231C-4814-AEAA-291E2B7CB0C6} - System32\Tasks\HPCeeScheduleForMARTIN-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {5A6E19C2-F449-4A3B-B261-0636349A9B58} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {6CB2D1EB-FD9D-4D98-AC55-8745B7153DA9} - System32\Tasks\{CA6260C8-24BA-4054-8620-31BB8A064E86} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-08-17] (Skype Technologies S.A.)
Task: {74E5A384-9195-4384-A950-4D23C0BBF63D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-09] (Microsoft Corporation)
Task: {75E207A5-0575-446A-974A-D178024369F1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {7A18682A-8757-4849-8C82-2ADE120EE512} - System32\Tasks\AdobeAAMUpdater-1.0-Martin-HP-Martin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {7B0DFFF0-6088-41CF-A75A-878BA845C91F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8465E2C1-36AD-4EA3-8ECA-5C561635B621} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {85581298-1194-4866-AD63-789771491A6A} - System32\Tasks\{E1957BC0-C026-4210-8358-6E37C3F9A090} => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe [2006-04-21] (Macromedia, Inc.)
Task: {86D55289-1B69-4477-95BD-1F63121FD581} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {8F86C186-9A71-4017-860D-1C7779BDFC26} - System32\Tasks\WSSHelper => C:\Program Files (x86)\Common Files\Winferno\WSS\WSSHelper.exe
Task: {90E542B9-106F-41A5-A1F1-03AE1DD0E68A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-10-05] (Apple Inc.)
Task: {97673B7C-FA99-4729-B685-0C72C685757B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {9B6C72FF-CEAA-4D76-9477-ED04C092112C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {9D68AD1A-3850-45B6-BC03-009D74EB709E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A1D35F98-7D4F-4EC2-9239-00601DC46FCE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A489B528-91C6-4184-A0AF-723508AC6495} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {A87B0C08-0B05-4951-BDF8-FA27099AB5F6} - System32\Tasks\Symantec\Norton Error Analyzer 18.5.0.125 => C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\SymErr.exe
Task: {A894259E-D7D0-41BB-AED3-1D8F66401E39} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AD8197BA-0FD9-4941-9005-970CBCFD0381} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {AFD362E1-DB14-4E9E-AD21-32A2AC1AFD69} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B10439E1-E185-4DB2-807B-DD6AC98B530E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B2C67E43-C09B-42DF-BD65-F85EC7340EB3} - System32\Tasks\Western Digital\SmartWare\____Volume_4b465ed5_26a1_11e0_bb51_806e6f6e6963__uuid_73656761_7465_7375_636b_0090a9dcf81c_SmartWare_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-10-28] (Western Digital Technologies, Inc.)
Task: {B50CF033-A1EB-4EF0-84C9-D9546460808B} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {B92A5C1F-2083-497F-B44F-60F380623673} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B979D5A2-E055-4C5B-A41E-E736D1C5F488} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B9C2FF09-69BB-45F2-9D0D-F8A85DD93129} - System32\Tasks\{3B3EBCEE-B984-44EF-BC57-F99482C4B642} => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe [2006-04-21] (Macromedia, Inc.)
Task: {BC878DA5-DAED-4628-B8C5-FA73919A9A26} - System32\Tasks\{648E1FA9-CA1A-4568-A552-1C6597A5E983} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsBing
Task: {BFF67B77-B173-458D-8412-DF9139FA6F17} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {C0BFAEC9-4454-4F25-8F89-1D2486119E0E} - System32\Tasks\{82A64CB8-4071-4AC6-AD31-7CF39D8754AB} => pcalua.exe -a C:\Users\Martin\Downloads\delinf_10100(1).EXE -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {C0C86764-46EE-4D2D-AC66-2975E4FA513A} - System32\Tasks\{F8FD3EBE-EDC5-4CF4-86E8-AB94313C94E1} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2016-08-17] (Skype Technologies S.A.)
Task: {C35D62DE-3859-448A-AC42-52AB702CF849} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C36E8E24-AFC1-47B5-904A-A9A7DDD310DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {C3D6E275-57AC-417E-BE9B-FE759B44F4FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {C4D5D3CC-58F8-43D2-AC4F-FA91F4439F57} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C7E0966E-25A1-4F1B-B374-3627873FA6D9} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {CEFA543F-CCF0-419B-9667-215AB4EC0C15} - System32\Tasks\{F13810A2-3332-40E8-AAE1-D273D7818EC0} => pcalua.exe -a C:\Users\Martin\Downloads\delinf_10100(2).EXE -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {D0736407-184C-4629-BAF7-A43330150658} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {D2ADBA07-F78C-44DF-9833-3EFCC5481143} - System32\Tasks\{AC45DD11-EBEB-4DB8-B42F-B9E9F883FFF0} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsBing
Task: {D686E3AB-0E50-459E-A154-4E030A0A2BAE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {E367ECC4-E50B-4359-A3B0-F6C92C862936} - System32\Tasks\{E06625AA-4F8B-4518-992E-7B9D49146439} => C:\Program Files (x86)\35mm Film Scanner\FilmScan.exe [2009-07-03] ()
Task: {E6E7C19D-30C3-44EF-BF9D-322E845BB89A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E8FA7856-F1C0-48C9-88EE-4613503C97E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {EBC5A77F-46CF-424A-8730-DA8AA01F0B68} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F0FB8856-9D73-4FCC-BC55-68B1C3A146E7} - System32\Tasks\{06C25C85-4F6A-46CD-A7AA-D967E15ACD89} => C:\Program Files (x86)\35mm Film Scanner\FilmScan.exe [2009-07-03] ()
Task: {F3E951DB-A7B4-499C-932D-ABD264F18193} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {F5582C46-1590-4BC3-A83B-21AC7170B8BB} - System32\Tasks\{84BA5F9C-5595-48F4-A30E-01710CDE1C0A} => C:\Program Files (x86)\35mm Film Scanner\FilmScan.exe [2009-07-03] ()
Task: {F591307A-D18B-4D33-A2C0-6A595CDC5EED} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F5AD6A46-8ED6-459D-BF33-31B63513D647} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {F809B3DB-23B7-4759-B88C-17638039582F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {F8ED6EC5-D0C4-43F0-8E1B-60999EB74E24} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-11-24] (Microsoft Corporation)
Task: {F9E30966-5310-4840-B58B-451BB1300581} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {FC168DBD-8327-4CC8-BEBE-28B294DC8806} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMARTIN-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMartin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job => C:\WINDOWS\vVX3000.exe
Task: C:\WINDOWS\Tasks\WSSHelper.job => C:\Program Files (x86)\Common Files\Winferno\WSS\WSSHelper.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-30 14:08 - 2016-09-15 17:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-26 20:57 - 2016-08-01 12:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2006-09-14 06:56 - 2006-09-14 06:56 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2009-12-18 22:18 - 2009-12-18 22:18 - 00420864 _____ () C:\WINDOWS\system32\hauppauge\hcwD3dvb\DVBT\cutil64.dll
2015-11-28 11:58 - 2015-11-03 12:18 - 00249384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2016-09-30 14:08 - 2016-09-15 17:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-22 09:33 - 2016-11-22 09:33 - 01864384 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-11-24 17:19 - 2016-11-24 17:19 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2011-01-23 00:30 - 2009-02-28 03:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2016-09-27 05:48 - 2016-09-27 05:48 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-09 08:30 - 2016-11-02 10:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 08:29 - 2016-11-02 10:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 08:29 - 2016-11-02 10:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 08:29 - 2016-11-02 10:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 08:29 - 2016-11-02 10:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 08:29 - 2016-11-02 10:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 08:29 - 2016-11-02 10:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2010-09-15 18:31 - 2010-09-15 18:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2016-11-17 12:00 - 2016-11-17 12:00 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-17 12:00 - 2016-11-17 12:00 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-17 12:00 - 2016-11-17 12:00 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-09-30 14:09 - 2016-09-15 17:29 - 03388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2016-11-04 04:16 - 2016-11-04 04:16 - 02549248 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.2850.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2016-11-04 04:16 - 2016-11-04 04:16 - 00139264 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.2850.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2015-11-28 11:58 - 2015-09-21 17:00 - 00080936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2015-11-28 11:58 - 2015-11-03 02:45 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2015-11-28 11:58 - 2015-11-03 02:45 - 00186408 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2015-11-28 11:58 - 2015-11-03 02:45 - 00165416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2015-11-28 11:58 - 2015-11-03 02:45 - 00058408 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2015-11-28 11:58 - 2015-11-03 02:45 - 00015912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2015-11-28 11:58 - 2015-06-22 16:58 - 00108072 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2015-11-28 11:58 - 2015-09-23 16:58 - 00030760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-11-28 11:58 - 2015-09-23 16:58 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2015-11-28 11:58 - 2014-12-14 16:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2015-11-28 11:58 - 2015-03-14 03:54 - 00281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-11-28 11:58 - 2015-09-23 16:58 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2015-11-28 11:58 - 2015-09-23 16:58 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-11-28 11:58 - 2015-06-22 16:58 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2015-11-28 11:58 - 2015-11-02 22:03 - 00769064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-11-28 11:58 - 2015-06-22 16:58 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-11-28 11:58 - 2015-11-03 12:18 - 00111656 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2015-11-28 11:58 - 2015-11-02 22:03 - 00169512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
2015-11-28 11:58 - 2015-11-10 10:07 - 00501800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
2015-11-28 11:58 - 2015-06-22 16:58 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2015-11-28 11:58 - 2015-08-01 07:10 - 00025128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2015-11-28 11:58 - 2015-09-23 16:58 - 00201768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-11-28 11:58 - 2015-06-22 16:58 - 00136232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00353832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00027176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2015-11-28 11:58 - 2015-09-23 16:58 - 00138792 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2015-11-28 11:58 - 2015-09-23 16:58 - 00146984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00050216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00061992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00089640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
2015-11-28 11:58 - 2014-12-15 00:53 - 00056360 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2015-09-19 23:09 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-19 23:09 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-19 23:09 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-19 23:09 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-11-07 17:58 - 2013-11-07 17:58 - 00244736 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-11-07 17:58 - 2013-11-07 17:58 - 00271360 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2013-11-07 17:57 - 2013-11-07 17:57 - 00237056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-24 07:55 - 2013-04-24 07:55 - 01581056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\libxmljs\build\Release\xmljs.node
2013-04-18 16:55 - 2013-04-18 16:55 - 00068608 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2015-11-28 11:58 - 2014-12-15 00:53 - 00223784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2016-10-05 18:18 - 2016-10-05 18:18 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:18 - 2016-10-05 18:18 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-01-06 09:52 - 2014-01-06 09:52 - 03244032 _____ () C:\Users\Martin\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2016-11-22 09:33 - 2016-11-22 09:33 - 01383616 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-11-22 09:33 - 2016-11-22 09:33 - 00118976 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2011-01-23 00:30 - 2009-02-20 01:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7916 more sites.

IE trusted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\internet -> internet
IE trusted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\mcafee.com -> hxxp://mcafee.com
IE trusted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\mcafee.com -> hxxps://mcafee.com
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\123simsen.com -> www.123simsen.com

There are 7916 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2016-11-28 23:56 - 00453188 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123simsen.com
127.0.0.1 www.123simsen.com
127.0.0.1 123topsearch.com

There are 15547 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-533333334-2176733419-3778265130-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{DB5AE92C-38A8-4EB7-9935-03D6FAD3419C}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{11D778F4-8ED3-4B27-8B01-A21F32D5B210}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A43C0283-B403-46E4-A34E-AF96FBD9CBD3}] => C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{DA87C82E-88C8-415F-B861-FC29BF14AE38}] => C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{0FF00DA6-EE83-4FAB-9C01-86A4C0BF2080}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{048F36B7-5D07-4F60-862E-B0FB756506A9}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CD8623F3-1726-4B88-B83D-753973C6363B}] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{4831F8C3-446D-4E1E-89C2-F89538A9EE6D}] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{620C6590-7329-401A-B5D9-7DE79D7E6FB5}] => LPort=5353
FirewallRules: [{B29CAEBF-88FE-45E4-9565-FF037DC3DE0D}] => C:\Program Files (x86)\EPSON Software\EPSON Printer Finder\WCStart.exe
FirewallRules: [{0B7D64DA-44E6-41F2-8591-8FAB2D40737F}] => C:\Program Files (x86)\EPSON Software\EPSON Printer Finder\WCStart.exe
FirewallRules: [{EC95B9EB-3DFB-4BD5-B634-7A40C61F4A9D}] => C:\Program Files (x86)\EPSON Software\EPSON Printer Finder\WCStart.exe
FirewallRules: [{DFF31ABD-EBAB-4189-8042-0F417050EE8C}] => C:\Program Files (x86)\EPSON Software\EPSON Printer Finder\WCStart.exe
FirewallRules: [{CD69593C-682F-4515-A495-EA06718B65CB}] => C:\Windows\twain_32\escndv\escfg.exe
FirewallRules: [{42C5C1DB-37D2-4D3F-A45D-3B9195A5F2B8}] => C:\Windows\twain_32\escndv\escfg.exe
FirewallRules: [{75B64F1E-1EC2-4C6C-B092-F85317FD60E9}] => C:\Windows\twain_32\escndv\escfg.exe
FirewallRules: [{AB697919-5C5E-48B0-985E-1DEDD2E62CEA}] => C:\Windows\twain_32\escndv\escfg.exe
FirewallRules: [{E67A7695-D2F3-478C-83C4-77B1839484EE}] => C:\Windows\twain_32\escndv\escndv.exe
FirewallRules: [{4A1961CE-4186-4358-A5E2-2AB5B194FE20}] => C:\Windows\twain_32\escndv\escndv.exe
FirewallRules: [{9A18A027-9EA7-4763-9C1B-209A1C17E070}] => C:\Windows\twain_32\escndv\escndv.exe
FirewallRules: [{D6BC7C85-E576-46A8-8D05-19402F17D113}] => C:\Windows\twain_32\escndv\escndv.exe
FirewallRules: [{BF0C4C55-51C7-4F04-8BCB-A5296C0ED660}] => C:\Program Files (x86)\EPSON Software\Event Manager\EProjManager.exe
FirewallRules: [{E01DACD0-073D-4197-865B-FB58DF5EE8AF}] => C:\Program Files (x86)\EPSON Software\Event Manager\EProjManager.exe
FirewallRules: [{AF7B53E6-BDA4-42A4-8935-AD589C4283FF}] => C:\Program Files (x86)\EPSON Software\Event Manager\EProjManager.exe
FirewallRules: [{E09BE28B-7A99-492C-928B-FEC11831187E}] => C:\Program Files (x86)\EPSON Software\Event Manager\EProjManager.exe
FirewallRules: [{EC614D59-A150-4BF7-A53C-5248D95C418C}] => C:\Program Files (x86)\bttb\dtuser.exe
FirewallRules: [{A609A1CC-5686-4311-AF6D-C6BA939D1CFE}] => C:\Program Files (x86)\bttb\dtuser.exe
FirewallRules: [{190ADD7C-5ED9-445C-BEF0-D9DFDCCD48E1}] => C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{1D34AEED-E6F1-403E-8E7C-ABCC86D53F67}] => C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{48146D4E-809A-4C7C-8DF8-290C446083F2}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{B7F2A652-9204-4C9D-AD59-98DAD5D1486E}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{7714E108-2262-4E49-AB54-A1D275F73668}] => C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{B0F9658C-33EE-4AD8-86FE-6EB05A1365C4}] => C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{77B44DB2-6E4E-4E79-95E4-FC4ED7612997}] => LPort=5000
FirewallRules: [{B38861C2-AE5E-4963-A263-261F4D5128A6}] => LPort=51011
FirewallRules: [{2B79340D-944C-4297-A67B-698729E9C68E}] => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe
FirewallRules: [{2B446D4C-092A-40B5-97E6-47C1DE1DF484}] => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe
FirewallRules: [{FA771CD6-FFD6-4C39-9434-EE32E80153E8}] => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe
FirewallRules: [{218CCFFA-0B57-4B35-8F42-1BBE5C5FC9AA}] => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe
FirewallRules: [{BDDA1436-0C1C-4E9C-BE36-F2897BF902CF}] => C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{97FCEE95-199D-40F2-A23C-1390776EC144}] => C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{794F8D5C-AF6B-4D93-915F-1E0AE42EB895}] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{7B7E1D29-03A4-40A7-BF3A-37915DB37AAC}] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{073E3BEB-1732-4E25-AB88-D13B303048FC}] => C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{BE70B139-E431-4C43-9995-18E1E230899E}] => C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{E2E473E0-6433-40D1-A468-C8760EBF7C66}] => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{696EF457-AC6F-49CD-807B-AD5025E539A6}] => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{9A8BB6A1-4191-4A7F-B2E4-F97685157372}] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{C66AD37F-B1F5-4A62-892B-5D24529AA339}] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{52F0E548-3C5C-4BF8-9108-199D917ED786}] => C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{E0EA391F-1AA6-4F6C-9ADB-15628A404219}] => C:\Program Files (x86)\AVG\AVG10\avgemca.exe
FirewallRules: [{7E631EF6-669F-4651-809A-62F1DC2E5343}] => C:\Program Files (x86)\AVG\AVG10\avgam.exe
FirewallRules: [{D3D3D90A-C2BF-4B4F-BF8C-FCF89E9F03F5}] => C:\Program Files (x86)\AVG\AVG10\avgam.exe
FirewallRules: [{1F92CCAA-E074-44DC-AAA4-76A2CDEEB52C}] => C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{BC96263A-A25D-49F5-97E2-AC5A23E6B024}] => C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
FirewallRules: [{DA8B1CDB-4E8F-4392-95D7-374593CD6C8A}] => C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{85EA3B22-2355-498B-936D-1144BD221F8E}] => C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
FirewallRules: [{D848EA26-E465-432C-9E1B-72353E89E690}] => C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{3247F576-1C26-4ABB-9B95-40150CA992ED}] => C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
FirewallRules: [{84B3FFD7-1937-4E1F-BF8C-E35DE488A425}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{01F33532-5261-4E64-93F4-674397971FE4}] => LPort=1900
FirewallRules: [{5DB8BB49-9CF1-40D2-992A-88AE19E8F700}] => LPort=2869
FirewallRules: [{95130874-0710-4CB4-B393-FBBD87272DF4}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6658DAE7-691A-4490-A73A-EF07EE0CC322}] => C:\Program Files (x86)\EasyBits For Kids\Programs\My First Browser\MyFirstBrowser.exe
FirewallRules: [{96467AA4-EFBC-45DB-AE59-8EBA7A2E6F3C}] => C:\Program Files (x86)\EasyBits For Kids\Programs\My First Browser\MyFirstBrowser.exe
FirewallRules: [{FEE86126-7465-41A6-8751-B4BA18FB4246}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{0B97665B-15BA-4836-8AA1-69D21A013BD1}] => C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{F23B5980-2488-445E-989E-43899FF50C3C}] => C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{0408339F-96FF-4A80-A7B3-353EC0AEC8A9}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{DFCE5392-1D18-4126-B86A-96A36DB16BB1}] => c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{EB927130-8C37-4279-A69D-57681ABE5AEE}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E43067BA-E8BA-453F-AC50-07F443C75F71}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{50580A1A-6226-4814-961C-9F9C59A07089}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EF3E0986-85C2-4C33-B69D-A51E7939E6EE}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6C5BEB1C-3467-4BA4-94D9-47249DFF4133}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C2BB06C0-28BF-4720-A16E-D734FD76E139}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7855EA53-8C88-4839-9A52-804B8563DDBA}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{E2F9CD88-4273-40D3-B596-B2C83D895028}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{15D6ACE8-4517-4336-877B-4EEDE1C56FE1}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{0D0F7415-22D6-4D8E-AAE6-C7D887894C85}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{28B7CAFB-63C8-496E-8FD2-0B1ECDFC7D2A}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{34E5431C-6AE1-4868-9801-8E4EC241F714}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{0B0ABBA2-8F37-4FFA-8751-67E643F5F920}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{40DD41F1-4D07-416B-A911-543305587EB4}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [TCP Query User{E575C42D-6E88-40AF-B287-101B3889CB0F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{1105CD95-EFF7-4733-9CB5-F330B60507FA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{ED575A35-D137-4DFD-9F1E-9C83F39A7A06}] => C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
FirewallRules: [{B8DA82DB-48F5-42E3-95A3-122AE10C0FF2}] => C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
FirewallRules: [{578213BA-71D9-4D62-A895-B0BC36BABD2E}] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
FirewallRules: [{82911D5E-EB0B-4669-A80D-0922986BBF1E}] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
FirewallRules: [{F90D489A-F8BF-4305-90A1-80FCAA01C21B}] => C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [{9090C362-FACB-4CAF-ABB5-72A2DF6BABB8}] => C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
FirewallRules: [{27221EFC-6087-4FC7-8712-DEBFA9B148A6}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3B8550A9-6F9A-4918-80DD-DC63FD1047D4}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2016 10:56:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AppleSyncNotifier.exe, version: 1.6.77.0, time stamp: 0x4e8235f7
Faulting module name: MSVCR80.dll, version: 8.0.50727.9268, time stamp: 0x573d297f
Exception code: 0xc000000d
Fault offset: 0x00008aa0
Faulting process id: 0x22b0
Faulting application start time: 0x01d24b5cf876a0b1
Faulting application path: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
Faulting module path: C:\WINDOWS\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\MSVCR80.dll
Report Id: 8912fff7-c47d-4194-bb03-46da5dbf1a85
Faulting package full name:
Faulting package-relative application ID:

Error: (11/30/2016 10:55:10 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (11/30/2016 10:54:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPAuto.exe, version: 1.0.12494.3472, time stamp: 0x4c5b77b7
Faulting module name: HPAuto.exe, version: 1.0.12494.3472, time stamp: 0x4c5b77b7
Exception code: 0xc0000005
Fault offset: 0x0000000000007bd2
Faulting process id: 0xbac
Faulting application start time: 0x01d24b5ca56e71ad
Faulting application path: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
Faulting module path: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
Report Id: 64cfef0f-f05e-4896-9885-b8ffe0cc3c36
Faulting package full name:
Faulting package-relative application ID:

Error: (11/30/2016 10:32:02 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\Tools.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\Tools.dll" on line 2.
The manifest file root element must be assembly.

Error: (11/30/2016 10:32:00 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll" on line 2.
The manifest file root element must be assembly.

Error: (11/30/2016 10:32:00 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll" on line 2.
The manifest file root element must be assembly.

Error: (11/30/2016 10:31:59 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDResources.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDResources.dll" on line 2.
The manifest file root element must be assembly.

Error: (11/30/2016 10:31:59 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDEvents.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDEvents.dll" on line 2.
The manifest file root element must be assembly.

Error: (11/30/2016 10:31:59 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDLists.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDLists.dll" on line 2.
The manifest file root element must be assembly.

Error: (11/30/2016 10:31:59 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll" on line 2.
The manifest file root element must be assembly.

System errors:
=============
Error: (11/30/2016 11:07:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service hung on starting.

Error: (11/30/2016 11:06:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/30/2016 11:03:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/30/2016 11:03:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (11/30/2016 11:00:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Support Solutions Framework Service service hung on starting.

Error: (11/30/2016 10:58:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Home Network service hung on starting.

Error: (11/30/2016 10:54:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Auto service terminated unexpectedly. It has done this 1 time(s).

Error: (11/30/2016 10:54:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ZAMSvc service to connect.

Error: (11/30/2016 10:54:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetMsmqActivator service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/30/2016 10:54:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetPipeActivator service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

CodeIntegrity:
===================================
Date: 2016-11-30 23:24:01.289
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2016-11-30 23:13:29.017
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-30 22:55:21.624
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-30 22:54:27.805
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2016-11-30 22:32:35.191
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2016-11-30 22:23:09.774
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2016-11-30 22:16:00.533
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2016-11-30 21:47:36.019
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2016-11-30 21:27:00.931
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

Date: 2016-11-30 21:17:34.534
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 65%
Total physical RAM: 4078.54 MB
Available physical RAM: 1400.98 MB
Total Virtual: 8942.54 MB
Available Virtual: 5021.32 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:937.79 GB) (Free:749.63 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:15.72 GB) (Free:1.9 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive m: (OS) (Fixed) (Total:447.01 GB) (Free:107.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: A1CBFC44)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=937.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=15.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 0605DC0B)

Partition: GPT.

==================== End of Addition.txt ============================

Astonmad · Dec 1, 2016

mbar-log

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2016.11.30.11
rootkit: v2016.11.20.01

Windows 10 x64 NTFS
Internet Explorer 11.447.14393.0
Martin :: MARTIN-HP [administrator]

30/11/2016 23:34:44
mbar-log-2016-11-30 (23-34-44).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 449497
Time elapsed: 32 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Astonmad · Dec 1, 2016

System log - Nothing found

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.447.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, M:\ DRIVE_FIXED
CPU speed: 3.293000 GHz
Memory total: 4276658176, free: 1306554368

Downloaded database version: v2016.11.30.11
Downloaded database version: v2016.11.20.01
Downloaded database version: v2016.11.29.02
=======================================
Driver version: 0.3.0.4
------------ Kernel report ------------
11/30/2016 23:34:30
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\mfedisk.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\system32\drivers\EUBKMON.sys
\SystemRoot\system32\drivers\eubakup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\??\C:\EEK\bin64\epp.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\WINDOWS\system32\drivers\EuFdDisk.sys
\??\C:\WINDOWS\system32\drivers\eudskacs.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nvhdcwu.inf_amd64_16f6c9b501baeb7d\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\circlass.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\system32\drivers\mfeaack.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\system32\DRIVERS\VX3000.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hcwD3bda64.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\hidir.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\Drivers\adfs.SYS
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\WINDOWS\system32\Drivers\rikvm_C6F09094.sys
\??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\SystemRoot\System32\drivers\WSDPrint.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
main: v2016.11.30.11
rootkit: v2016.11.20.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffd38aa9936060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffd38aa9854a00, DeviceName: Unknown, DriverName: \Driver\mfedisk\
DevicePointer: 0xffffd38aa9936ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffd38aa9936060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffd38aa9702060, DeviceName: \Device\00000025\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A1CBFC44

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition is bootable
Partition file system is NTFS

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1966690304
Partition is not bootable
Partition file system is NTFS

Partition 2 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 3873128448 Numsec = 921600
Partition is not bootable
Partition file system is NTFS

Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3874050048 Numsec = 32976896
Partition is bootable
Partition file system is NTFS

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffd38aa9935060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffd38aa9852df0, DeviceName: Unknown, DriverName: \Driver\mfedisk\
DevicePointer: 0xffffd38aa9853ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffd38aa9935060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffd38aa9748060, DeviceName: \Device\00000026\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 605DC0B

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 1185534156
GPT Header CurrentLba = 1 BackupLba 937703087
GPT Header FirstUsableLba 34 LastUsableLba 937703054
GPT Header Guid a652145c-4ab9-403b-b8ed-cfd7ca371f1b
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 1185534156
Backup GPT header CurrentLba = 937703087 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 937703054
Backup GPT header Guid a652145c-4ab9-403b-b8ed-cfd7ca371f1b
Backup GPT header Contains 128 partition entries starting at LBA 937703055
Backup GPT header Partition entry size = 128

Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 6896e2e2-75fe-4324-9a55-37df7d42d92
FirstLBA 34 Last LBA 262177
Attributes 0
Partition Name Microsoft reserved partition

Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID e0319672-ce61-4562-9024-9dd79566dca
FirstLBA 263168 Last LBA 937702398
Attributes 0
Partition Name

Disk Size: 480103981056 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffd38aacb8d060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffd38aacb81040, DeviceName: Unknown, DriverName: \Driver\mfedisk\
DevicePointer: 0xffffd38aacb8dae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffd38aacb8d060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffd38aacb76a70, DeviceName: \Device\00000049\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffd38aacb33610, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffd38aacb11760, DeviceName: Unknown, DriverName: \Driver\mfedisk\
DevicePointer: 0xffffd38aacb88530, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffd38aacb33610, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffd38aacb7b620, DeviceName: \Device\0000004a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffd38aacb99060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffd38aacb97240, DeviceName: Unknown, DriverName: \Driver\mfedisk\
DevicePointer: 0xffffd38aacb99ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffd38aacb99060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffd38aacb7c060, DeviceName: \Device\0000004b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffd38aa9e23060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffd38aa9e22800, DeviceName: Unknown, DriverName: \Driver\mfedisk\
DevicePointer: 0xffffd38aa9e23ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffd38aa9e23060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
DevicePointer: 0xffffd38aacb80060, DeviceName: \Device\0000004c\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507ded2cb4f7f4c\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntlanman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drprov.dll" is sparse (flags = 32768)
File "C:\Windows\System32\davclnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\davhlpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devrtl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spinf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drvstore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drvstore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcr90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcp90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mapi32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\vds_ps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcr80.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcp80.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.321_none_baab3cb4359688b4\GdiPlus.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cabinet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mqsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\BITSPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BITSPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\shfolder.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oledlg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\jsproxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshqos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSHTCPIP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wship6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NapiNSP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpnsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winrnr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\perfos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\logoncli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\traffic.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wmiclnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\mscoree.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\40571abae9422cd2ca6fafbbde1c3cdc\mscorlib.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08da6b6698b412866e6910ae9b84f363\System.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f6ebd52be27fe627fed0d185c6a9c0d5\System.Core.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\aa9c29b70b4cceab890eb841f89d73e9\System.Configuration.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7532301b00fac8def2f526ca8b480e11\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\a280fac0c231c9d6d5f1274c2180d594\System.Management.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pdh.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wmiutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rtutils.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\PERFCOUNTER.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\PERFCOUNTER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ASPNET_COUNTERS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ASPNET_COUNTERS.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASPNET_PERF.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASPNET_PERF.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASPNET_PERF.DLL" is sparse (flags = 32768)
File "C:\Windows\splwow64.exe" is sparse (flags = 32768)
File "C:\Windows\splwow64.exe" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MSASCuiL.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cryptui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\System32\atlthunk.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptdll.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxva2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dsound.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\riched20.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msls31.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PORTABLEDEVICEAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PORTABLEDEVICEAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PORTABLEDEVICETYPES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PORTABLEDEVICETYPES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sti.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiatrace.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wer.dll" is sparse (flags = 32768)
File "C:\Windows\System32\xmllite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\loadperf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Faultrep.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mlang.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MICROSOFTACCOUNTTOKENPROVIDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MICROSOFTACCOUNTTOKENPROVIDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\npmproxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rmclient.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netprofm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wpnapps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERMGRCLI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERMGRCLI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONECOREUAPCOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONECOREUAPCOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFREADWRITE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFREADWRITE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcacli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\avrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hhctrl.ocx" is sparse (flags = 32768)
File "C:\Windows\System32\hid.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcLayers.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcLayers.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiadss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srclient.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vssapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vsstrace.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d2d1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d2d1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\evr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSAUDDECMFT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSAUDDECMFT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\quartz.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qasf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WMVCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msdmo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WMASF.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MP3DMOD.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\shdocvw.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREENPS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREENPS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\twinui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\twinui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SYSTEM.LAUNCHER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SYSTEM.LAUNCHER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPPORTINGLIBRARY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPPORTINGLIBRARY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dsclient.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SHAREHOST.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHAREHOST.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STATEREPOSITORY.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STATEREPOSITORY.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHELL.SERVICEHOSTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHELL.SERVICEHOSTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LOCKAPPBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LOCKAPPBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\VEEVENTDISPATCHER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\VEEVENTDISPATCHER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MrmCoreR.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msxml3.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\213003369298faf75651a6b8981dce12\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\security.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DLNASHEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DLNASHEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PLAYTODEVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PLAYTODEVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVDISPITEMPROVIDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVDISPITEMPROVIDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\idndl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\normaliz.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ieframe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ieframe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mstask.dll" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\REMINDERSSERVER.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\REMINDERSSERVER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ACTIONURISERVER.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ACTIONURISERVER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\mshtml.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mshtml.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msimtf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\D3D10WARP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\D3D10WARP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\notepad.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BACKGROUNDTASKHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\BACKGROUNDTASKHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\wab.exe" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UEVAGENTDRIVER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppVStrm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\registry.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\csc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssecflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mqac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tunnel.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AGENTSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tsusbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WSDPrint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WSDPrint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appmgmts.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\irmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PEERDISTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\iisw3adm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\w3logsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
<<<2>>>
<<<3>>>
Volume: M:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File "C:\Users\Martin\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-3873128448-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-3-3874050048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

Juliet · Dec 1, 2016

[font=helvetica, sans-serif]Please download [/font][font=helvetica, sans-serif]Emsisoft Emergency Kit[/font][font=helvetica, sans-serif] and save it to your desktop.
Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop.

Leave all settings as they are and click the Extract button at the bottom.
A folder named EEK will be created in the root of the drive (usually c:\).[/font]

[font=helvetica, sans-serif]After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.[/font]
[font=helvetica, sans-serif]The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates.
Please click Yes so that it downloads the latest database updates.[/font]
[font=helvetica, sans-serif]When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.[/font]
[font=helvetica, sans-serif]Click on Scan to be taken to the scan options.
If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.[/font]
[font=helvetica, sans-serif]Click on the Malware Scan button to start the scan.[/font]
[font=helvetica, sans-serif]When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.[/font]
[font=helvetica, sans-serif]When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.[/font]
[font=helvetica, sans-serif]Please save the log in Notepad on your desktop, and copy it to your next reply.[/font]
[font=helvetica, sans-serif]When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.[/font]

Tell me what the computer is doing now.

Astonmad · Dec 2, 2016

Emissoft showed no malware

Juliet said:
[font=helvetica, sans-serif]Please download [/font][font=helvetica, sans-serif]Emsisoft Emergency Kit[/font][font=helvetica, sans-serif] and save it to your desktop.
Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop.

Leave all settings as they are and click the Extract button at the bottom.

A folder named EEK will be created in the root of the drive (usually c:\).[/font]

[font=helvetica, sans-serif]After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.[/font]

[font=helvetica, sans-serif]The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates.

Please click Yes so that it downloads the latest database updates.[/font]

[font=helvetica, sans-serif]When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.[/font]

[font=helvetica, sans-serif]Click on Scan to be taken to the scan options.

If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.[/font]

[font=helvetica, sans-serif]Click on the Malware Scan button to start the scan.[/font]

[font=helvetica, sans-serif]When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.[/font]

[font=helvetica, sans-serif]When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.[/font]

[font=helvetica, sans-serif]Please save the log in Notepad on your desktop, and copy it to your next reply.[/font]

[font=helvetica, sans-serif]When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.[/font]

Tell me what the computer is doing now.

Hello Juliet

Had a problem downloading Emissoft, bin64\epp.sys not found
checked in EKK folder that all files were present and correct. So clicked on .exe file to run scan. Results below.

Emsisoft Emergency Kit - Version 12.0
Last update: 02/12/2016 12:48:12
User account: MARTIN-HP\Martin
Computer name: MARTIN-HP
OS version: Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 02/12/2016 12:49:32

Scanned 111277
Found 0

Scan end: 02/12/2016 13:16:32
Scan time: 0:27:00

Astonmad · Dec 2, 2016

Juliet
To answer your question, my computer has been running fine for the last 48 hours.

Juliet · Dec 2, 2016

Let's give it another day or so. From what I can see your in good shape.

Astonmad · Dec 5, 2016

Juliet said:
Let's give it another day or so. From what I can see your in good shape.

Hi Juliet

Thanks I will test for another 48 hours. So far no problems.

Juliet · Dec 5, 2016

good deal!

Juliet · Dec 10, 2016

Ready to remove tools and quarantine folders?

Astonmad · Dec 11, 2016

Hi Juliet

Yes ready to remove tools and stuff. My system is working fine now! Great work.

Malware #SL9DW61 message

Security Expert-emeritus

New member

Security Expert-emeritus

New member

Security Expert-emeritus

New member

Security Expert-emeritus

New member

New member

New member

New member

New member

Security Expert-emeritus

New member

New member

Security Expert-emeritus

New member

Security Expert-emeritus

Security Expert-emeritus

New member