Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hao123.com has highjacked Firefox homepage


  • This topic is locked This topic is locked
82 replies to this topic

#1 Eddie1944

Eddie1944

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Britain, the county of Kent
  • Local time:05:32 AM

Posted 27 January 2017 - 11:30 AM

I have tried HitmanPro, AdwCleaner, SuperAntispywareFighter, IObit Malware Fighter and Malwarebytes. After scanning/cleaning my computer appears to have been fixed and is OK for a few days then my homepage is changed again to www.hao123.com. I have also had it changed to www.hao169x.cn but that isn't as often as hao123.com.

 

Looking for help on fixing this please.

 

I have just run HitmanPro which detected and cleaned the path to Firefox and hao123.com - maybe I shouldn't have done that before running FRST?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-01-2017
Ran by Home User (administrator) on HOMEUSER-PC (27-01-2017 14:59:53)
Running from C:\Users\Home User\Downloads
Loaded Profiles: Home User & DefaultAppPool (Available Profiles: Home User & DefaultAppPool)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Xp-Zed.com) C:\Program Files\xp-zed\hddb\Hddb_Srv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Nitro PDF Software) C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\epson\MyEpson Portal\mepService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\MyEpson Portal\mep.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(NewSoft Technology Corporation) C:\Program Files\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
(NewSoft Technology Corporation) C:\Program Files\NewSoft\Presto! PageManager 9.03\Pmsb.exe
(BitTorrent Inc.) C:\Users\Home User\AppData\Roaming\uTorrent\uTorrent.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(XRayz Software) C:\Program Files\ClipCache\clipc.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(BitTorrent Inc.) C:\Users\Home User\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe
(BitTorrent Inc.) C:\Users\Home User\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFTips.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14947848 2016-11-21] (Realtek Semiconductor)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [PMSpeed] => C:\Program Files\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [917576 2016-12-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [151000 2016-07-30] (IvoSoft)
HKLM\...\Run: [WrtMon.exe] => C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [6004512 2017-01-11] (IObit)
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\Run: [Scan Buttons] => C:\Program Files\NewSoft\Presto! PageManager 9.03\Pmsb.exe [214360 2011-01-21] (NewSoft Technology Corporation)
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [43984 2017-01-13] (Glarysoft Ltd)
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\Run: [uTorrent] => C:\Users\Home User\AppData\Roaming\uTorrent\uTorrent.exe [1979072 2016-12-20] (BitTorrent Inc.)
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2017-01-05] (SUPERAntiSpyware)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [515072 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TATIJJE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\Home User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClipCache Pro.lnk [2014-11-23]
ShortcutTarget: ClipCache Pro.lnk -> C:\Program Files\ClipCache\clipc.exe (XRayz Software)
BootExecute: autocheck autochk *  
GroupPolicy\User: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{caaa11ed-13bd-4698-b5ca-acf5442daaee}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.co.uk/news
SearchScopes: HKU\.DEFAULT -> DefaultScope {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
SearchScopes: HKU\.DEFAULT -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Toolbar: HKU\S-1-5-21-2902350334-3320202767-595690442-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Home User\AppData\Roaming\Mozilla\Firefox\Profiles\f7sc7zrq.default-1485528150121 [2017-01-27]
FF Homepage: Mozilla\Firefox\Profiles\f7sc7zrq.default-1485528150121 -> hxxp://www.bbc.co.uk/news
FF ProfilePath: C:\Users\Home User\AppData\Roaming\KompoZer\Profiles\0upmrreo.default [2015-12-27]
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2015-07-04] [not signed]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 8\npnitromozilla.dll [2013-03-05] (Nitro PDF)

Chrome:
=======
CHR HKU\S-1-5-21-2902350334-3320202767-595690442-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2902350334-3320202767-595690442-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1089592 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1490296 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
U2 CareMon; C:\Program Files\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe [146792 2011-11-15] ()
R2 caspereui; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [607976 2013-11-18] (Future Systems Solutions, Inc.)
S4 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [607976 2013-11-18] (Future Systems Solutions, Inc.)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [290224 2015-06-01] (Intel Corporation)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-15] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [40256 2017-01-04] (Dropbox, Inc.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
R2 Hddb_Service; C:\Program Files\xp-zed\hddb\Hddb_Srv.exe [150016 2014-05-24] (Xp-Zed.com) [File not signed]
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [1740576 2017-01-10] (IObit)
S2 IObitUnSvr; C:\Program Files\IObit\IObit Uninstaller\IUService.exe [359200 2016-09-28] (IObit)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-12-16] (IObit)
R2 MyEpson Portal Service; C:\Program Files\EPSON\MyEpson Portal\mepService.exe [703696 2016-08-08] (SEIKO EPSON CORPORATION)
R2 NitroDriverReadSpool8; C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [196616 2013-03-05] (Nitro PDF Software)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2401776 2016-12-22] (IBM Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [26424 2015-02-25] () [File not signed]
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [129720 2015-02-25] () [File not signed]
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [14392 2015-02-25] () [File not signed]
R3 Apowersoft_AudioDevice; C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys [26032 2014-04-09] (Wondershare)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [124552 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [152816 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44208 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [66872 2016-05-12] (Avira Operations GmbH & Co. KG)
S3 CySmb; C:\WINDOWS\System32\drivers\cysmb.sys [8192 2016-02-05] (Cypress Semiconductor, Inc.)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [17472 2015-04-29] (Glarysoft Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2014-12-26] (REALiX™)
R3 IMFFilter; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\IMFFilter.sys [21184 2016-12-16] (IObit)
R3 MEI; C:\WINDOWS\System32\drivers\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [17160 2015-03-05] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13064 2015-03-05] ()
R1 RapportAegle; C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [203304 2016-12-22] (IBM Corp.)
R1 RapportCerberus_1804047; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1804047.sys [842856 2017-01-10] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [333800 2016-12-22] (IBM Corp.)
R0 RapportHades; C:\WINDOWS\System32\Drivers\RapportHades.sys [103176 2016-12-22] (IBM Corp.)
R0 RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [263944 2016-12-22] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [412072 2016-12-22] (IBM Corp.)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32288 2016-12-16] (IObit.com)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [795656 2016-11-21] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 supersafer; C:\WINDOWS\system32\drivers\supersafer.sys [354176 2011-11-15] (TrueCrypt Foundation) [File not signed]
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2015-03-22] (Acronis)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-01-13] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-01-13] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-27 14:59 - 2017-01-27 15:01 - 00020545 _____ C:\Users\Home User\Downloads\FRST.txt
2017-01-27 14:59 - 2017-01-27 14:59 - 00000000 ____D C:\FRST
2017-01-27 14:58 - 2017-01-27 14:58 - 01762816 _____ (Farbar) C:\Users\Home User\Downloads\FRST.exe
2017-01-27 14:42 - 2017-01-27 14:42 - 00000000 ____D C:\Users\Home User\Desktop\Old Firefox Data
2017-01-27 14:35 - 2017-01-27 14:36 - 20466392 _____ (Microsoft Corporation) C:\Users\Home User\Downloads\OneDriveSetup.exe
2017-01-27 12:52 - 2017-01-27 12:52 - 00002416 _____ C:\Users\Home User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-27 12:19 - 2017-01-27 15:00 - 00105659 _____ C:\WINDOWS\ZAM.krnl.trace
2017-01-27 12:19 - 2017-01-27 15:00 - 00077607 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-01-21 19:41 - 2017-01-27 14:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-01-21 19:41 - 2017-01-27 14:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-21 19:41 - 2017-01-27 14:34 - 00001192 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-21 19:41 - 2017-01-27 14:34 - 00001180 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-21 16:04 - 2017-01-21 16:04 - 00000000 ____D C:\Users\Home User\AppData\Roaming\ProductData
2017-01-21 16:03 - 2017-01-21 16:03 - 00001216 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2017-01-21 16:03 - 2017-01-21 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-01-21 16:02 - 2017-01-21 16:02 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-01-21 15:58 - 2017-01-21 16:01 - 46510120 _____ (IObit ) C:\Users\Home User\Downloads\IObit-Malware-Fighter-Setup.exe
2017-01-21 15:25 - 2017-01-21 15:25 - 06747144 _____ (Tim Kosse) C:\Users\Home User\Downloads\FileZilla_3.24.0_win32-setup.exe
2017-01-20 20:28 - 2017-01-20 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-20 12:30 - 2017-01-20 12:30 - 00053047 _____ C:\Users\Home User\Documents\IFLO Victoria Deck Bath Shower Mixer - Product Code 767981.pdf
2017-01-20 10:56 - 2017-01-20 10:56 - 00000000 ____D C:\ProgramData\FileOpen
2017-01-16 12:33 - 2017-01-16 12:33 - 16756232 _____ C:\Users\Home User\Downloads\gup5setup(2).exe
2017-01-14 17:29 - 2017-01-14 18:45 - 00000542 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 758da3fa-f00a-430e-b39c-2b45a5107129.job
2017-01-14 17:29 - 2017-01-14 18:45 - 00000542 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 6a1c4e47-acdb-4d00-9499-ed8c8d79b827.job
2017-01-14 17:29 - 2017-01-14 17:29 - 00000000 ____D C:\Users\Home User\AppData\Roaming\SUPERAntiSpyware.com
2017-01-14 17:28 - 2017-01-14 17:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-14 17:28 - 2017-01-14 17:28 - 00002046 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2017-01-14 17:28 - 2017-01-14 17:28 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-01-14 17:28 - 2017-01-14 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-01-14 16:45 - 2017-01-14 16:45 - 00000152 _____ C:\Users\Public\Desktop\MicrosoftEdge.url
2017-01-14 16:39 - 2017-01-27 14:34 - 00001027 _____ C:\Users\Home User\Desktop\Internet Explorer.lnk
2017-01-13 12:32 - 2017-01-13 12:32 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys
2017-01-13 12:32 - 2017-01-13 12:32 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys
2017-01-13 12:32 - 2017-01-13 12:32 - 00000000 ____D C:\Users\Home User\AppData\Local\Zemana
2017-01-12 19:14 - 2017-01-12 19:14 - 00035440 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-12 19:14 - 2017-01-12 19:14 - 00035440 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-12 19:14 - 2017-01-12 19:14 - 00035440 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-11 17:35 - 2016-12-22 23:13 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-01-11 17:35 - 2016-12-22 23:13 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-01-11 09:27 - 2016-12-21 05:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 09:27 - 2016-12-21 05:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 09:27 - 2016-12-21 05:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 09:27 - 2016-12-21 05:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 09:27 - 2016-12-21 05:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 09:27 - 2016-12-21 05:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 09:27 - 2016-12-21 04:47 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 09:27 - 2016-12-21 04:45 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 09:27 - 2016-12-21 04:44 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 09:27 - 2016-12-21 04:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 09:27 - 2016-12-21 04:42 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 09:27 - 2016-12-21 04:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 09:27 - 2016-12-21 04:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 09:27 - 2016-12-21 04:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 09:27 - 2016-12-21 04:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 09:27 - 2016-12-21 04:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 09:27 - 2016-12-21 04:30 - 01406976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-01-11 09:27 - 2016-12-21 04:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 09:27 - 2016-12-21 04:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 09:27 - 2016-12-21 04:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 09:27 - 2016-12-14 05:04 - 00261984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 09:27 - 2016-12-14 05:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 09:27 - 2016-12-14 04:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 09:27 - 2016-12-14 04:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 09:27 - 2016-12-14 04:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 09:27 - 2016-12-14 04:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 09:27 - 2016-12-14 04:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 09:27 - 2016-12-14 04:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 09:27 - 2016-12-14 04:37 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 09:27 - 2016-12-14 04:37 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 09:27 - 2016-12-14 04:23 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 09:27 - 2016-12-14 04:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 09:27 - 2016-12-14 04:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 09:27 - 2016-12-14 04:22 - 01235456 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 09:27 - 2016-12-14 04:22 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 09:26 - 2016-12-21 05:20 - 06020448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 09:26 - 2016-12-21 05:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqmigplugin.dll
2017-01-11 09:26 - 2016-12-21 05:02 - 00080224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 09:26 - 2016-12-21 05:00 - 01384704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 09:26 - 2016-12-21 04:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 09:26 - 2016-12-21 04:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 09:26 - 2016-12-21 04:40 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 09:26 - 2016-12-21 04:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 09:26 - 2016-12-21 04:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 09:26 - 2016-12-21 04:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 09:26 - 2016-12-21 04:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 09:26 - 2016-12-21 04:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 09:26 - 2016-12-21 04:26 - 03776000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 09:26 - 2016-12-21 04:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 09:26 - 2016-12-21 04:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 09:26 - 2016-12-21 04:22 - 03596800 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems32.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 01136992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00911712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00812896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00615264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-11 09:26 - 2016-12-14 05:26 - 00558432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00550240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00492384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00401248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00372576 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00290656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2017-01-11 09:26 - 2016-12-14 05:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 09:26 - 2016-12-14 05:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 09:26 - 2016-12-14 05:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 09:26 - 2016-12-14 04:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 09:26 - 2016-12-14 04:41 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 09:26 - 2016-12-14 04:40 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 09:26 - 2016-12-14 04:38 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 09:26 - 2016-12-14 04:36 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 09:26 - 2016-12-14 04:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 09:26 - 2016-12-14 04:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 09:26 - 2016-12-14 04:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 09:26 - 2016-12-14 04:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 09:26 - 2016-12-14 04:23 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 09:26 - 2016-12-14 04:22 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 09:26 - 2016-12-14 04:21 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 09:26 - 2016-11-02 12:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 09:26 - 2016-11-02 11:05 - 00313088 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-01-11 09:26 - 2016-11-02 10:32 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-11 09:26 - 2016-08-02 04:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-01-11 09:25 - 2016-12-21 05:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 09:25 - 2016-12-21 05:59 - 00101728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 09:25 - 2016-12-21 05:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 09:25 - 2016-12-21 05:05 - 00523784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 09:25 - 2016-12-21 05:01 - 00198496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 09:25 - 2016-12-21 04:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-01-11 09:25 - 2016-12-21 04:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 09:25 - 2016-12-21 04:30 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 09:25 - 2016-12-21 04:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 09:25 - 2016-12-21 04:23 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 09:25 - 2016-12-14 05:58 - 01026912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 09:25 - 2016-12-14 05:26 - 01127040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 09:25 - 2016-12-14 05:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 09:25 - 2016-12-14 05:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 09:25 - 2016-12-14 05:05 - 00544608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 09:25 - 2016-12-14 04:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 09:25 - 2016-12-14 04:37 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 09:25 - 2016-12-14 04:36 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 09:25 - 2016-12-14 04:36 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 09:25 - 2016-12-14 04:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 09:25 - 2016-12-14 04:35 - 01722368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 09:25 - 2016-12-14 04:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 09:25 - 2016-12-14 04:35 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 09:25 - 2016-12-14 04:24 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-07 12:39 - 2017-01-07 12:39 - 16754608 _____ C:\Users\Home User\Downloads\gup5setup(1).exe
2017-01-07 10:04 - 2017-01-27 12:23 - 00000000 ____D C:\Users\Home User\AppData\LocalLow\uTorrent
2017-01-04 18:10 - 2017-01-27 12:21 - 00000000 ____D C:\ProgramData\ProductData
2017-01-04 15:51 - 2017-01-04 15:51 - 00082106 _____ C:\TDSSKiller.3.1.0.12_04.01.2017_15.51.07_log.txt
2017-01-04 15:04 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-04 15:04 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-01-04 15:04 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-04 05:25 - 2017-01-04 05:25 - 00040256 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-01 20:11 - 2017-01-01 20:11 - 00000000 ____D C:\Users\Home User\Desktop\Microsoft Office
2016-12-29 17:13 - 2016-12-29 17:13 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2016-12-28 17:25 - 2016-12-29 17:14 - 00000000 ____D C:\Users\Home User\Downloads\Microsoft Toolkit 2.6.2 Official Torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-27 15:00 - 2014-11-20 14:04 - 00000000 ____D C:\Users\Home User\AppData\Roaming\uTorrent
2017-01-27 14:45 - 2016-11-20 14:55 - 00000000 ____D C:\Users\Home User\AppData\LocalLow\Mozilla
2017-01-27 14:37 - 2015-08-11 07:49 - 00000000 ____D C:\Users\Home User\AppData\Local\ClassicShell
2017-01-27 14:36 - 2016-09-29 07:03 - 00000000 ____D C:\Users\Home User\Documents\Outlook Files
2017-01-27 14:33 - 2016-09-27 17:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-27 14:24 - 2016-07-16 08:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-27 13:18 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-27 13:17 - 2016-07-16 08:29 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-27 12:52 - 2015-08-09 11:13 - 00000000 ___RD C:\Users\Home User\OneDrive
2017-01-27 12:40 - 2016-08-29 10:44 - 00000000 ____D C:\Program Files\Glary Utilities 5
2017-01-27 12:34 - 2014-11-21 07:42 - 00000000 ____D C:\Users\Home User\Documents\ClipCache
2017-01-27 12:31 - 2015-07-26 13:26 - 00000000 ___RD C:\Users\Home User\Dropbox
2017-01-27 12:30 - 2016-09-27 17:42 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-27 12:23 - 2015-05-11 16:11 - 00000000 ____D C:\Users\Home User\AppData\Roaming\.oit
2017-01-27 12:20 - 2016-09-27 18:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-27 12:20 - 2016-09-27 17:42 - 00000000 ____D C:\Users\Home User
2017-01-23 20:17 - 2016-07-16 02:22 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-01-23 18:03 - 2014-11-21 07:45 - 00000000 ___RD C:\Users\Home User\Documents\Parish Magazine
2017-01-22 20:20 - 2015-10-12 16:09 - 00000000 ____D C:\Users\Home User\AppData\Local\CrashDumps
2017-01-21 19:31 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-21 16:03 - 2016-09-18 07:51 - 00000000 ____D C:\Program Files\Common Files\IObit
2017-01-21 16:03 - 2014-11-21 13:58 - 00000000 ____D C:\ProgramData\IObit
2017-01-21 16:03 - 2014-11-21 13:58 - 00000000 ____D C:\Program Files\IObit
2017-01-21 15:27 - 2016-10-27 07:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-01-20 20:29 - 2015-07-26 11:59 - 00000000 ____D C:\Program Files\Dropbox
2017-01-20 11:36 - 2014-11-21 07:42 - 00000000 ____D C:\Users\Home User\Documents\Church Files
2017-01-16 12:35 - 2016-08-29 10:45 - 00001129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2017-01-16 12:35 - 2016-08-29 10:45 - 00001117 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2017-01-14 19:10 - 2015-03-30 13:43 - 00000860 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2017-01-14 18:43 - 2016-12-21 14:34 - 00000000 ____D C:\WINDOWS\KMS10
2017-01-14 18:43 - 2016-12-21 14:32 - 00000000 ____D C:\Users\Home User\Downloads\AppNee.com.KMS10.v10.21
2017-01-14 17:24 - 2015-05-16 18:50 - 00000000 ____D C:\Users\Home User\Downloads\Anti-vurus software
2017-01-14 17:07 - 2014-11-20 14:04 - 00000000 ____D C:\Users\Home User\Downloads\Torrents
2017-01-14 16:10 - 2014-11-20 20:22 - 00000000 ____D C:\Users\Home User\.hddb
2017-01-14 15:22 - 2016-06-11 16:32 - 00000954 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk
2017-01-14 14:53 - 2016-09-27 17:41 - 01127014 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-14 14:45 - 2016-07-16 08:28 - 00000000 ____D C:\WINDOWS\INF
2017-01-13 18:27 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\rescache
2017-01-13 14:46 - 2016-05-15 06:56 - 00000000 ____D C:\Users\Home User\Downloads\KMSpico Portable
2017-01-13 14:46 - 2014-11-21 08:10 - 00000000 ____D C:\Users\Home User\Downloads\Mask.Surf.Pro.3.4
2017-01-13 14:46 - 2014-11-21 08:07 - 00000000 ____D C:\Users\Home User\Downloads\JetCleanPortable
2017-01-11 17:32 - 2016-09-27 17:32 - 00353808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-11 17:29 - 2016-07-16 08:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 17:29 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 17:29 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 17:29 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 17:29 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 17:29 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-11 11:49 - 2014-11-22 12:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 11:44 - 2014-11-22 12:23 - 133456224 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 09:39 - 2016-07-20 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2017-01-09 17:29 - 2016-03-17 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-01-04 15:59 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\Branding
2017-01-04 15:07 - 2014-11-21 13:55 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-28 20:18 - 2016-07-20 11:21 - 00000000 ____D C:\AdwCleaner
2016-12-28 18:31 - 2015-01-19 16:17 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
2016-12-28 18:03 - 2014-11-20 20:09 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Files in the root of some directories =======

2014-11-26 20:08 - 2016-05-26 17:19 - 0001046 _____ () C:\Users\Home User\AppData\Roaming\burnaware.ini
2016-01-01 20:11 - 2016-05-01 11:28 - 0000353 _____ () C:\Users\Home User\AppData\Roaming\imagetuner.ini
2016-03-01 20:27 - 2016-03-01 20:27 - 0198898 _____ () C:\Users\Home User\AppData\Local\ars.cache
2016-03-01 20:27 - 2016-03-01 20:27 - 0538536 _____ () C:\Users\Home User\AppData\Local\census.cache
2016-03-01 20:10 - 2016-03-01 20:10 - 0000036 _____ () C:\Users\Home User\AppData\Local\housecall.guid.cache
2016-03-01 20:19 - 2016-03-01 20:19 - 0000010 _____ () C:\Users\Home User\AppData\Local\sponge.last.runtime.cache
2016-09-27 17:36 - 2016-09-27 17:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-22 16:47

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Eddie1944

Eddie1944
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Britain, the county of Kent
  • Local time:05:32 AM

Posted 27 January 2017 - 02:53 PM

Just been hit again, homepage of Firefox redirected to https://www.hao123.com/?tn=90222643_hao_pg.

 

Fresh logs below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-01-2017
Ran by Home User (administrator) on HOMEUSER-PC (27-01-2017 19:34:32)
Running from C:\Users\Home User\Desktop
Loaded Profiles: Home User (Available Profiles: Home User & DefaultAppPool)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Xp-Zed.com) C:\Program Files\xp-zed\hddb\Hddb_Srv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
() C:\Program Files\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Nitro PDF Software) C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\MyEpson Portal\mepService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\MyEpson Portal\mep.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(NewSoft Technology Corporation) C:\Program Files\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
(NewSoft Technology Corporation) C:\Program Files\NewSoft\Presto! PageManager 9.03\Pmsb.exe
(BitTorrent Inc.) C:\Users\Home User\AppData\Roaming\uTorrent\uTorrent.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(XRayz Software) C:\Program Files\ClipCache\clipc.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(BitTorrent Inc.) C:\Users\Home User\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(BitTorrent Inc.) C:\Users\Home User\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14947848 2016-11-21] (Realtek Semiconductor)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [PMSpeed] => C:\Program Files\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE [116632 2010-07-29] (NewSoft Technology Corporation)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [917576 2016-12-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [151000 2016-07-30] (IvoSoft)
HKLM\...\Run: [WrtMon.exe] => C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [6004512 2017-01-11] (IObit)
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\Run: [Scan Buttons] => C:\Program Files\NewSoft\Presto! PageManager 9.03\Pmsb.exe [214360 2011-01-21] (NewSoft Technology Corporation)
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [43984 2017-01-13] (Glarysoft Ltd)
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\Run: [uTorrent] => C:\Users\Home User\AppData\Roaming\uTorrent\uTorrent.exe [1979072 2016-12-20] (BitTorrent Inc.)
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2017-01-05] (SUPERAntiSpyware)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TATIJJE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\Home User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClipCache Pro.lnk [2014-11-23]
ShortcutTarget: ClipCache Pro.lnk -> C:\Program Files\ClipCache\clipc.exe (XRayz Software)
BootExecute: autocheck autochk *  
GroupPolicy\User: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{caaa11ed-13bd-4698-b5ca-acf5442daaee}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bbc.co.uk/news
SearchScopes: HKU\.DEFAULT -> DefaultScope {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
SearchScopes: HKU\.DEFAULT -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Toolbar: HKU\S-1-5-21-2902350334-3320202767-595690442-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Home User\AppData\Roaming\Mozilla\Firefox\Profiles\f7sc7zrq.default-1485528150121 [2017-01-27]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\f7sc7zrq.default-1485528150121 -> Google
FF ProfilePath: C:\Users\Home User\AppData\Roaming\KompoZer\Profiles\0upmrreo.default [2015-12-27]
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2015-07-04] [not signed]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 8\npnitromozilla.dll [2013-03-05] (Nitro PDF)

Chrome:
=======
CHR HKU\S-1-5-21-2902350334-3320202767-595690442-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2902350334-3320202767-595690442-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1089592 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1490296 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
U2 CareMon; C:\Program Files\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe [146792 2011-11-15] ()
R2 caspereui; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [607976 2013-11-18] (Future Systems Solutions, Inc.)
S4 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [607976 2013-11-18] (Future Systems Solutions, Inc.)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [290224 2015-06-01] (Intel Corporation)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-15] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [40256 2017-01-04] (Dropbox, Inc.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
R2 Hddb_Service; C:\Program Files\xp-zed\hddb\Hddb_Srv.exe [150016 2014-05-24] (Xp-Zed.com) [File not signed]
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [1740576 2017-01-10] (IObit)
S2 IObitUnSvr; C:\Program Files\IObit\IObit Uninstaller\IUService.exe [359200 2016-09-28] (IObit)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-12-16] (IObit)
R2 MyEpson Portal Service; C:\Program Files\EPSON\MyEpson Portal\mepService.exe [703696 2016-08-08] (SEIKO EPSON CORPORATION)
R2 NitroDriverReadSpool8; C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [196616 2013-03-05] (Nitro PDF Software)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2401264 2017-01-22] (IBM Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [26424 2015-02-25] () [File not signed]
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [129720 2015-02-25] () [File not signed]
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [14392 2015-02-25] () [File not signed]
R3 Apowersoft_AudioDevice; C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys [26032 2014-04-09] (Wondershare)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [124552 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [152816 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44208 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [66872 2016-05-12] (Avira Operations GmbH & Co. KG)
S3 CySmb; C:\WINDOWS\System32\drivers\cysmb.sys [8192 2016-02-05] (Cypress Semiconductor, Inc.)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [17472 2015-04-29] (Glarysoft Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2014-12-26] (REALiX™)
R3 IMFFilter; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\IMFFilter.sys [21184 2016-12-16] (IObit)
R3 MEI; C:\WINDOWS\System32\drivers\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [17160 2015-03-05] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13064 2015-03-05] ()
R1 RapportAegle; C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys [192424 2017-01-22] (IBM Corp.)
R1 RapportCerberus_1804047; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1804047.sys [842856 2017-01-10] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [322920 2017-01-22] (IBM Corp.)
R0 RapportHades; C:\WINDOWS\System32\Drivers\RapportHades.sys [92296 2017-01-22] (IBM Corp.)
R0 RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [253064 2017-01-22] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [402472 2017-01-22] (IBM Corp.)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32288 2016-12-16] (IObit.com)
R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [795656 2016-11-21] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 supersafer; C:\WINDOWS\system32\drivers\supersafer.sys [354176 2011-11-15] (TrueCrypt Foundation) [File not signed]
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2015-03-22] (Acronis)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-01-13] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-01-13] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-27 19:34 - 2017-01-27 19:38 - 00020186 _____ C:\Users\Home User\Desktop\FRST.txt
2017-01-27 19:34 - 2017-01-27 14:58 - 01762816 _____ (Farbar) C:\Users\Home User\Desktop\FRST.exe
2017-01-27 17:45 - 2017-01-27 19:38 - 00085168 _____ C:\WINDOWS\ZAM.krnl.trace
2017-01-27 17:45 - 2017-01-27 19:38 - 00057044 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-01-27 15:02 - 2017-01-27 15:04 - 00055590 _____ C:\Users\Home User\Downloads\Addition.txt
2017-01-27 14:59 - 2017-01-27 19:34 - 00000000 ____D C:\FRST
2017-01-27 14:59 - 2017-01-27 15:04 - 00045478 _____ C:\Users\Home User\Downloads\FRST.txt
2017-01-27 14:58 - 2017-01-27 14:58 - 01762816 _____ (Farbar) C:\Users\Home User\Downloads\FRST.exe
2017-01-27 14:35 - 2017-01-27 14:36 - 20466392 _____ (Microsoft Corporation) C:\Users\Home User\Downloads\OneDriveSetup.exe
2017-01-27 14:25 - 2016-12-21 04:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-27 12:52 - 2017-01-27 12:52 - 00002416 _____ C:\Users\Home User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-22 18:51 - 2017-01-22 18:51 - 00253064 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2017-01-22 18:51 - 2017-01-22 18:51 - 00092296 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades.sys
2017-01-21 19:41 - 2017-01-27 19:31 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-01-21 19:41 - 2017-01-27 19:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-21 19:41 - 2017-01-27 15:21 - 00001244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-21 19:41 - 2017-01-27 15:21 - 00001232 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-21 16:04 - 2017-01-21 16:04 - 00000000 ____D C:\Users\Home User\AppData\Roaming\ProductData
2017-01-21 16:03 - 2017-01-21 16:03 - 00001216 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2017-01-21 16:03 - 2017-01-21 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-01-21 16:02 - 2017-01-21 16:02 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-01-21 15:58 - 2017-01-21 16:01 - 46510120 _____ (IObit ) C:\Users\Home User\Downloads\IObit-Malware-Fighter-Setup.exe
2017-01-21 15:25 - 2017-01-21 15:25 - 06747144 _____ (Tim Kosse) C:\Users\Home User\Downloads\FileZilla_3.24.0_win32-setup.exe
2017-01-20 20:28 - 2017-01-20 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-20 12:30 - 2017-01-20 12:30 - 00053047 _____ C:\Users\Home User\Documents\IFLO Victoria Deck Bath Shower Mixer - Product Code 767981.pdf
2017-01-20 10:56 - 2017-01-20 10:56 - 00000000 ____D C:\ProgramData\FileOpen
2017-01-16 12:33 - 2017-01-16 12:33 - 16756232 _____ C:\Users\Home User\Downloads\gup5setup(2).exe
2017-01-14 17:29 - 2017-01-14 18:45 - 00000542 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 758da3fa-f00a-430e-b39c-2b45a5107129.job
2017-01-14 17:29 - 2017-01-14 18:45 - 00000542 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 6a1c4e47-acdb-4d00-9499-ed8c8d79b827.job
2017-01-14 17:29 - 2017-01-14 17:29 - 00000000 ____D C:\Users\Home User\AppData\Roaming\SUPERAntiSpyware.com
2017-01-14 17:28 - 2017-01-14 17:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-14 17:28 - 2017-01-14 17:28 - 00002046 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2017-01-14 17:28 - 2017-01-14 17:28 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-01-14 17:28 - 2017-01-14 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-01-14 16:45 - 2017-01-14 16:45 - 00000152 _____ C:\Users\Public\Desktop\MicrosoftEdge.url
2017-01-14 16:39 - 2017-01-27 15:21 - 00001079 _____ C:\Users\Home User\Desktop\Internet Explorer.lnk
2017-01-13 12:32 - 2017-01-13 12:32 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys
2017-01-13 12:32 - 2017-01-13 12:32 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys
2017-01-13 12:32 - 2017-01-13 12:32 - 00000000 ____D C:\Users\Home User\AppData\Local\Zemana
2017-01-12 19:14 - 2017-01-12 19:14 - 00035440 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-12 19:14 - 2017-01-12 19:14 - 00035440 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-12 19:14 - 2017-01-12 19:14 - 00035440 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-11 17:35 - 2016-12-22 23:13 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-01-11 17:35 - 2016-12-22 23:13 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-01-11 09:27 - 2016-12-21 05:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 09:27 - 2016-12-21 05:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 09:27 - 2016-12-21 05:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 09:27 - 2016-12-21 05:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 09:27 - 2016-12-21 05:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 09:27 - 2016-12-21 05:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 09:27 - 2016-12-21 04:47 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 09:27 - 2016-12-21 04:45 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 09:27 - 2016-12-21 04:44 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 09:27 - 2016-12-21 04:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 09:27 - 2016-12-21 04:42 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 09:27 - 2016-12-21 04:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 09:27 - 2016-12-21 04:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 09:27 - 2016-12-21 04:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 09:27 - 2016-12-21 04:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 09:27 - 2016-12-21 04:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 09:27 - 2016-12-21 04:30 - 01406976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-01-11 09:27 - 2016-12-21 04:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 09:27 - 2016-12-21 04:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 09:27 - 2016-12-21 04:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 09:27 - 2016-12-14 05:04 - 00261984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 09:27 - 2016-12-14 05:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 09:27 - 2016-12-14 04:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 09:27 - 2016-12-14 04:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 09:27 - 2016-12-14 04:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 09:27 - 2016-12-14 04:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 09:27 - 2016-12-14 04:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 09:27 - 2016-12-14 04:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 09:27 - 2016-12-14 04:37 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 09:27 - 2016-12-14 04:37 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 09:27 - 2016-12-14 04:23 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 09:27 - 2016-12-14 04:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 09:27 - 2016-12-14 04:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 09:27 - 2016-12-14 04:22 - 01235456 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 09:27 - 2016-12-14 04:22 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 09:26 - 2016-12-21 05:20 - 06020448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 09:26 - 2016-12-21 05:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqmigplugin.dll
2017-01-11 09:26 - 2016-12-21 05:02 - 00080224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 09:26 - 2016-12-21 05:00 - 01384704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 09:26 - 2016-12-21 04:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 09:26 - 2016-12-21 04:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 09:26 - 2016-12-21 04:40 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 09:26 - 2016-12-21 04:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 09:26 - 2016-12-21 04:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 09:26 - 2016-12-21 04:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 09:26 - 2016-12-21 04:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 09:26 - 2016-12-21 04:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 09:26 - 2016-12-21 04:26 - 03776000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 09:26 - 2016-12-21 04:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 09:26 - 2016-12-21 04:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 09:26 - 2016-12-21 04:22 - 03596800 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems32.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 01136992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00911712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00812896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00615264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-11 09:26 - 2016-12-14 05:26 - 00558432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00550240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00492384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00401248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00372576 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00290656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-11 09:26 - 2016-12-14 05:26 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2017-01-11 09:26 - 2016-12-14 05:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 09:26 - 2016-12-14 05:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 09:26 - 2016-12-14 05:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 09:26 - 2016-12-14 04:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 09:26 - 2016-12-14 04:41 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 09:26 - 2016-12-14 04:40 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 09:26 - 2016-12-14 04:38 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 09:26 - 2016-12-14 04:36 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 09:26 - 2016-12-14 04:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 09:26 - 2016-12-14 04:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 09:26 - 2016-12-14 04:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 09:26 - 2016-12-14 04:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-11 09:26 - 2016-12-14 04:23 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 09:26 - 2016-12-14 04:22 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 09:26 - 2016-12-14 04:21 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 09:26 - 2016-11-02 12:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 09:26 - 2016-11-02 11:05 - 00313088 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-01-11 09:26 - 2016-11-02 10:32 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-11 09:26 - 2016-08-02 04:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-01-11 09:25 - 2016-12-21 05:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 09:25 - 2016-12-21 05:59 - 00101728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 09:25 - 2016-12-21 05:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 09:25 - 2016-12-21 05:05 - 00523784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 09:25 - 2016-12-21 05:01 - 00198496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 09:25 - 2016-12-21 04:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-01-11 09:25 - 2016-12-21 04:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 09:25 - 2016-12-21 04:30 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 09:25 - 2016-12-21 04:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 09:25 - 2016-12-21 04:23 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 09:25 - 2016-12-14 05:58 - 01026912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 09:25 - 2016-12-14 05:26 - 01127040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 09:25 - 2016-12-14 05:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 09:25 - 2016-12-14 05:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 09:25 - 2016-12-14 05:05 - 00544608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 09:25 - 2016-12-14 04:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 09:25 - 2016-12-14 04:37 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 09:25 - 2016-12-14 04:36 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 09:25 - 2016-12-14 04:36 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 09:25 - 2016-12-14 04:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 09:25 - 2016-12-14 04:35 - 01722368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 09:25 - 2016-12-14 04:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 09:25 - 2016-12-14 04:35 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 09:25 - 2016-12-14 04:24 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-07 12:39 - 2017-01-07 12:39 - 16754608 _____ C:\Users\Home User\Downloads\gup5setup(1).exe
2017-01-07 10:04 - 2017-01-27 17:50 - 00000000 ____D C:\Users\Home User\AppData\LocalLow\uTorrent
2017-01-04 18:10 - 2017-01-27 12:21 - 00000000 ____D C:\ProgramData\ProductData
2017-01-04 15:51 - 2017-01-04 15:51 - 00082106 _____ C:\TDSSKiller.3.1.0.12_04.01.2017_15.51.07_log.txt
2017-01-04 15:04 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-04 15:04 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-01-04 15:04 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-04 05:25 - 2017-01-04 05:25 - 00040256 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-01 20:11 - 2017-01-01 20:11 - 00000000 ____D C:\Users\Home User\Desktop\Microsoft Office
2016-12-29 17:13 - 2016-12-29 17:13 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2016-12-28 17:25 - 2016-12-29 17:14 - 00000000 ____D C:\Users\Home User\Downloads\Microsoft Toolkit 2.6.2 Official Torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-27 19:39 - 2016-09-29 07:03 - 00000000 ____D C:\Users\Home User\Documents\Outlook Files
2017-01-27 19:39 - 2014-11-20 14:04 - 00000000 ____D C:\Users\Home User\AppData\Roaming\uTorrent
2017-01-27 19:34 - 2014-11-21 07:42 - 00000000 ____D C:\Users\Home User\Documents\ClipCache
2017-01-27 19:31 - 2016-11-20 14:55 - 00000000 ____D C:\Users\Home User\AppData\LocalLow\Mozilla
2017-01-27 17:58 - 2016-08-29 10:44 - 00000000 ____D C:\Program Files\Glary Utilities 5
2017-01-27 17:54 - 2015-07-26 13:26 - 00000000 ___RD C:\Users\Home User\Dropbox
2017-01-27 17:51 - 2015-05-11 16:11 - 00000000 ____D C:\Users\Home User\AppData\Roaming\.oit
2017-01-27 17:50 - 2016-07-20 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2017-01-27 17:48 - 2015-10-12 16:09 - 00000000 ____D C:\Users\Home User\AppData\Local\CrashDumps
2017-01-27 17:45 - 2016-09-27 18:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-27 17:45 - 2016-09-27 17:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-27 16:45 - 2015-08-11 07:49 - 00000000 ____D C:\Users\Home User\AppData\Local\ClassicShell
2017-01-27 15:11 - 2016-07-16 08:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-27 13:18 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-27 13:17 - 2016-07-16 08:29 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-27 12:52 - 2015-08-09 11:13 - 00000000 ___RD C:\Users\Home User\OneDrive
2017-01-27 12:30 - 2016-09-27 17:42 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-27 12:20 - 2016-09-27 17:42 - 00000000 ____D C:\Users\Home User
2017-01-23 20:17 - 2016-07-16 02:22 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-01-23 18:03 - 2014-11-21 07:45 - 00000000 ___RD C:\Users\Home User\Documents\Parish Magazine
2017-01-21 19:31 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-21 16:03 - 2016-09-18 07:51 - 00000000 ____D C:\Program Files\Common Files\IObit
2017-01-21 16:03 - 2014-11-21 13:58 - 00000000 ____D C:\ProgramData\IObit
2017-01-21 16:03 - 2014-11-21 13:58 - 00000000 ____D C:\Program Files\IObit
2017-01-21 15:27 - 2016-10-27 07:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-01-20 20:29 - 2015-07-26 11:59 - 00000000 ____D C:\Program Files\Dropbox
2017-01-20 11:36 - 2014-11-21 07:42 - 00000000 ____D C:\Users\Home User\Documents\Church Files
2017-01-16 12:35 - 2016-08-29 10:45 - 00001129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2017-01-16 12:35 - 2016-08-29 10:45 - 00001117 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2017-01-14 19:10 - 2015-03-30 13:43 - 00000860 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2017-01-14 18:43 - 2016-12-21 14:34 - 00000000 ____D C:\WINDOWS\KMS10
2017-01-14 18:43 - 2016-12-21 14:32 - 00000000 ____D C:\Users\Home User\Downloads\AppNee.com.KMS10.v10.21
2017-01-14 17:24 - 2015-05-16 18:50 - 00000000 ____D C:\Users\Home User\Downloads\Anti-vurus software
2017-01-14 17:07 - 2014-11-20 14:04 - 00000000 ____D C:\Users\Home User\Downloads\Torrents
2017-01-14 16:10 - 2014-11-20 20:22 - 00000000 ____D C:\Users\Home User\.hddb
2017-01-14 15:22 - 2016-06-11 16:32 - 00000954 _____ C:\Users\Public\Desktop\TomTom MyDrive Connect.lnk
2017-01-14 14:53 - 2016-09-27 17:41 - 01127014 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-14 14:45 - 2016-07-16 08:28 - 00000000 ____D C:\WINDOWS\INF
2017-01-13 18:27 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\rescache
2017-01-13 14:46 - 2016-05-15 06:56 - 00000000 ____D C:\Users\Home User\Downloads\KMSpico Portable
2017-01-13 14:46 - 2014-11-21 08:10 - 00000000 ____D C:\Users\Home User\Downloads\Mask.Surf.Pro.3.4
2017-01-13 14:46 - 2014-11-21 08:07 - 00000000 ____D C:\Users\Home User\Downloads\JetCleanPortable
2017-01-11 17:32 - 2016-09-27 17:32 - 00353808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-11 17:29 - 2016-07-16 08:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 17:29 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 17:29 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 17:29 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 17:29 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 17:29 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-11 11:49 - 2014-11-22 12:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 11:44 - 2014-11-22 12:23 - 133456224 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-09 17:29 - 2016-03-17 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-01-04 15:59 - 2016-07-16 08:29 - 00000000 ____D C:\WINDOWS\Branding
2017-01-04 15:07 - 2014-11-21 13:55 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-28 20:18 - 2016-07-20 11:21 - 00000000 ____D C:\AdwCleaner
2016-12-28 18:31 - 2015-01-19 16:17 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
2016-12-28 18:03 - 2014-11-20 20:09 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Files in the root of some directories =======

2014-11-26 20:08 - 2016-05-26 17:19 - 0001046 _____ () C:\Users\Home User\AppData\Roaming\burnaware.ini
2016-01-01 20:11 - 2016-05-01 11:28 - 0000353 _____ () C:\Users\Home User\AppData\Roaming\imagetuner.ini
2016-03-01 20:27 - 2016-03-01 20:27 - 0198898 _____ () C:\Users\Home User\AppData\Local\ars.cache
2016-03-01 20:27 - 2016-03-01 20:27 - 0538536 _____ () C:\Users\Home User\AppData\Local\census.cache
2016-03-01 20:10 - 2016-03-01 20:10 - 0000036 _____ () C:\Users\Home User\AppData\Local\housecall.guid.cache
2016-03-01 20:19 - 2016-03-01 20:19 - 0000010 _____ () C:\Users\Home User\AppData\Local\sponge.last.runtime.cache
2016-09-27 17:36 - 2016-09-27 17:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-22 16:47

==================== End of FRST.txt ============================

 

Can't attach Addition so pasted below:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-01-2017
Ran by Home User (27-01-2017 19:39:40)
Running from C:\Users\Home User\Desktop
Microsoft Windows 10 Pro Version 1607 (X86) (2016-09-27 18:12:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2902350334-3320202767-595690442-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2902350334-3320202767-595690442-503 - Limited - Disabled)
Guest (S-1-5-21-2902350334-3320202767-595690442-501 - Limited - Disabled)
Home User (S-1-5-21-2902350334-3320202767-595690442-1000 - Administrator - Enabled) => C:\Users\Home User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
7-Zip 16.04 (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG)
Avira Connect (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden
BookletCreator (HKLM\...\BookletCreator) (Version: 1.6.0.0 - BookletCreator.com)
Casper 8.0 (HKLM\...\{6A58EB2E-5883-4515-910D-699C4396797B}) (Version: 8.0.4422 - Future Systems Solutions, Inc.)
Classic Shell (HKLM\...\{417502AF-ABF9-457B-AE32-940BEA8F4627}) (Version: 4.3.0 - IvoSoft)
Commander (HKLM\...\Commander) (Version:  - )
Dropbox (HKLM\...\Dropbox) (Version: 18.4.32 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.57.1 - Dropbox, Inc.) Hidden
Epson Connect Guide (HKLM\...\Epson Connect Guide) (Version:  - )
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Network Guide WF-3520 Series (HKLM\...\WF-3520 Series Netg) (Version:  - )
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM\...\{6DBD132B-7F42-4594-BBE7-0BB677EB2926}) (Version: 4.4.2 - SEIKO EPSON CORPORATION)
Epson User's Guide WF-3520 Series (HKLM\...\WF-3520 Series Useg) (Version:  - )
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Config V4 (HKLM\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.1.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Glary Utilities PRO 5.68 (HKLM\...\Glary Utilities 5) (Version: 5.68.0.89 - Glarysoft Ltd)
Hddb File Search (HKLM\...\Hddb) (Version: 2.0.0 - hddb.xp-zed.com)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
IObit Malware Fighter 4 (HKLM\...\IObit Malware Fighter_is1) (Version: 4.5 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 6.0.3.16 - IObit)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MyEpson Portal (HKLM\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
MyEpson Portal (Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
MyHeritage Family Tree Builder (HKLM\...\Family Tree Builder) (Version: 7.0.0.7143 - MyHeritage.com)
Nitro Pro 8 (HKLM\...\{C41DBC07-C9C2-4B8C-BD85-46ED6853AD6B}) (Version: 8.5.1.10 - Nitro)
PageBreeze Professional (HKLM\...\PageBreeze Professional) (Version:  - )
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FE}) (Version: 4.0.13 - dotPDN LLC)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Presto! PageManager 9.03 SE (HKLM\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
Rapport (Version: 3.5.1804.81 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7917 - Realtek Semiconductor Corp.)
SpeedCommander 14 (HKLM\...\SpeedCommander 14) (Version: 14.60.7200 - SWE Sven Ritter)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1232 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TomTom MyDrive Connect 4.1.4.3031 (HKLM\...\MyDriveConnect) (Version: 4.1.4.3031 - TomTom)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1804.81 - Trusteer)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
ZD Soft Screen Recorder (HKLM\...\{F0A56F04-4C9B-4408-9D65-5E0700BACCEB}) (Version: 5.4.0 - ZD Soft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2902350334-3320202767-595690442-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2902350334-3320202767-595690442-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01E01AB1-FA9E-48A0-9C65-C926EBFE0F2C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {04386598-858F-418E-9328-C6497CCC978E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {05EE699F-AB25-42D8-8781-558C5D1D2FAD} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {0BC13C4F-8706-4208-AF82-F25BA7D5DCC1} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {0DD2EBE9-0D05-48E3-B994-E2DCA96D3358} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0E12083C-0335-49DB-9542-BA1EC6D83ECC} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {0E22A8FB-3C4D-4810-BAB4-373A66E41F90} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {0F83BD4F-980A-4FE1-92FA-65C2A15D6B8E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {13FC456A-18CB-404F-AD1C-265B9164DB8B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1928A700-58A6-4E68-B73D-EF275B5EE728} - System32\Tasks\KMS10 => C:\WINDOWS\KMS10\KMS10.exe
Task: {2221EACC-10CE-4A11-BA2D-63B8C2AFFCC0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {24FA84A0-E087-48EC-BC51-2B9C4C815D78} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {2C702ABD-CE73-40BB-939D-A5141D2CBA57} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2017-01-13] (Glarysoft Ltd)
Task: {3EC80EFC-1686-4678-8AA5-CC9B41DCE3AA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4953B8E5-1A43-45B2-9E99-3EB015FB1931} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {497CDF2F-DC9B-43C9-ACBC-E2A0C7A437C4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {4ABA88F0-8480-4FBC-B3CD-D14BC20352F4} - \Auslogics\BoostSpeed\Scan and Repair -> No File <==== ATTENTION
Task: {4C9270DA-F751-410E-823E-5946427B543C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {504902A0-534F-41F3-96E5-DAA1F576573E} - System32\Tasks\{B4ADF10A-4BD3-4CD6-884E-13B0AD40A67A} => pcalua.exe -a "C:\Users\Home User\Desktop\pgbreeze.exe" -d "C:\Users\Home User\Desktop"
Task: {583377A3-AD7A-4946-9F8E-9B1F3EEBCB73} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {5AABC1F9-9C5A-4C17-BFA1-B1C28B810FB0} - System32\Tasks\GU5SkipUAC => C:\Program Files\Glary Utilities 5\Integrator.exe [2017-01-13] (Glarysoft Ltd)
Task: {5C0F16F0-8FE8-4E93-BC4D-02FAE06BD899} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {5DCA94AD-B28D-4BDB-9064-C33772A95800} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5EFEB3CC-EFB4-4939-B627-7758D8B8C167} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {64E95B9F-9FEC-4339-A38E-596CEE83B554} - \Auslogics\BoostSpeed\Start BoostSpeed оn Home User logon -> No File <==== ATTENTION
Task: {7105F768-8A88-4AEA-AA12-FD645B1DC587} - System32\Tasks\SUPERAntiSpyware Scheduled Task 6a1c4e47-acdb-4d00-9499-ed8c8d79b827 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {7178B0FA-8DDD-47AF-8299-743E9AF52933} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7778651F-0ED0-4C1B-8734-C8B543C6EEF3} - System32\Tasks\{4B623D78-46C7-4C67-9531-84EC4C44EB1C} => pcalua.exe -a "C:\Users\Home User\Downloads\pgbreeze.exe" -d "C:\Users\Home User\Downloads"
Task: {7830C15A-0B0F-4DD2-A170-69E1DAAF097F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-03-15] (Dropbox, Inc.)
Task: {7B964618-D25C-4D89-9362-C502C118E7FC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-03-15] (Dropbox, Inc.)
Task: {7EC1D8FB-5757-4EA8-98DE-D48C1607DB08} - System32\Tasks\KMS10Server => C:\WINDOWS\KMS10\KMS10.exe
Task: {7F16DBD1-73A4-40AB-9902-CB49B250A7C6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {815AA7FE-54F8-46B0-9F07-5DAB8C4ACE7C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {81BC742F-AA24-482F-BF8F-E4C81BA91EF9} - System32\Tasks\SUPERAntiSpyware Scheduled Task 758da3fa-f00a-430e-b39c-2b45a5107129 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {8BF523A3-FE98-4DEC-9DEC-76F8D206979B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8CD1C184-3E49-450E-92C2-985A59340A7B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {952B9376-761D-4E20-9D15-D868C0CFC506} - System32\Tasks\Future Systems Solutions\Casper\Casper 8.0 Update Notification Task => C:\Program Files\Future Systems Solutions\Casper 8.0\CASPER.EXE [2014-04-29] (Future Systems Solutions, Inc.)
Task: {95498FC5-1903-40A7-8EDD-D95D8CAA1571} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {98579EE6-9589-42F5-AFCC-56B93AF854BD} - System32\Tasks\GlaryOneClickOptimizer 5 => C:\Program Files\Glary Utilities 5\OneClickMaintenance.exe [2017-01-13] (Glarysoft Ltd)
Task: {A104C421-3A42-4B47-AE6F-CA8497D98F8E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
Task: {A2E3446E-2A22-4B1C-ADEC-2ACBEBCB7AEF} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A363722B-65E3-499A-A597-7D48645EA29F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A4D3F0E1-F97B-4815-81F7-F235A0D1AE31} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B22F696B-1580-4CEB-BE73-C152A2ACAC5F} - \Microsoft\Windows\Media Center\StartRecording -> No File <==== ATTENTION
Task: {BDB4A911-CF21-4B51-A447-E3F35C55ACD6} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {C0EBDBE9-C52F-4D63-87ED-305C4FB59C03} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CB33894C-14D7-4ADE-8268-30D40FA39FD0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D0D85847-E7FD-4E51-B284-1A7090BC4CDC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D980733B-B767-42BC-A08B-844B0E4C6BB1} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E701F06A-D297-4880-9B67-D98989AAAB40} - System32\Tasks\{F0FB8A60-2DF3-4266-BE79-7BF319421165} => pcalua.exe -a "C:\Users\Home User\Downloads\pgbreeze (1).exe" -d "C:\Users\Home User\Desktop"
Task: {ED391DAE-5316-4151-80EB-A006592E114C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F0BD99D0-84A3-4AF8-869A-80A2C7F9B87D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2A7BF00-52CD-4BA7-94AE-EADEED06FECD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F42CE702-CCEC-44C2-AE4E-4EB4C0F948AA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 6a1c4e47-acdb-4d00-9499-ed8c8d79b827.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 758da3fa-f00a-430e-b39c-2b45a5107129.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Home User\Desktop\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://hao.169x.cn/?v=108
ShortcutWithArgument: C:\Users\Home User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://hao.169x.cn/?v=108
ShortcutWithArgument: C:\Users\Home User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://hao.169x.cn/?v=108
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://hao.169x.cn/?v=108
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://hao.169x.cn/?v=108

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 08:25 - 2016-07-16 08:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 08:28 - 2016-12-09 10:11 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-02-07 12:16 - 2011-11-15 11:24 - 00146792 _____ () C:\Program Files\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe
2017-01-21 16:03 - 2016-03-31 17:57 - 00625440 _____ () C:\Program Files\IObit\LiveUpdate\ProductStatistics.dll
2016-11-03 20:05 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2016-11-03 20:05 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2016-11-03 20:05 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-11-03 20:05 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files\IObit\IObit Uninstaller\webres.dll
2016-11-03 20:05 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files\IObit\IObit Uninstaller\ProductStatistics.dll
2016-12-14 08:28 - 2016-12-09 10:11 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-01-27 12:41 - 2017-01-27 12:41 - 01244376 _____ () C:\Users\Home User\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-07-16 08:25 - 2016-07-16 08:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 09:25 - 2016-12-21 04:42 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 09:26 - 2016-12-21 04:25 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 09:26 - 2016-12-21 04:21 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-28 11:00 - 2016-08-06 03:21 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 09:26 - 2016-12-21 04:21 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 09:26 - 2016-12-21 04:22 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 09:27 - 2016-12-21 04:24 - 03158016 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-16 15:27 - 2008-11-17 13:56 - 00102400 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\nsSign.dll
2016-09-16 15:27 - 2010-05-07 10:46 - 00057344 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PerformOcr.dll
2016-09-16 15:27 - 2010-12-29 16:52 - 00147456 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMCommon.dll
2016-09-16 15:27 - 2010-12-23 12:17 - 00057344 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMISM.dll
2016-09-16 15:27 - 2008-08-25 16:19 - 00069632 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PHooKDlg.dll
2016-09-16 15:28 - 2007-03-30 09:24 - 00104528 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\Qem.dll
2016-09-16 15:27 - 2009-11-26 16:49 - 00081920 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\NetFun2k.dll
2016-09-16 15:27 - 2011-03-11 09:47 - 00151040 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\ScanModule.dll
2016-09-16 15:27 - 2009-09-09 13:44 - 00151552 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMANO.dll
2016-09-16 15:27 - 2007-03-30 08:49 - 00104528 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\ComClass.dll
2016-09-16 15:27 - 2010-11-30 15:42 - 00352256 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMTree.dll
2016-09-16 15:27 - 2010-10-22 09:01 - 00139264 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMSet.dll
2016-09-16 15:27 - 2010-12-29 17:32 - 00614400 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMDB_N.dll
2016-09-16 15:27 - 2010-07-13 09:48 - 00106496 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMProp.dll
2016-09-16 15:27 - 2010-09-09 17:00 - 00061440 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMINSO.dll
2016-09-16 15:27 - 2009-08-06 09:22 - 00421888 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\FT.dll
2016-09-16 15:27 - 2007-08-31 16:51 - 00040960 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMVoice.dll
2016-09-16 15:27 - 2010-09-08 16:10 - 00073728 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\OutlookVBA.dll
2016-09-16 15:27 - 2009-11-27 16:38 - 00331776 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMAppBar.dll
2016-09-16 15:27 - 2010-11-26 09:33 - 04583424 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMView.dll
2016-09-16 15:27 - 2007-03-30 09:01 - 00038992 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\NsOEMKey.dll
2016-09-16 15:27 - 2010-10-22 09:22 - 00090112 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMSave.dll
2016-09-16 15:27 - 2010-08-03 09:44 - 00049152 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMOffice.dll
2016-09-16 15:27 - 2010-09-26 10:13 - 00430080 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMPageVW.dll
2016-09-16 15:27 - 2010-09-26 10:13 - 00184320 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMImgVW.dll
2016-09-16 15:27 - 2010-08-03 09:51 - 01036288 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\SlideBarDLL.dll
2016-09-16 15:27 - 2010-03-02 14:09 - 00102400 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMDocVW.dll
2016-09-16 15:27 - 2008-08-25 15:16 - 00040960 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMIEVW.dll
2016-09-16 15:27 - 2010-09-08 09:52 - 00036864 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMPDFView.dll
2016-09-16 15:27 - 2009-12-04 16:20 - 00323584 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMAnoSet.dll
2016-09-16 15:27 - 2009-06-26 08:03 - 00086016 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMApSet.dll
2016-09-16 15:27 - 2010-04-27 14:20 - 00065536 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMStatus.dll
2016-09-16 15:27 - 2011-01-21 14:05 - 00258048 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMScnSet.dll
2016-09-16 15:27 - 2007-03-30 08:57 - 00034896 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\Import.dll
2016-09-16 15:27 - 2010-11-26 09:45 - 00090112 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\PMImageSplitter.dll
2017-01-20 20:27 - 2017-01-18 18:39 - 00801600 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll
2017-01-20 20:27 - 2016-12-21 08:44 - 00035792 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2017-01-20 20:27 - 2016-12-21 08:44 - 00100296 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2017-01-20 20:27 - 2016-12-21 08:44 - 00018888 _____ () C:\Program Files\Dropbox\Client\select.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00019776 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2017-01-20 20:27 - 2016-12-21 08:44 - 00694224 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00020824 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-01-20 20:27 - 2016-12-21 08:45 - 00123856 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 01682768 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00020816 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-01-20 20:27 - 2016-12-21 08:44 - 00145864 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2017-01-20 20:27 - 2016-12-21 08:45 - 00019408 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
2017-01-20 20:27 - 2016-12-21 08:44 - 00116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2017-01-20 20:27 - 2016-12-21 08:46 - 00105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00022864 _____ () C:\Program Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00052032 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00038712 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2017-01-20 20:27 - 2016-12-21 08:44 - 00392144 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2017-01-20 20:27 - 2016-12-21 08:46 - 00020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2017-01-20 20:27 - 2016-12-21 08:46 - 00024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2017-01-20 20:27 - 2016-12-21 08:47 - 00116176 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00381760 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2017-01-20 20:27 - 2016-12-21 08:46 - 00124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00026456 _____ () C:\Program Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-01-20 20:27 - 2016-12-21 08:46 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2017-01-20 20:27 - 2016-12-21 08:46 - 00175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2017-01-20 20:27 - 2016-12-21 08:46 - 00030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2017-01-20 20:27 - 2016-12-21 08:46 - 00043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2017-01-20 20:27 - 2016-12-21 08:47 - 00048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2017-01-20 20:27 - 2016-12-21 08:46 - 00057808 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2017-01-20 20:27 - 2016-12-21 08:46 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00246608 _____ () C:\Program Files\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00027488 _____ () C:\Program Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-01-20 20:27 - 2016-12-21 08:45 - 00241104 _____ () C:\Program Files\Dropbox\Client\_jpegtran.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00022336 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-01-20 20:27 - 2016-12-21 08:47 - 00028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00025432 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00022872 _____ () C:\Program Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00021848 _____ () C:\Program Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00022872 _____ () C:\Program Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 01826104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2017-01-20 20:27 - 2016-12-21 08:45 - 00083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00531264 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 03928896 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 01972536 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00133432 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00224064 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00207680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00021840 _____ () C:\Program Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-20 20:27 - 2016-12-21 08:47 - 00350152 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00103232 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00023896 _____ () C:\Program Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00025936 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-01-20 20:27 - 2016-12-21 08:42 - 00036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2017-01-20 20:27 - 2017-01-18 18:42 - 00033112 _____ () C:\Program Files\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-01-20 20:27 - 2016-12-04 06:24 - 00293392 _____ () C:\Program Files\Dropbox\Client\EnterpriseDataAdapter.dll
2017-01-20 20:27 - 2017-01-18 18:42 - 00084288 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-01-20 20:27 - 2016-12-21 08:50 - 00017864 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
2017-01-20 20:27 - 2016-12-21 08:50 - 01631184 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2017-01-20 20:27 - 2017-01-18 18:42 - 00042816 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00171336 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00357688 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
2017-01-20 20:27 - 2016-12-21 08:46 - 00060880 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00069968 _____ () C:\Program Files\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00026456 _____ () C:\Program Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-01-20 20:27 - 2017-01-18 18:42 - 00546104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll.dll
2016-09-16 15:27 - 2010-12-20 15:21 - 00098304 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\CategoryManager.dll
2016-09-16 15:27 - 2007-12-20 13:37 - 00176128 _____ () C:\Program Files\NewSoft\Presto! PageManager 9.03\DocCate.dll
2017-01-21 16:02 - 2016-03-31 17:57 - 00899872 _____ () C:\Program Files\IObit\IObit Malware Fighter\webres.dll
2017-01-21 16:02 - 2016-03-31 17:57 - 00188704 _____ () C:\Program Files\IObit\IObit Malware Fighter\unrar.dll
2017-01-21 16:02 - 2016-03-31 17:57 - 00151840 _____ () C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
2017-01-21 16:03 - 2016-03-31 17:57 - 00625440 _____ () C:\Program Files\IObit\IObit Malware Fighter\ProductStatistics.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2017-01-13 06:38 - 2017-01-13 06:38 - 00086992 _____ () C:\Program Files\Glary Utilities 5\zlib1.dll
2017-01-23 18:21 - 2017-01-23 18:22 - 00062464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x86__kzf8qxf38zg5c\SkypeHost.exe
2017-01-23 18:21 - 2017-01-23 18:22 - 00153088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-23 18:21 - 2017-01-23 18:22 - 30360064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x86__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 13:47 - 2016-12-14 13:49 - 01733120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x86__kzf8qxf38zg5c\roottools.dll
2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2017-01-22 18:50 - 2017-01-22 18:50 - 00054392 _____ () C:\Program Files\Trusteer\Rapport\bin\RapportTanzanUtil_2015.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [134]
AlternateDataStreams: C:\ProgramData\TEMP:D78D6FF7 [154]
AlternateDataStreams: C:\Users\Home User\Downloads\Driver Booster Pro 4.1 license.txt:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Home User\Downloads\InpaintSetup.exe:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Home User\Downloads\Inpaint_serial.txt:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Home User\Documents\Obituary of the late Mr Common Sense.docx:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2902350334-3320202767-595690442-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2902350334-3320202767-595690442-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: WrtMon.exe =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => LPort=808
FirewallRules: [{D7DD1664-0E86-4074-82BC-7C4C88FAB911}] => C:\Program Files\NewSoft\Presto! PageManager 9.03\LicenseCheck.exe
FirewallRules: [{F6F15E20-0A69-4760-8B9B-B1ED937A37AE}] => C:\Program Files\NewSoft\Presto! PageManager 9.03\LicenseCheck.exe
FirewallRules: [{614B831E-56D4-4835-B585-5B3F253203A1}] => C:\Program Files\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{51C904D0-B558-4AF1-A937-74E522A1FD5F}] => C:\Program Files\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{C2D3D27F-8213-45AA-BEDC-8F89F72CF00C}] => C:\Program Files\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{B883C90F-C085-46E6-AF77-8A870EF39577}] => C:\Program Files\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{179C68B5-6DAD-48BE-B060-E54897110E14}] => C:\Program Files\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{AA071BB2-BAD7-4178-9A66-CC1D49366C11}] => C:\Program Files\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{D82BC8DC-4D7F-4E4D-9274-084B3FBD37AE}] => C:\Program Files\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{96825292-02DB-4B71-A909-7937925250DC}] => C:\Program Files\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{7EA575E9-4CA7-47B6-B478-62FD99594665}] => C:\Program Files\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{7B2B9634-C229-4D78-AB30-16A8CE642B7B}] => C:\Program Files\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{AE102BA6-1761-4B90-9C6F-3924BC71D428}] => C:\Program Files\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{0A26F76D-B963-4C7B-91E2-13DC2FB73F01}] => C:\Program Files\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{16072316-FEBF-44D5-BC24-47AD67BEF1E8}] => C:\Program Files\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{01EBA2D2-31B0-4B38-B97A-591BD34C530B}] => C:\Program Files\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{9C10E9E7-B747-4E11-B033-69F506BB6305}] => C:\Program Files\EpsonNet\EpsonNet Config V4\ENConfig.exe
FirewallRules: [{B1F7D1E4-AC9D-44FD-8D16-767DB883FD02}] => C:\Program Files\EpsonNet\EpsonNet Config V4\ENConfig.exe
FirewallRules: [{6D28F9EA-2356-492C-B406-0C1A7BDC00FE}] => LPort=140
FirewallRules: [{41F3CCAC-6E53-439A-A25A-2D0CC8D67903}] => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{AA2164EA-BB02-44B3-986C-F4F6AAA6A04E}] => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{E6605D53-0627-4106-9B54-6DA35AD5432F}] => C:\Program Files\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{5E78E61A-2297-4A27-A392-257FB78A23A7}] => C:\Program Files\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{021A250F-6D9E-47F7-95CD-6A07E31773BB}] => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{465E5149-EBA9-49F5-997C-616963EB0724}] => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [UDP Query User{F6EB337F-ECED-4019-8F43-257026E17FD5}C:\program files\newsoft\presto! pagemanager 9.03\licensecheck.exe] => C:\program files\newsoft\presto! pagemanager 9.03\licensecheck.exe
FirewallRules: [TCP Query User{C5FCB11B-224F-48EB-A8D6-F96629F0ADF9}C:\program files\newsoft\presto! pagemanager 9.03\licensecheck.exe] => C:\program files\newsoft\presto! pagemanager 9.03\licensecheck.exe
FirewallRules: [{2959F3B4-7010-459A-BCF6-6AD272B45A05}] => C:\Program Files\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [{4CD9F584-061B-4B61-A0F7-9B1B02BD73CC}] => C:\Program Files\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [UDP Query User{B1164A33-01CC-4EAE-8A94-E0714D848B97}C:\program files\epson software\event manager\eeventmanager.exe] => C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{2CE09173-D48E-43E5-9218-6710BD8B4905}C:\program files\epson software\event manager\eeventmanager.exe] => C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{FB4E5851-0FB0-490A-8F4B-BF6279512071}C:\program files\epson software\event manager\eeventmanager.exe] => C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{693EBC3A-1BD4-48A6-B4D4-AC20D3385050}C:\program files\epson software\event manager\eeventmanager.exe] => C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{6CA20A46-7CF5-4559-AADE-2E309590AB81}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{8885FF9B-EF91-4A54-8BA6-F63631BA4396}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{B7CE3D96-769D-4DE4-B48B-28B039D50439}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{BB738546-54D4-4728-A9AC-3ECA0BF01F4B}] => C:\Users\Home User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{47B56B68-2F36-4818-B3FD-FD2E3473F6C6}] => C:\Users\Home User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5A392B12-EDEC-4F5C-9675-4D745ED124F0}] => C:\Program Files\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{6933B004-5592-48C9-AC9B-927DA343F720}] => C:\Program Files\Epson Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{1C973BCA-76B0-4C80-A887-79F7C00D890A}] => C:\Program Files\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{40B03AA4-BFDB-4BD8-9857-093545EB0973}] => C:\Program Files\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{CF61B075-EB9A-4FB5-A029-C0C536373C15}] => C:\Program Files\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{7909D7AC-60BF-429F-8E8E-33FCD6B74D8B}] => C:\Program Files\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{34F07240-206F-41C7-A0E6-F9656750693F}] => C:\Program Files\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{260268F6-051F-42CD-B940-31B7823F450E}] => C:\Program Files\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{BE73CA89-96D3-4E66-BEE4-E60639330EA2}] => C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{80394AD1-6E80-4059-8D34-8852B12ACF26}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B3B8C50C-D83D-4B5B-84FF-AEDF070BF963}] => C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

11-01-2017 11:36:24 Windows Update
21-01-2017 09:35:38 Scheduled Checkpoint
27-01-2017 15:08:47 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2017 05:52:08 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (01/27/2017 05:48:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.14393.479, time stamp: 0x58256e62
Faulting module name: windows.immersiveshell.serviceprovider.dll, version: 10.0.14393.0, time stamp: 0x57898fb4
Exception code: 0x80270233
Fault offset: 0x0003aead
Faulting process id: 0x1428
Faulting application start time: 0x01d278c5529acaf1
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
Report Id: 64031a10-7506-41d8-8741-eff20f213a7e
Faulting package full name:
Faulting package-relative application ID:

Error: (01/27/2017 05:45:55 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/27/2017 03:09:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/27/2017 02:34:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (01/27/2017 02:34:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/27/2017 02:33:44 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {053c1e63-919a-46ea-8e99-1c8cc70911c3}

Error: (01/27/2017 01:37:16 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/27/2017 12:24:38 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (01/27/2017 12:20:21 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.


System errors:
=============
Error: (01/27/2017 05:54:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application User Notification Service service hung on starting.

Error: (01/27/2017 05:48:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/27/2017 05:45:50 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/27/2017 05:45:55 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (01/27/2017 05:45:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:20:22 PM on ‎1/‎27/‎2017 was unexpected.

Error: (01/27/2017 04:47:41 PM) (Source: DCOM) (EventID: 10010) (User: HomeUser-PC)
Description: The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register with DCOM within the required timeout.

Error: (01/27/2017 04:46:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Client License Service (ClipSVC) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/27/2017 04:46:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Client License Service (ClipSVC) service to connect.

Error: (01/27/2017 04:44:07 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.

Error: (01/27/2017 04:33:48 PM) (Source: DCOM) (EventID: 10010) (User: HomeUser-PC)
Description: The server {F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2017-01-21 19:36:35.165
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\WinSxS\x86_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_f5dc96fa86157cdf\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-21 19:36:35.134
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\WinSxS\x86_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_f5dc96fa86157cdf\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-14 16:14:26.238
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\WinSxS\x86_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_f5dc96fa86157cdf\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-14 16:14:26.207
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\WinSxS\x86_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_f5dc96fa86157cdf\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-14 16:14:26.178
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\WinSxS\x86_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_f5dc96fa86157cdf\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-14 16:14:26.136
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\WinSxS\x86_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_f5dc96fa86157cdf\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2130 CPU @ 3.40GHz
Percentage of memory in use: 69%
Total physical RAM: 3014.98 MB
Available physical RAM: 930.81 MB
Total Virtual: 3974.98 MB
Available Virtual: 1158 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.22 GB) (Free:276.01 GB) NTFS
Drive e: () (Fixed) (Total:0.43 GB) (Free:0.16 GB) NTFS
Drive f: () (Fixed) (Total:465.22 GB) (Free:291.15 GB) NTFS
Drive g: () (Fixed) (Total:0.42 GB) (Free:0.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 0BC30048)
Partition 1: (Active) - (Size=110 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=439 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 561D3684)
Partition 1: (Active) - (Size=118 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=431 MB) - (Type=27)

==================== End of Addition.txt ============================



#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 27 January 2017 - 04:06 PM

Hello  Eddie1944 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here
Thanks
 
 
Going over your logs I noticed that you have µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
------------------------------------------------------------------------------------------------------------------------------------
 
I would like you to do the following,please.
 
Windows Firewall is enabled.
Check the Windows firewall software. If it is  open, please do disable
--------------------------------------
 
Step1:
Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt
start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
SearchScopes: HKU\.DEFAULT -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
GroupPolicy\User: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2902350334-3320202767-595690442-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF ProfilePath: C:\Users\Home User\AppData\Roaming\Mozilla\Firefox\Profiles\f7sc7zrq.default-1485528150121 
FF ProfilePath: C:\Users\Home User\AppData\Roaming\KompoZer\Profiles\0upmrreo.default
CHR HKU\S-1-5-21-2902350334-3320202767-595690442-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2902350334-3320202767-595690442-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
C:\Users\Home User\AppData\Roaming\ProductData
C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
C:\Users\Home User\Downloads\gup5setup(2).exe
C:\ProgramData\ProductData
C:\Users\Home User\AppData\Roaming\imagetuner.ini
C:\Users\Home User\AppData\Roaming\burnaware.ini
C:\Users\Home User\AppData\Local\ars.cache
C:\Users\Home User\AppData\Local\census.cache
C:\Users\Home User\AppData\Local\housecall.guid.cache
C:\Users\Home User\AppData\Local\sponge.last.runtime.cache
C:\ProgramData\DP45977C.lfl
CustomCLSID: HKU\S-1-5-21-2902350334-3320202767-595690442-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-2902350334-3320202767-595690442-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
Task: {05EE699F-AB25-42D8-8781-558C5D1D2FAD} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {0BC13C4F-8706-4208-AF82-F25BA7D5DCC1} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {0E12083C-0335-49DB-9542-BA1EC6D83ECC} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {0E22A8FB-3C4D-4810-BAB4-373A66E41F90} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2221EACC-10CE-4A11-BA2D-63B8C2AFFCC0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {24FA84A0-E087-48EC-BC51-2B9C4C815D78} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {3EC80EFC-1686-4678-8AA5-CC9B41DCE3AA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {497CDF2F-DC9B-43C9-ACBC-E2A0C7A437C4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {4ABA88F0-8480-4FBC-B3CD-D14BC20352F4} - \Auslogics\BoostSpeed\Scan and Repair -> No File <==== ATTENTION
Task: {4C9270DA-F751-410E-823E-5946427B543C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5EFEB3CC-EFB4-4939-B627-7758D8B8C167} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {64E95B9F-9FEC-4339-A38E-596CEE83B554} - \Auslogics\BoostSpeed\Start BoostSpeed оn Home User logon -> No File <==== ATTENTION
Task: {7178B0FA-8DDD-47AF-8299-743E9AF52933} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {815AA7FE-54F8-46B0-9F07-5DAB8C4ACE7C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B22F696B-1580-4CEB-BE73-C152A2ACAC5F} - \Microsoft\Windows\Media Center\StartRecording -> No File <==== ATTENTION
Task: {D0D85847-E7FD-4E51-B284-1A7090BC4CDC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F2A7BF00-52CD-4BA7-94AE-EADEED06FECD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [134]
AlternateDataStreams: C:\ProgramData\TEMP:D78D6FF7 [154]
AlternateDataStreams: C:\Users\Home User\Downloads\Driver Booster Pro 4.1 license.txt:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Home User\Downloads\InpaintSetup.exe:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Home User\Downloads\Inpaint_serial.txt:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Home User\Documents\Obituary of the late Mr Common Sense.docx:com.dropbox.attributes [168]
ShortcutWithArgument: C:\Users\Home User\Desktop\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://hao.169x.cn/?v=108
ShortcutWithArgument: C:\Users\Home User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://hao.169x.cn/?v=108
ShortcutWithArgument: C:\Users\Home User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://hao.169x.cn/?v=108
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://hao.169x.cn/?v=108
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://hao.169x.cn/?v=108
cmd: ipconfig /flushdns
EmptyTemp:
Hosts:
Reboot:
End
NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press the Fix button, just once, and wait.
When done, the tool creates a report on the Desktop called: Fixlog.txt
>> Please post the Fixlog.txt in your reply.
 
Step2:
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Step3:
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Thanks,regards.

Edited by olgun52, 27 January 2017 - 04:19 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 Eddie1944

Eddie1944
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Britain, the county of Kent
  • Local time:05:32 AM

Posted 28 January 2017 - 08:44 AM

Hi Yılmaz. thank you for the quick response and for the instructions. All advice and instructions have been followed. The log files are below.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 25-01-2017
Ran by Home User (28-01-2017 09:25:05) Run:1
Running from C:\Users\Home User\Desktop
Loaded Profiles: Home User & DefaultAppPool (Available Profiles: Home User & DefaultAppPool)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet
Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
SearchScopes: HKU\.DEFAULT -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
GroupPolicy\User: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2902350334-3320202767-595690442-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF ProfilePath: C:\Users\Home User\AppData\Roaming\Mozilla\Firefox\Profiles\f7sc7zrq.default-1485528150121
FF ProfilePath: C:\Users\Home User\AppData\Roaming\KompoZer\Profiles\0upmrreo.default
CHR HKU\S-1-5-21-2902350334-3320202767-595690442-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
C:\Users\Home User\AppData\Roaming\ProductData
C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
C:\Users\Home User\Downloads\gup5setup(2).exe
C:\ProgramData\ProductData
C:\Users\Home User\AppData\Roaming\imagetuner.ini
C:\Users\Home User\AppData\Roaming\burnaware.ini
C:\Users\Home User\AppData\Local\ars.cache
C:\Users\Home User\AppData\Local\census.cache
C:\Users\Home User\AppData\Local\housecall.guid.cache
C:\Users\Home User\AppData\Local\sponge.last.runtime.cache
C:\ProgramData\DP45977C.lfl
CustomCLSID: HKU\S-1-5-21-2902350334-3320202767-595690442-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> no filepath
CustomCLSID:
HKU\S-1-5-21-2902350334-3320202767-595690442-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
Task: {05EE699F-AB25-42D8-8781-558C5D1D2FAD} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {0BC13C4F-8706-4208-AF82-F25BA7D5DCC1} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {0E12083C-0335-49DB-9542-BA1EC6D83ECC} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {0E22A8FB-3C4D-4810-BAB4-373A66E41F90} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2221EACC-10CE-4A11-BA2D-63B8C2AFFCC0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {24FA84A0-E087-48EC-BC51-2B9C4C815D78} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {3EC80EFC-1686-4678-8AA5-CC9B41DCE3AA} -
\Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {497CDF2F-DC9B-43C9-ACBC-E2A0C7A437C4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {4ABA88F0-8480-4FBC-B3CD-D14BC20352F4} - \Auslogics\BoostSpeed\Scan and Repair -> No File <==== ATTENTION
Task: {4C9270DA-F751-410E-823E-5946427B543C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5EFEB3CC-EFB4-4939-B627-7758D8B8C167} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {64E95B9F-9FEC-4339-A38E-596CEE83B554} - \Auslogics\BoostSpeed\Start BoostSpeed ?n Home User logon -> No File <==== ATTENTION
Task: {7178B0FA-8DDD-47AF-8299-743E9AF52933} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {815AA7FE-54F8-46B0-9F07-5DAB8C4ACE7C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <====
ATTENTION
Task: {B22F696B-1580-4CEB-BE73-C152A2ACAC5F} - \Microsoft\Windows\Media Center\StartRecording -> No File <==== ATTENTION
Task: {D0D85847-E7FD-4E51-B284-1A7090BC4CDC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F2A7BF00-52CD-4BA7-94AE-EADEED06FECD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [134]
AlternateDataStreams: C:\ProgramData\TEMP:D78D6FF7 [154]
AlternateDataStreams: C:\Users\Home User\Downloads\Driver Booster Pro 4.1 license.txt:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Home User\Downloads\InpaintSetup.exe:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Home User\Downloads\Inpaint_serial.txt:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Home User\Documents\Obituary of the late Mr Common Sense.docx:com.dropbox.attributes [168]
ShortcutWithArgument: C:\Users\Home
User\Desktop\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://hao.169x.cn/?v=108
ShortcutWithArgument: C:\Users\Home User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://hao.169x.cn/?v=108
ShortcutWithArgument: C:\Users\Home User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://hao.169x.cn/?v=108
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://hao.169x.cn/?v=108
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ->
hxxp://hao.169x.cn/?v=108
cmd: ipconfig /flushdns
EmptyTemp:
Reboot:
End

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet => Error: No automatic fix found for this entry.
Explorer: Restriction <======= ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} => key removed successfully.
HKCR\CLSID\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} => key not found.
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully.
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
FF ProfilePath: C:\Users\Home User\AppData\Roaming\Mozilla\Firefox\Profiles\f7sc7zrq.default-1485528150121 => path removed successfully.
FF ProfilePath: C:\Users\Home User\AppData\Roaming\KompoZer\Profiles\0upmrreo.default => path removed successfully.
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\SOFTWARE\Google\Chrome\Extensions\bbjllphbppobebmjpjcijfbakobcheof => key removed successfully.
CHR => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2902350334-3320202767-595690442-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully.
dbx => service removed successfully.
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully.
idsvc => service removed successfully.
C:\Users\Home User\AppData\Roaming\ProductData => moved successfully
C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} => moved successfully
C:\Users\Home User\Downloads\gup5setup(2).exe => moved successfully
C:\ProgramData\ProductData => moved successfully
C:\Users\Home User\AppData\Roaming\imagetuner.ini => moved successfully
C:\Users\Home User\AppData\Roaming\burnaware.ini => moved successfully
C:\Users\Home User\AppData\Local\ars.cache => moved successfully
C:\Users\Home User\AppData\Local\census.cache => moved successfully
C:\Users\Home User\AppData\Local\housecall.guid.cache => moved successfully
C:\Users\Home User\AppData\Local\sponge.last.runtime.cache => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
HKU\S-1-5-21-2902350334-3320202767-595690442-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81} => key removed successfully.
CustomCLSID: => could not remove key.: incorrect path.
HKU\S-1-5-21-2902350334-3320202767-595690442-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05EE699F-AB25-42D8-8781-558C5D1D2FAD} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05EE699F-AB25-42D8-8781-558C5D1D2FAD} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict1 => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BC13C4F-8706-4208-AF82-F25BA7D5DCC1} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BC13C4F-8706-4208-AF82-F25BA7D5DCC1} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E12083C-0335-49DB-9542-BA1EC6D83ECC} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E12083C-0335-49DB-9542-BA1EC6D83ECC} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict2 => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E22A8FB-3C4D-4810-BAB4-373A66E41F90} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E22A8FB-3C4D-4810-BAB4-373A66E41F90} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2221EACC-10CE-4A11-BA2D-63B8C2AFFCC0} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2221EACC-10CE-4A11-BA2D-63B8C2AFFCC0} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24FA84A0-E087-48EC-BC51-2B9C4C815D78} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24FA84A0-E087-48EC-BC51-2B9C4C815D78} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {3EC80EFC-1686-4678-8AA5-CC9B41DCE3AA} - => key not found.
\Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{497CDF2F-DC9B-43C9-ACBC-E2A0C7A437C4} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{497CDF2F-DC9B-43C9-ACBC-E2A0C7A437C4} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4ABA88F0-8480-4FBC-B3CD-D14BC20352F4} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4ABA88F0-8480-4FBC-B3CD-D14BC20352F4} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Auslogics\BoostSpeed\Scan and Repair => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C9270DA-F751-410E-823E-5946427B543C} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C9270DA-F751-410E-823E-5946427B543C} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EFEB3CC-EFB4-4939-B627-7758D8B8C167} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EFEB3CC-EFB4-4939-B627-7758D8B8C167} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{64E95B9F-9FEC-4339-A38E-596CEE83B554} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64E95B9F-9FEC-4339-A38E-596CEE83B554} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Auslogics\BoostSpeed\Start BoostSpeed ?n Home User logon => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7178B0FA-8DDD-47AF-8299-743E9AF52933} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7178B0FA-8DDD-47AF-8299-743E9AF52933} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{815AA7FE-54F8-46B0-9F07-5DAB8C4ACE7C} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{815AA7FE-54F8-46B0-9F07-5DAB8C4ACE7C} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully.
ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B22F696B-1580-4CEB-BE73-C152A2ACAC5F} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B22F696B-1580-4CEB-BE73-C152A2ACAC5F} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0D85847-E7FD-4E51-B284-1A7090BC4CDC} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0D85847-E7FD-4E51-B284-1A7090BC4CDC} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2A7BF00-52CD-4BA7-94AE-EADEED06FECD} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2A7BF00-52CD-4BA7-94AE-EADEED06FECD} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully.
C:\ProgramData\TEMP => ":B755D674" ADS removed successfully..
C:\ProgramData\TEMP => ":D78D6FF7" ADS removed successfully..
C:\Users\Home User\Downloads\Driver Booster Pro 4.1 license.txt => ":com.dropbox.attributes" ADS removed successfully..
C:\Users\Home User\Downloads\InpaintSetup.exe => ":com.dropbox.attributes" ADS removed successfully..
C:\Users\Home User\Downloads\Inpaint_serial.txt => ":com.dropbox.attributes" ADS removed successfully..
C:\Users\Home User\Documents\Obituary of the late Mr Common Sense.docx => ":com.dropbox.attributes" ADS removed successfully..
ShortcutWithArgument: C:\Users\Home => not found.
User\Desktop\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://hao.169x.cn/?v=108 => Error: No automatic fix found for this entry.
C:\Users\Home User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully..
C:\Users\Home User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Shortcut argument removed successfully..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully..
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully..
hxxp://hao.169x.cn/?v=108 => Error: No automatic fix found for this entry.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 65460042 B
Java, Flash, Steam htmlcache => 15237 B
Windows/system/drivers => 10437901 B
Edge => 22124 B
Chrome => 0 B
Firefox => 78654154 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 22818 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 322612 B
NetworkService => 7144 B
Home User => 71666302 B
DefaultAppPool => 22818 B

RecycleBin => 103007 B
EmptyTemp: => 216.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:28:35 ====

# AdwCleaner v6.043 - Logfile created 28/01/2017 at 12:07:46
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-01-27.1 [Server]
# Operating System : Windows 10 Pro  (X86)
# Username : Home User - HOMEUSER-PC
# Running from : C:\Users\Home User\Downloads\Anti-vurus software\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****

[-] Shortcut disinfected: C:\Users\Home User\Desktop\Internet Explorer.lnk


***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1672 Bytes] - [20/07/2016 12:01:03]
C:\AdwCleaner\AdwCleaner[C2].txt - [2267 Bytes] - [23/12/2016 19:28:26]
C:\AdwCleaner\AdwCleaner[C3].txt - [2150 Bytes] - [28/12/2016 20:18:07]
C:\AdwCleaner\AdwCleaner[C4].txt - [1077 Bytes] - [28/01/2017 12:07:46]
C:\AdwCleaner\AdwCleaner[S1].txt - [1462 Bytes] - [20/07/2016 11:21:53]
C:\AdwCleaner\AdwCleaner[S2].txt - [1286 Bytes] - [08/09/2016 15:54:23]
C:\AdwCleaner\AdwCleaner[S3].txt - [2437 Bytes] - [23/12/2016 19:26:55]
C:\AdwCleaner\AdwCleaner[S4].txt - [2212 Bytes] - [28/12/2016 20:14:54]
C:\AdwCleaner\AdwCleaner[S5].txt - [1756 Bytes] - [28/01/2017 12:07:14]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1515 Bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x86
Ran by Home User (Administrator) on 28-Jan-17 at 12:23:42.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Home User\AppData\Roaming\productdata (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28-Jan-17 at 12:28:16.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 28 January 2017 - 01:08 PM

Hello Eddie 1944,
 
Thanks for the logs.
 
Does still the problems continues?
----------------
Just a suggestion:You don't use registry cleaning softwares.
===================================================================================
 
Please do the following:
 
İnternet explorer:
Internet Explorer 9, 10 and 11 (Win) - Clearing Cache and Cookies
https://kb.wisc.edu/page.php?id=15141
Next >>
How to reset Internet Explorer settings
https://support.microsoft.com/en-us/kb/923737
 
Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
 
 Chrome:
Delete your cache, history, and other browser data
https://support.google.com/chrome/answer/95582?hl=en
Next >>
Reset Chrome browser settings
https://support.google.com/chrome/answer/3296214?hl=en
 
===============================================================================
 
Step 1:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:
MalwareBytes Anti-Rootkit scan:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.09.3.1001.exe and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the' Cleanup' button yet. Click 'Exit'.
  • Please post the contents of the log created by the tool within the folder from which it was run.

The log will be named system-log.txt

 

Regards,Yılmaz


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 Eddie1944

Eddie1944
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Britain, the county of Kent
  • Local time:05:32 AM

Posted 28 January 2017 - 03:53 PM

Hi Yılmaz, no signs of any problems now - browsers are working normally. All instructions to clear browser cookies/caches/settings have been followed.

 

Logs as requested are below.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/28/17
Scan Time: 7:55 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1123
License: Trial

-System Information-
OS: Windows 10
CPU: x86
File System: NTFS
User: HomeUser-PC\Home User

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 373789
Time Elapsed: 13 min, 16 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

© Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x86

Account is Administrative

Internet Explorer version: 11.576.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 3.392000 GHz
Memory total: 3161432064, free: 700919808

Downloaded database version: v2017.01.28.09
Canceled update
Initializing...
======================
Driver version: 0.3.0.4
------------ Kernel report ------------
     01/28/2017 20:17:50
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\RapportKELL.sys
\SystemRoot\System32\Drivers\RapportHades.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\ambakdrv.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1804047.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\??\C:\WINDOWS\System32\drivers\zamguard32.sys
\??\C:\WINDOWS\System32\drivers\zam32.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
\??\C:\Program Files\Trusteer\Rapport\bin\RapportAegle.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\HWiNFO32.SYS
\??\C:\WINDOWS\System32\drivers\GUBootStartup.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_x86_ed148199964e21c5\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\HECI.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rt640x86.sys
\SystemRoot\System32\drivers\fdc.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\parport.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\drivers\Apowersoft_AudioDevice.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\parvdm.sys
\??\C:\WINDOWS\system32\ammntdrv.sys
\??\C:\WINDOWS\system32\amwrtdrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\WINDOWS\system32\drivers\supersafer.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\SystemRoot\System32\drivers\WSDPrint.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys
\??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\IMFFilter.sys
\SystemRoot\system32\drivers\MBAMChameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8fbb2660, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8fbb22c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8fbb2660, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8ebc9358, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff89956878, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BC30048

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 224847
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 224910  Numsec = 975643515
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 975868425  Numsec = 899640
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8fbb3840, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8fbb3450, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8fbb3840, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8ebcd020, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ebcf030, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 561D3684

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 240912
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 240975  Numsec = 975643515
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 975884490  Numsec = 883575
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\System32\ntdll.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntdll.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kernel32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntlanman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drprov.dll" is sparse (flags = 32768)
File "C:\Windows\System32\davclnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\davhlpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsasrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROVFW.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROVFW.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\joinutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\negoexts.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERBCLIENTSHARED.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERBCLIENTSHARED.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptdll.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NTLMSHARED.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NTLMSHARED.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GMSACLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GMSACLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\Wldap32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cloudAP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MICROSOFTACCOUNTCLOUDAP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MICROSOFTACCOUNTCLOUDAP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PCPKsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PCPTpm12.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tbs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EFSLSAEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EFSLSAEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dpapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dsparse.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTPROV.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTPROV.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wevtapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wevtapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CERTPOLENG.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CERTPOLENG.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SECURETIMEAGGREGATOR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SECURETIMEAGGREGATOR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dsrole.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCPOPKEYSRV.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NGCPOPKEYSRV.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\hmkd.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\authz.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\logoncli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\UXInit.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwminit.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERMGRCLI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERMGRCLI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mprext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wldp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpoext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tdh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mintdh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hid.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psmsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RESOURCEPOLICYCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RESOURCEPOLICYCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EVENTAGGREGATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EVENTAGGREGATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\VEEVENTDISPATCHER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\VEEVENTDISPATCHER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVCAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVCAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sysntfy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PSMSERVICEEXTHOST.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PSMSERVICEEXTHOST.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RESOURCEPOLICYSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RESOURCEPOLICYSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BROKERLIB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BROKERLIB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dab.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONECOREUAPCOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONECOREUAPCOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rmclient.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BACKGROUNDMEDIAPOLICY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BACKGROUNDMEDIAPOLICY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ACPBACKGROUNDMANAGERPOLICY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ACPBACKGROUNDMANAGERPOLICY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CBTBACKGROUNDMANAGERPOLICY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CBTBACKGROUNDMANAGERPOLICY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTCARDBACKGROUNDPOLICY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTCARDBACKGROUNDPOLICY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.BACKGROUNDTRANSFER.BACKGROUNDMANAGERPOLICY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.BACKGROUNDTRANSFER.BACKGROUNDMANAGERPOLICY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SEBBACKGROUNDMANAGERPOLICY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SEBBACKGROUNDMANAGERPOLICY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EXECMODELPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXECMODELPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\capauthz.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EXECMODELCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXECMODELCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STATEREPOSITORY.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STATEREPOSITORY.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDBROKERCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDBROKERCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RPCRTREMOTE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RPCRTREMOTE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WSHHYPERV.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WSHHYPERV.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msiltcfg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwmredir.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uDWM.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmghost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\UIANIMATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\UIANIMATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ism32k.dll" is sparse (flags = 32768)
File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\avrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.GAMING.INPUT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.GAMING.INPUT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d2d1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\xmllite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cabinet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ubpm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wmiclnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\taskcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PROFSVCEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PROFSVCEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPTASKSCHEDULER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPTASKSCHEDULER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CSYSTEMEVENTSBROKERCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CSYSTEMEVENTSBROKERCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netjoin.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERMGRPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERMGRPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fveapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PROXIMITYSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PROXIMITYSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PROXIMITYCOMMON.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PROXIMITYCOMMON.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PROXIMITYCOMMONPAL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PROXIMITYCOMMONPAL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PROXIMITYSERVICEPAL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PROXIMITYSERVICEPAL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sscore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SSCOREEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SSCOREEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\miutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wmidcom.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rtutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\resutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\resutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clusapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sqmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\httpprxm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\httpprxm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\adhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\httpprxc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\httpprxc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netprofm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSHIM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSHIM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\npmproxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdscore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nci.dll" is sparse (flags = 32768)
File "C:\Windows\System32\activeds.dll" is sparse (flags = 32768)
File "C:\Windows\System32\adsldpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wpncore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINSQLITE3.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINSQLITE3.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winrnr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpnsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NapiNSP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\HNETCFGCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\HNETCFGCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vssapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vsstrace.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\esscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wmiutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\repdrvfs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiPrvSD.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ncobjapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemess.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MrmCoreR.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MrmCoreR.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BCP47LANGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCP47LANGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wpnprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.SOCKETS.PUSHENABLEDAPPLICATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.SOCKETS.PUSHENABLEDAPPLICATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dabapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KEEPALIVEPROVIDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KEEPALIVEPROVIDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\NCProv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMCMNUTILS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SHACCTPROFILE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHACCTPROFILE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CREDENTIALMIGRATIONHANDLER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CREDENTIALMIGRATIONHANDLER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.DEVICES.RADIOS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.DEVICES.RADIOS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PORTABLEDEVICEAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PORTABLEDEVICEAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PORTABLEDEVICECONNECTAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PORTABLEDEVICECONNECTAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFPLATFORM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFPLATFORM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhcfg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efsutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\taskschd.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcadm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcadm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcacli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\adhapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshqos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSHTCPIP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wship6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wfapigp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICEASSOCIATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICEASSOCIATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\radardt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srumsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\esent.dll" is sparse (flags = 32768)
File "C:\Windows\System32\esent.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dtsh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\eeprov.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPSRUPROV.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPSRUPROV.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\nduprov.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSRUPROV.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSRUPROV.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ncuprov.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ENERGYPROV.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENERGYPROV.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\srumapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ktmw32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nrpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wevtsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCORE6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCORE6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NgcCtnr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fundisc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fdProxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shacct.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IDStore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FONTPROVIDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FONTPROVIDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PERFTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PERFTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdWSD.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSDApi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEBSERVICES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WEBSERVICES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdSSDP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SBSERVICETRIGGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SBSERVICETRIGGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdprt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\Clipc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shfolder.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Faultrep.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ncsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTTPMEKSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTTPMEKSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTCATSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTCATSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dafupnp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DAFWSD.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOSRVPOLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOSRVPOLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREAUDIOPOLICYMANAGEREXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREAUDIOPOLICYMANAGEREXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICEACCESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICEACCESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmcsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CMINTEGRATOR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CMINTEGRATOR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\localspl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\localspl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spoolss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PRINTISOLATIONPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PRINTISOLATIONPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wshirda.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FXSMON.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcr80.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tcpmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\snmpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wsnmp32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usbmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSDMon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fdPnp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\atl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drvstore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drvstore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wsdchngr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32spl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32spl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetpp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FXSRESM.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devrtl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spfileq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spinf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSDPRINTPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WSDPRINTPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\httpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bidispl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netbios.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RpcNs4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\iisutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\nativerd.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\iisres.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mlang.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgeng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgeng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DbgModel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DbgModel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSPERFORMANCERECORDERCONTROL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSPERFORMANCERECORDERCONTROL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcd.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dsreg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptxml.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wpnapps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SECURITY.AUTHENTICATION.ONLINEID.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SECURITY.AUTHENTICATION.ONLINEID.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\aepic.dll" is sparse (flags = 32768)
File "C:\Windows\System32\aepic.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SECURITY.AUTHENTICATION.WEB.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SECURITY.AUTHENTICATION.WEB.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\vaultcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TOKENBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TOKENBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TOKENBINDING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TOKENBINDING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\security.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\iisw3adm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\w3tp.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\mscoree.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\40571abae9422cd2ca6fafbbde1c3cdc\mscorlib.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08da6b6698b412866e6910ae9b84f363\System.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f6ebd52be27fe627fed0d185c6a9c0d5\System.Core.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SYSTEM.SERVICEMODEL\A390FA28B40E5B0BFD357371211F470D\SYSTEM.SERVICEMODEL.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SYSTEM.SERV759BFB78#\010CA03BC4CE0E90ABA17CF53DFAA3B0\SYSTEM.SERVICEPROCESS.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SYSTEM.SERVD1DEC626#\D842AC6DC0B94D7516B2D43A62B8F4D7\SYSTEM.SERVICEMODEL.INTERNALS.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDIAGNOSTICS\1B144B0155AA14719AC0B83F038ABBD5\SMDIAGNOSTICS.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\aa9c29b70b4cceab890eb841f89d73e9\System.Configuration.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7532301b00fac8def2f526ca8b480e11\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\213003369298faf75651a6b8981dce12\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\04c4f83e0b62ff553abff98943e45f42\System.Xaml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\wbhstipm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mqsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\mqqm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mqutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mqsec.dll" is sparse (flags = 32768)
File "C:\Windows\System32\normaliz.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mqlogmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiatrace.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sti.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSDScDrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSDScDrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSDSCANPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WSDSCANPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SYSTEM.COMPBA577418#\3D2A29307752E54B838204883FF642FA\SYSTEM.COMPONENTMODEL.COMPOSITION.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SYSTEM.DATA\720259E39EF1331FA96A3242AD50F25A\SYSTEM.DATA.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6e975e2acfc33e1c706f00bf2942e187\System.Xml.Linq.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SYSTEM.TRANSACTIONS\4F886295844DC43B0FF606C4CAAEB80E\SYSTEM.TRANSACTIONS.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SYSTEM.DATA.LINQ\B4E7AFD633DF87B8B6FC9755469689ED\SYSTEM.DATA.LINQ.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SYSTEM.IDENTITYMODEL\5802392CD3E3A6F3921AABC3241BB561\SYSTEM.IDENTITYMODEL.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SYSTEM.MANAGEMENT\A280FAC0C231C9D6D5F1274C2180D594\SYSTEM.MANAGEMENT.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SYSTEM.ENTE96D83B35#\F9888BCB8AC4E66F7FDEF076669CE50C\SYSTEM.ENTERPRISESERVICES.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SYSTEM.ENTE96D83B35#\F9888BCB8AC4E66F7FDEF076669CE50C\SYSTEM.ENTERPRISESERVICES.WRAPPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\DESKTOPSHELLEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DESKTOPSHELLEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHELL.SERVICEHOSTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHELL.SERVICEHOSTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MODERNEXECSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MODERNEXECSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CLIPBOARDSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CLIPBOARDSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ACTIVATIONMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ACTIVATIONMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPOINTMENTACTIVATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPOINTMENTACTIVATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWMANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWMANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NOTIFICATIONPLATFORMCOMPONENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NOTIFICATIONPLATFORMCOMPONENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPCONTRACTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPCONTRACTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHAREHOST.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHAREHOST.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPPORTINGLIBRARY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPPORTINGLIBRARY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SYSTEM.LAUNCHER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SYSTEM.LAUNCHER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dsclient.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINUI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TWINUI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\daxexec.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CONTAINER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CONTAINER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msxml3.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\oledlg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mshtml.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mshtml.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msimtf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msls31.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\D3D10WARP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\D3D10WARP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ieframe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ieframe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FWREMOTESVR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FWREMOTESVR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHAREDSTARTMODEL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHAREDSTARTMODEL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCPOLICY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCPOLICY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SNDVOLSSO.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SNDVOLSSO.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\twinui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\twinui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.IMMERSIVESHELL.SERVICEPROVIDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.IMMERSIVESHELL.SERVICEPROVIDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\slc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sppc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINUI.PCSHELL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TWINUI.PCSHELL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.IMMERSIVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.IMMERSIVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NOTIFICATIONCONTROLLER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NOTIFICATIONCONTROLLER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHOTOMETADATAHANDLER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHOTOMETADATAHANDLER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ABOVELOCKAPPHOST.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ABOVELOCKAPPHOST.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NPSM.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidprov.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.WEB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.WEB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ninput.dll" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ICONCODECSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ICONCODECSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wcmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NOTIFICATIONOBJFACTORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NOTIFICATIONOBJFACTORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NOTIFICATIONCONTROLLERPS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NOTIFICATIONCONTROLLERPS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETWORKEXPLORER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETWORKEXPLORER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fontext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\stobject.dll" is sparse (flags = 32768)
File "C:\Windows\System32\stobject.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.SHELL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.SHELL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINCORLIB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINCORLIB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\batmeter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.SHELL.BROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.SHELL.BROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ntoskrnl.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ntoskrnl.exe" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICECENTER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICECENTER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dui70.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DXP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shdocvw.dll" is sparse (flags = 32768)
File "C:\Windows\System32\atlthunk.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ACTIONCENTER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ACTIONCENTER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\Syncreg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WPDSHSERVICEOBJ.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDSHSERVICEOBJ.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wdmaud.drv" is sparse (flags = 32768)
File "C:\Windows\System32\ksuser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PORTABLEDEVICETYPES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PORTABLEDEVICETYPES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.drv" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnidui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\midimap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGMONITOR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGMONITOR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETWORKUXBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETWORKUXBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cscui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ETHERNETMEDIAMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ETHERNETMEDIAMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bthprops.cpl" is sparse (flags = 32768)
File "C:\Windows\System32\cscobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SRCHADMIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SRCHADMIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYNCCENTER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYNCCENTER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imapi2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hgcpl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\duser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSCINTEROP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WSCINTEROP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wscui.cpl" is sparse (flags = 32768)
File "C:\Windows\System32\WERCONCPL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WERCONCPL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMEDYNOS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMEDYNOS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wer.dll" is sparse (flags = 32768)
File "C:\Windows\System32\HCPROVIDERS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\HCPROVIDERS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ieproxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\twext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSHELL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSHELL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\syncui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\synceng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\acppage.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.SEARCH.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.SEARCH.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DLNASHEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DLNASHEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\prnntfy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\puiapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\puiapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\printui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\puiobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\puiobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msftedit.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msftedit.dll" is sparse (flags = 32768)
File "C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\UIRibbon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\UIRibbon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\UIRIBBONRES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\UIRIBBONRES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STRUCTUREDQUERY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STRUCTUREDQUERY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PLAYTODEVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PLAYTODEVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVDISPITEMPROVIDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVDISPITEMPROVIDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSWB7.dll" is sparse (flags = 32768)
File "C:\Windows\System32\zipfldr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\chartv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.GLOBALIZATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.GLOBALIZATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GLOBINPUTHOST.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GLOBINPUTHOST.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EHSTORAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EHSTORAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREENPS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREENPS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\tquery.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tquery.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssrch.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssrch.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msidle.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ELSCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\elslad.dll" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.XAML.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.XAML.DLL" is sparse (flags = 32768)
File "C:\Windows\ShellExperiences\StartUI.dll" is sparse (flags = 32768)
File "C:\Windows\ShellExperiences\StartUI.dll" is sparse (flags = 32768)
File "C:\Windows\ShellExperiences\WINDOWS.UI.SHELL.SHAREDUTILITIES.DLL" is sparse (flags = 32768)
File "C:\Windows\ShellExperiences\WINDOWS.UI.SHELL.SHAREDUTILITIES.DLL" is sparse (flags = 32768)
File "C:\Windows\ShellExperiences\QUICKACTIONS.DLL" is sparse (flags = 32768)
File "C:\Windows\ShellExperiences\QUICKACTIONS.DLL" is sparse (flags = 32768)
File "C:\Windows\ShellExperiences\WINDOWS.UI.ACTIONCENTER.DLL" is sparse (flags = 32768)
File "C:\Windows\ShellExperiences\WINDOWS.UI.ACTIONCENTER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\QUICKACTIONSDATAMODEL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\QUICKACTIONSDATAMODEL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.CORE.TEXTINPUT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.CORE.TEXTINPUT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.GLOBALIZATION.FONTGROUPS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.GLOBALIZATION.FONTGROUPS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FONTGROUPSOVERRIDE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FONTGROUPSOVERRIDE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.APPLICATIONDATA.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.APPLICATIONDATA.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THREADPOOLWINRT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THREADPOOLWINRT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.GRAPHICS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.GRAPHICS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GLOBCOLLATIONHOST.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GLOBCOLLATIONHOST.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RTMEDIAFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RTMEDIAFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PersonaX.dll" is sparse (flags = 32768)
File "C:\Windows\ShellExperiences\JUMPVIEWUI.DLL" is sparse (flags = 32768)
File "C:\Windows\ShellExperiences\JUMPVIEWUI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHELLCOMMONCOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHELLCOMMONCOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.CORTANA.DESKTOP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.CORTANA.DESKTOP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.HOSTNAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.HOSTNAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.CORTANA.ONECORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.CORTANA.ONECORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FAMILYSAFETYEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FAMILYSAFETYEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.CORTANA.PROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.CORTANA.PROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CORTANAAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CORTANAAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\BINGCONFIGURATIONCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\BINGCONFIGURATIONCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.CORTANA.PAL.DESKTOP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.CORTANA.PAL.DESKTOP.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CORTANA.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CORTANA.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ACTIONMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ACTIONMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.APPLICATIONMODEL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.APPLICATIONMODEL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\Speech_OneCore\Common\SAPI_ONECORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\Speech_OneCore\Common\SAPI_ONECORE.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSUGGESTLIB.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSUGGESTLIB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.WEB.HTTP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.WEB.HTTP.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CORTANA.ACTIONS.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CORTANA.ACTIONS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SPEECHPAL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SPEECHPAL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATATYPEHELPERUTIL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATATYPEHELPERUTIL.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CORTANA.BACKGROUNDTASK.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CORTANA.BACKGROUNDTASK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\biwinrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.APPLICATIONMODEL.BACKGROUND.TIMEBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.APPLICATIONMODEL.BACKGROUND.TIMEBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.APPLICATIONMODEL.BACKGROUND.SYSTEMEVENTSBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.APPLICATIONMODEL.BACKGROUND.SYSTEMEVENTSBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\REMINDERSUI.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\REMINDERSUI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\edgehtml.dll" is sparse (flags = 32768)
File "C:\Windows\System32\edgehtml.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Chakra.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Chakra.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ROMETADATA.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ROMETADATA.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dsound.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiadss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfc42.dll" is sparse (flags = 32768)
File "C:\Windows\System32\odbc32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\avifil32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvfw32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntdsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemdisp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SYSTEM.DRAWING\C2ABCDA8F96D67FA6FF5665FD21DDDFF\SYSTEM.DRAWING.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SYSTEM.WINDOWS.FORMS\C02FBF560E52A1AAB432A90D4C613AF4\SYSTEM.WINDOWS.FORMS.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5751e969e4789e60d3ad463cb6024006\WindowsBase.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\051a282e157a228405b2e0d867c3ce1d\PresentationCore.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\5272cb4aeec65bec2fffb45e9cb22910\PresentationFramework.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\jscript9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\jscript9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\t2embed.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dispex.dll" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETWORKHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETWORKHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MCCSPal.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATAPLATFORMHELPERUTIL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATAPLATFORMHELPERUTIL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\syncutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\INPROCLOGGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\INPROCLOGGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYNCCONTROLLER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYNCCONTROLLER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ACCOUNTACCESSOR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ACCOUNTACCESSOR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\Pimstore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATALANGUAGEUTIL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATALANGUAGEUTIL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MCCSENGINESHARED.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MCCSENGINESHARED.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cemapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PHONEUTIL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONEUTIL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCECLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCECLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGDATAMODEL2.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGDATAMODEL2.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POSYNCSERVICES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POSYNCSERVICES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WinSync.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPXALLUSERSTORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXALLUSERSTORE.DLL" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MSASCuiL.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MpClient.dll" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\EPPMANIFEST.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\perfos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mstask.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hhctrl.ocx" is sparse (flags = 32768)
File "C:\Windows\System32\riched20.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ieapfltr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ieapfltr.dll" is sparse (flags = 32768)
File "C:\Windows\apppatch\AcSpecfc.dll" is sparse (flags = 32768)
File "C:\Windows\apppatch\AcSpecfc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ddraw.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hlink.dll" is sparse (flags = 32768)
File "C:\Windows\System32\idndl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECSEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECSEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFREADWRITE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFREADWRITE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\prnfldr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\INDEXEDDBSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\INDEXEDDBSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pdh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxva2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\evr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSAUDDECMFT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSAUDDECMFT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mfcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MP3DMOD.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msdmo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\quartz.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qasf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WMVCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WMASF.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\AudioEng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioEng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOKSE.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOKSE.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WMALFXGFXDSP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WMALFXGFXDSP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\msdelta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdelta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CERTENROLL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CERTENROLL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certca.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parvdm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parvdm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppVStrm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\registry.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\csc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssecflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mqac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usb8023x.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usb8023x.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tunnel.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UEVAGENTDRIVER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AGENTSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tsusbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\viac7.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\viac7.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WSDPrint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WSDPrint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appmgmts.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\irmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PEERDISTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\w3logsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Users\Home User\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe --> [Trojan.Agent]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe --> [Security.Hijack]
 



#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 28 January 2017 - 07:18 PM

Hi Yılmaz, no signs of any problems now - browsers are working normally. All instructions to clear browseokies/caches/setngs have been followed.

Very good.

===================================

We have a small issue and just junk.

MRT stands for Microsoft Removal Tool The removal was not complete and there are some leftover that we need to clean.

Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe --> [Trojan.Agent]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe --> [Security.Hijack]

Please do this,please.

 

Farbar's Recovery Scan Tool Search
--------------------

  • Launch FRST
  • Copy/paste the following in the Search Field
mrt;MsMpEng;svchost
  • Click Search Registry button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbup2:

  • Search report

Regards
Yılmaz


Edited by olgun52, 28 January 2017 - 07:26 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 Eddie1944

Eddie1944
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Britain, the county of Kent
  • Local time:05:32 AM

Posted 31 January 2017 - 03:35 PM

Hi Yilmaz, I replied on 29 January but there is no sign of my reply here so I will post Search.txt tomorrow from the desktop that is infected - this post is from my laptop.



#9 Eddie1944

Eddie1944
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Britain, the county of Kent
  • Local time:05:32 AM

Posted 01 February 2017 - 05:54 AM

Hi Yilmaz, Firefox has just opened with https://www.hao123.com/?tn=91290409_hao_pg instead of my designated homepage which is still showing as my homepage but it loaded hao123.com... instead.

 

i have tried several times to send a copy of search.txt pasted below but the post will not send. Either the POST button is grayed out or the page gives up after about 30 seconds.



#10 Eddie1944

Eddie1944
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Britain, the county of Kent
  • Local time:05:32 AM

Posted 01 February 2017 - 06:34 AM

The number of characters in search.txt seems to exceed the number allowed in a reply on this forum.



#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 01 February 2017 - 12:10 PM

Hi,

I understand. Please do the following.

 

Step 1:

Please Download HostsXpert and unzip it to your computer, somewhere where you can find it. The root of the system drive would be a ideal location:

 

EG: C:\

  • Right-click on HostsXpert.exe and select Run as Administrator to launch the programme.
  • Check to see if top button on left hand side says Make Writable?
  • If it does. click on it then proceed to next instruction.
  • If not, just proceed to next instruction..
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition
  • When prompted to confirm, click OK.
  • Click on the Download button (lower left hand side)
  • Click on MVPs Hosts... button.
  • Click on Replace button.

Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file. If prompted about DNS, just ignore it click on OK etc)

 

When finished...

  • Click on File Handling button.
  • Click on Make Read Only? to secure it against infection.
  • Exit the programme.

Step 2:

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Step 3:

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

 

Thanks

Yılmaz


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 Eddie1944

Eddie1944
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Britain, the county of Kent
  • Local time:05:32 AM

Posted 02 February 2017 - 05:27 AM

Hi Yilmaz, thank you for those instructions. The Zemana and RogueKiller logs are below.

 

Zemana AntiMalware 2.70.189.352 (Portable)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017-1-13
Operating System       : Windows 10 32-bit
Processor              : 4X Intel® Core™ i3-2130 CPU @ 3.40GHz
BIOS Mode              : Legacy
CUID                   : 1271B06A9DB9F400D33510
Scan Type              : System Scan
Duration               : 29m 11s
Scanned Objects        : 101848
Detected Objects       : 50
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Edge URL Shortcut
Status             : Scanned
Object             : http://hao.169x.cn/?v=108
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Edge URL Shortcut

Internet Explorer Shortcut
Status             : Scanned
Object             : http://hao.169x.cn/?v=108
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Shortcut

Internet Explorer Shortcut
Status             : Scanned
Object             : http://hao.169x.cn/?v=108
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Shortcut

Firefox Shortcut
Status             : Scanned
Object             : http://hao.169x.cn/?v=108
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Shortcut

Firefox Shortcut
Status             : Scanned
Object             : http://hao.169x.cn/?v=108
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Shortcut

Firefox Shortcut
Status             : Scanned
Object             : http://hao.169x.cn/?v=108
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Shortcut

Hosts File
Status             : Scanned
Object             : %systemroot%\system32\drivers\etc\hosts
MD5                : F09E5C9A4760BB11A3F8176A2A149139
Publisher          : -
Size               : 910
Version            : -
Detection          : Hosts Hijack
Cleaning Action    : Repair
Related Objects    :
                Hosts file - 127.0.0.1 - ft.com
                File - %systemroot%\system32\drivers\etc\hosts

wysiwyg.web.builder.9.x-patch.exe
Status             : Scanned
Object             : %userprofile%\downloads\torrents\wysiwyg web builder 9.4.1 + patch xenocoder\crack\wysiwyg.web.builder.9.x-patch.exe
MD5                : 723C3898942CD2D51FE62B7317A9BE91
Publisher          : -
Size               : 78336
Version            : -
Detection          : Malware:Win32/Qardaq.A!Kaee
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\torrents\wysiwyg web builder 9.4.1 + patch xenocoder\crack\wysiwyg.web.builder.9.x-patch.exe

vso.downloader.v1.1-Cerberus.exe
Status             : Scanned
Object             : %userprofile%\downloads\torrents\vso downloader ultimate 4.5.0.17 + patch\winrar 5.30 final x86 & x64 +new key\vso.downloader.v1.1-cerberus.exe
MD5                : 33E836F7F561AB1C1D2D24EFB980CAC1
Publisher          : -
Size               : 788992
Version            : -
Detection          : PUA:Win32/SoftCrack.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\torrents\vso downloader ultimate 4.5.0.17 + patch\winrar 5.30 final x86 & x64 +new key\vso.downloader.v1.1-cerberus.exe

HideIPEasy.exe
Status             : Scanned
Object             : %userprofile%\downloads\torrents\hide ip easy 5.3.1.2+crack-xenocoder\crack\hideipeasy.exe
MD5                : E5E28208F48687ABBDB55967C6EB5B37
Publisher          : Tenki Technology Co., Ltd.
Size               : 3814712
Version            : 4.1.9.8
Detection          : Adware:Win32/OutBrowse!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\torrents\hide ip easy 5.3.1.2+crack-xenocoder\crack\hideipeasy.exe

Keygen.exe
Status             : Scanned
Object             : %userprofile%\downloads\torrents\apowersoft streaming audio recorder 3.4.2 - p2p [helg420]\keygen\keygen\keygen.exe
MD5                : 740CA64D4DB5963EB40AF0CF893BFD7D
Publisher          : -
Size               : 122880
Version            : 1.0.0.0
Detection          : Malware:Win32/Blackoat.A!Eclt
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\torrents\apowersoft streaming audio recorder 3.4.2 - p2p [helg420]\keygen\keygen\keygen.exe

aso3setup.exe
Status             : Scanned
Object             : %userprofile%\downloads\torrents\advanced system optimizer 3.5.1000.15646+patch-xenocoder\aso3setup.exe
MD5                : 6C8EF40BF92A14C11750FF23F4E3F799
Publisher          : Systweak Software
Size               : 118784
Version            : 3.5.0.0
Detection          : Scareware:Win32/NonBeneficialWindowsOptimizer!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\torrents\advanced system optimizer 3.5.1000.15646+patch-xenocoder\aso3setup.exe

SlimDrivers-setup.exe
Status             : Scanned
Object             : %userprofile%\downloads\slimdrivers-setup.exe
MD5                : 13D6E0AEF0F093F30BAB17380C92177D
Publisher          : Slimware Utilities, Inc.
Size               : 858432
Version            : 1.3.0.0
Detection          : Scareware:Win32/FakeOptimizer!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\slimdrivers-setup.exe

PDF pwdremover.exe
Status             : Scanned
Object             : %userprofile%\downloads\pdf pwdremover.exe
MD5                : E0D36612A98DCEEEA1AD411BA6E39551
Publisher          : -
Size               : 549680
Version            : -
Detection          : Malware:Win32/Tamaca!Kike
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\pdf pwdremover.exe

pagenestfree.exe
Status             : Scanned
Object             : %userprofile%\downloads\pagenestfree.exe
MD5                : D862D6FE6A3EBE194EF71F408D9F6722
Publisher          : -
Size               : 2117107
Version            : 0.0.0.0
Detection          : PUA:Win32/Tamaca!Amte
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\pagenestfree.exe

masksurf_setup.exe
Status             : Scanned
Object             : %userprofile%\downloads\mask.surf.pro.3.4\masksurf_setup.exe
MD5                : CDF8DC4676A79B7C506C6785AABEB248
Publisher          : Thanksoft
Size               : 4511392
Version            : -
Detection          : Adware:Win32/Thanksoft!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\mask.surf.pro.3.4\masksurf_setup.exe

Microsoft Toolkit.exe
Status             : Scanned
Object             : %userprofile%\downloads\microsoft toolkit 2.6.2 official torrent\mtkv262\microsoft toolkit.exe
MD5                : 16652C1F3744F03088BC34FFA6A19FD9
Publisher          : -
Size               : 59232768
Version            : 2.6.2.0
Detection          : PUA:Win32/HackTool.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\microsoft toolkit 2.6.2 official torrent\mtkv262\microsoft toolkit.exe

KMSELDI.exe
Status             : Scanned
Object             : %userprofile%\downloads\kmspico portable\kmseldi.exe
MD5                : F0280DE3880EF581BF14F9CC72EC1C16
Publisher          : @ByELDI
Size               : 943808
Version            : 37.1.0.0
Detection          : PUA:Win32/HackTool.IdleKMS
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\kmspico portable\kmseldi.exe

AutoPico.exe
Status             : Scanned
Object             : %userprofile%\downloads\kmspico portable\autopico.exe
MD5                : CFE1C391464C446099A5EB33276F6D57
Publisher          : @ByELDI
Size               : 745664
Version            : 16.1.0.0
Detection          : PUA:Win32/HackTool.IdleKMS
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\kmspico portable\autopico.exe

vclx120.bpl
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\vclx120.bpl
MD5                : 2CCCF0E0C522A7FAA65C0347CDFB410A
Publisher          : BlueSprig, Inc.
Size               : 215856
Version            : 12.0.3210.17555
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\vclx120.bpl

Upgrade.exe
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\upgrade.exe
MD5                : 304F79A27A3D7815F18A001497EBE499
Publisher          : BlueSprig, Inc.
Size               : 532784
Version            : 1.0.6.6
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\upgrade.exe

vcl120.bpl
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\vcl120.bpl
MD5                : B416E01E0C53E3247CF05A017AA855CB
Publisher          : BlueSprig, Inc.
Size               : 2002224
Version            : 12.0.3210.17555
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\vcl120.bpl

unins000.exe
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\unins000.exe
MD5                : 4BA02A2F64504261FCA1AD62CDCFA651
Publisher          : BlueSprig, Inc.
Size               : 1179952
Version            : 51.1052.0.0
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\unins000.exe

TaskSchedule.dll
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\taskschedule.dll
MD5                : 5535D82F9734F9B9668E06A315EE5F1A
Publisher          : BlueSprig, Inc.
Size               : 327984
Version            : 1.2.0.235
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\taskschedule.dll

sqlite3.dll
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\sqlite3.dll
MD5                : 1088CD9F04933E8252D27FA9E143A8A3
Publisher          : BlueSprig, Inc.
Size               : 577400
Version            : -
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\sqlite3.dll

rtl120.bpl
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\rtl120.bpl
MD5                : D5FF9181332C3F6B810BB50487093AAC
Publisher          : BlueSprig, Inc.
Size               : 1099056
Version            : 12.0.3170.16989
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\rtl120.bpl

maddisAsm_.bpl
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\maddisasm_.bpl
MD5                : 5E5C9CE6A138768A52A2E4CF91EFD0A5
Publisher          : BlueSprig, Inc.
Size               : 51504
Version            : -
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\maddisasm_.bpl

madexcept_.bpl
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\madexcept_.bpl
MD5                : CB212D0FC80A5491EB459DBCE25995AA
Publisher          : BlueSprig, Inc.
Size               : 362800
Version            : -
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\madexcept_.bpl

JetCleanInit.exe
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\jetcleaninit.exe
MD5                : F51016F539D8DC55EBA4E49F43BF6D49
Publisher          : BlueSprig, Inc.
Size               : 41264
Version            : 1.1.9.32
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\jetcleaninit.exe

JetCleanExtMenu_64.dll
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\jetcleanextmenu_64.dll
MD5                : 790BC51683DEA35619712C5051876DF5
Publisher          : BlueSprig, Inc.
Size               : 116016
Version            : 1.0.2.2
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\jetcleanextmenu_64.dll

JetCleanExtMenu.dll
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\jetcleanextmenu.dll
MD5                : A57A6570CB243FE52CDAF6A2162205D7
Publisher          : BlueSprig, Inc.
Size               : 106288
Version            : 1.0.2.2
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\jetcleanextmenu.dll

madbasic_.bpl
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\madbasic_.bpl
MD5                : 7069077B487628852419DCB456DD9C60
Publisher          : BlueSprig, Inc.
Size               : 187696
Version            : -
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\madbasic_.bpl

AutoUpdate.exe
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\autoupdate.exe
MD5                : CF1E29759CCDF15CDEF8F49ECF632733
Publisher          : BlueSprig, Inc.
Size               : 1050928
Version            : 1.0.9.141
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\autoupdate.exe

JetCleanRegDefrag.exe
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\drivers\wxp_x86\jetcleanregdefrag.exe
MD5                : 6F540AA1E2B5BC980FD4F7F36483C76A
Publisher          : BlueSprig, Inc.
Size               : 22896
Version            : 1.1.0.2
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\drivers\wxp_x86\jetcleanregdefrag.exe

JetCleanRegDefrag.exe
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\drivers\wxp_amd64\jetcleanregdefrag.exe
MD5                : 77A90EF655EAB211910CA191016ADD1C
Publisher          : BlueSprig, Inc.
Size               : 24944
Version            : 1.1.0.2
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\drivers\wxp_amd64\jetcleanregdefrag.exe

JetCleanRegDefrag.exe
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\drivers\wnet_x86\jetcleanregdefrag.exe
MD5                : 1FAD7D46356C32746DE4A8075B9B104B
Publisher          : BlueSprig, Inc.
Size               : 22896
Version            : 1.1.0.2
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\drivers\wnet_x86\jetcleanregdefrag.exe

JetCleanRegDefrag.exe
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\drivers\wnet_amd64\jetcleanregdefrag.exe
MD5                : A1EF6741D2DBF4A5742B4A8F486E5217
Publisher          : BlueSprig, Inc.
Size               : 24944
Version            : 1.1.0.2
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\drivers\wnet_amd64\jetcleanregdefrag.exe

JetCleanRegDefrag.exe
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\drivers\wlh_x86\jetcleanregdefrag.exe
MD5                : 03508C240BEDD8799CA3663CF1DEB34F
Publisher          : BlueSprig, Inc.
Size               : 22896
Version            : 1.1.0.2
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\drivers\wlh_x86\jetcleanregdefrag.exe

JetCleanComputerExtMenu_64.dll
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\jetcleancomputerextmenu_64.dll
MD5                : FA2C23CDA373EBE10D0736C2C4BD0C0F
Publisher          : BlueSprig, Inc.
Size               : 105264
Version            : 1.0.2.2
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\jetcleancomputerextmenu_64.dll

JetCleanComputerExtMenu.dll
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\jetcleancomputerextmenu.dll
MD5                : 8B7C65E4514D9AC49615EAAD7E42E108
Publisher          : BlueSprig, Inc.
Size               : 97584
Version            : 1.0.2.2
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\jetcleancomputerextmenu.dll

JetClean.exe
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\jetclean.exe
MD5                : B6A31E09127E04805D0EB888684BD855
Publisher          : BlueSprig, Inc.
Size               : 3404080
Version            : 1.5.0.125
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\jetclean.exe

Install.exe
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\install.exe
MD5                : DFE5D872F8BFBC88A32E325717DCDC58
Publisher          : BlueSprig, Inc.
Size               : 74032
Version            : 1.0.0.10
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\install.exe

ImPrivacy.dll
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\imprivacy.dll
MD5                : AFEFAE061B703963ECA98695DC651D95
Publisher          : BlueSprig, Inc.
Size               : 68912
Version            : 1.0.3.9
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\imprivacy.dll

JetCleanRegDefrag.exe
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\drivers\wlh_amd64\jetcleanregdefrag.exe
MD5                : D4630BE6C2D52420411D68C9246A52FA
Publisher          : BlueSprig, Inc.
Size               : 25456
Version            : 1.1.0.2
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\drivers\wlh_amd64\jetcleanregdefrag.exe

JetCleanRegDefrag.exe
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\drivers\win7_x86\jetcleanregdefrag.exe
MD5                : B7BD49BD2C205E90FC8669F345C23D33
Publisher          : BlueSprig, Inc.
Size               : 22896
Version            : 1.1.0.2
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\drivers\win7_x86\jetcleanregdefrag.exe

JetCleanRegDefrag.exe
Status             : Scanned
Object             : %userprofile%\downloads\jetcleanportable\drivers\win7_amd64\jetcleanregdefrag.exe
MD5                : 6781D8B620588744A0C16960DB430FD8
Publisher          : BlueSprig, Inc.
Size               : 25456
Version            : 1.1.0.2
Detection          : Adware:Win32/BlueSprig!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\jetcleanportable\drivers\win7_amd64\jetcleanregdefrag.exe

DriverUpdate-setup.exe
Status             : Scanned
Object             : %userprofile%\downloads\driverupdate-setup.exe
MD5                : 4B926D20657F0FB602212306E580E7FA
Publisher          : Slimware Utilities, Inc.
Size               : 739648
Version            : 1.3.0.0
Detection          : Scareware:Win32/FakeOptimizer!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\driverupdate-setup.exe

Free_MP4_to_MPG_Converter-ORG-75904806.exe
Status             : Scanned
Object             : %userprofile%\downloads\free_mp4_to_mpg_converter-org-75904806.exe
MD5                : 5A275A569DCE6E2F2F0284D82D31310B
Publisher          : CBS Interactive
Size               : 699016
Version            : 5.4.0.213
Detection          : Adware:Win32/CNETBundle!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\free_mp4_to_mpg_converter-org-75904806.exe

FreePrimoPDF32Setup.exe
Status             : Scanned
Object             : %userprofile%\downloads\freeprimopdf32setup.exe
MD5                : 27702C17B2FDF8BFD4F55EBD9F789503
Publisher          : -
Size               : 69632
Version            : 7.0.5.1
Detection          : Malware:Win32/Fidelz.A!Krrr
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\freeprimopdf32setup.exe

hitmanpro.3.7.x-patch.exe
Status             : Scanned
Object             : %userprofile%\downloads\appnee.com.hitmanpro.v3.7.14.x86\patch\hitmanpro.3.7.x-patch.exe
MD5                : C20597721DFFBBB4A1983D81A4643BF5
Publisher          : -
Size               : 81920
Version            : -
Detection          : PUA:Win32/SoftCrack.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\appnee.com.hitmanpro.v3.7.14.x86\patch\hitmanpro.3.7.x-patch.exe

oestore.dll
Status             : Failed
Object             : %programfiles%\myheritage\bin\oestore.dll
MD5                : 5407620C7769AD4E86FD364404DE8AE4
Publisher          : -
Size               : 123904
Version            : 3.1.2.0
Detection          :
Cleaning Action    : Quarantine
Related Objects    :
                File - %programfiles%\myheritage\bin\oestore.dll
                Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{12BAF070-264C-464B-9D58-C83B3781DD4B}\InprocServer32\@ = C:\Program Files\MyHeritage\bin\oestore.dll
                Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{12BAF0B1-264C-464B-9D58-C83B3781DD4B}\InprocServer32\@ = C:\Program Files\MyHeritage\bin\oestore.dll
                Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{12BAF0A5-264C-464B-9D58-C83B3781DD4B}\InprocServer32\@ = C:\Program Files\MyHeritage\bin\oestore.dll


Cleaning Result
-------------------------------------------------------
Cleaned               : 50
Reported as safe      : 0
Failed                : 0
RogueKiller V12.9.6.0 [Jan 30 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 32 bits version
Started in : Normal mode
User : Home User [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 02/01/2017 20:11:33 (Duration : 12:41:44)

¤¤¤ Processes : 1 ¤¤¤
[Adw.DNSUnlocker|Adw.Elex] IMF.exe(8008) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe[7] -> Found

¤¤¤ Registry : 11 ¤¤¤
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{4E120188-0CAC-468C-B2D9-9D1F079EBC25} (C:\Users\HOMEUS~1\AppData\Local\Temp\HYD38A9.tmp.1485593194\HTA\3rdparty\FS.ocx) -> Found
[PUM.HomePage] HKEY_USERS\RK_Home User_ON_F_C698\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] HKEY_USERS\S-1-5-21-2902350334-3320202767-595690442-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.SearchPage] HKEY_USERS\RK_Home User_ON_F_C698\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2902350334-3320202767-595690442-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_F_9E7D\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_F_9E7D\ControlSet001\Services\Tcpip\Parameters\Interfaces\{caaa11ed-13bd-4698-b5ca-acf5442daaee} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{caaa11ed-13bd-4698-b5ca-acf5442daaee} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X])  -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\RK_System_ON_F_9E7D\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {47B56B68-2F36-4818-B3FD-FD2E3473F6C6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Home User\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (TCP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\RK_System_ON_F_9E7D\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BB738546-54D4-4728-A9AC-3ECA0BF01F4B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Home User\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (UDP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.HackTool][Folder] C:\Program Files\KMSpico -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] gmwalweh.default-1485632660967 : user_pref("browser.startup.homepage", "http://www.bbc.co.uk/news"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500312CS ATA Device +++++
--- User ---
[MBR] 260959dd968aa6a7c9af2c1d9692ed55
[BSP] bcf305a83b3aead904a665cf783c7b98 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 109 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 224910 | Size: 476388 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975868425 | Size: 439 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3500312CS ATA Device +++++
--- User ---
[MBR] 78c0d9aac84b01da99144eb47108e234
[BSP] 686e80f438d5f93163807e60ba363ea0 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 117 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 240975 | Size: 476388 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975884490 | Size: 431 MB
User = LL1 ... OK
User = LL2 ... OK

 



#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 02 February 2017 - 09:44 AM

Hi,thanks.

[Suspicious.Path] HKEY_LOCAL_MACHINE\RK_System_ON_F_9E7D\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BB738546-54D4-4728-A9AC-3ECA0BF01F4B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Home User\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (UDP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found

What does this informations mean to you?
=====================================

Please open RogueKiller again.

  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Make sure only the following lines are checked:-
Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{4E120188-0CAC-468C-B2D9-9D1F079EBC25} (C:\Users\HOMEUS~1\AppData\Local\Temp\HYD38A9.tmp.1485593194\HTA\3rdparty\FS.ocx) -> Found
[PUM.SearchPage] HKEY_USERS\RK_Home User_ON_F_C698\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2902350334-3320202767-595690442-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
C:\Program Files\KMSpico -> Found
  • Now click the Delete button.
  • Please copy and paste the report in your next reply. A copy of the RKreport.txt can be found on your desktop.

========================================

 

How is your machine now and Any issue ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 Eddie1944

Eddie1944
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Great Britain, the county of Kent
  • Local time:05:32 AM

Posted 02 February 2017 - 03:12 PM

Hi Yilmaz, thank you for those instructions.

 

Regarding the Quote [Suspicious Path] - I uninstalled uTorrent last weekend - maybe that is a left over - I don't really know.

 

The RogueKiller report is as follows:

 

RogueKiller V12.9.6.0 [Jan 30 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 32 bits version
Started in : Normal mode
User : Home User [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 02/02/2017 17:14:11 (Duration : 00:50:39)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{4E120188-0CAC-468C-B2D9-9D1F079EBC25} (C:\Users\HOMEUS~1\AppData\Local\Temp\HYD38A9.tmp.1485593194\HTA\3rdparty\FS.ocx) -> Deleted
[PUM.HomePage] HKEY_USERS\RK_Home User_ON_F_C698\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] HKEY_USERS\S-1-5-21-2902350334-3320202767-595690442-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.SearchPage] HKEY_USERS\RK_Home User_ON_F_C698\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2902350334-3320202767-595690442-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_F_6E0B\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X])  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X])  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_F_6E0B\ControlSet001\Services\Tcpip\Parameters\Interfaces\{caaa11ed-13bd-4698-b5ca-acf5442daaee} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X])  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{caaa11ed-13bd-4698-b5ca-acf5442daaee} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X])  -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\RK_System_ON_F_6E0B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {47B56B68-2F36-4818-B3FD-FD2E3473F6C6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Home User\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (TCP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\RK_System_ON_F_6E0B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BB738546-54D4-4728-A9AC-3ECA0BF01F4B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Home User\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (UDP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 8 ¤¤¤
[PUP.Gen1][File] C:\Users\Public\Desktop\Mozilla Firefox.lnk [LNK@] C:\PROGRA~1\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108 -> Not selected
[PUP.Gen1][File] C:\Users\Home User\Desktop\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://hao.169x.cn/?v=108 -> Not selected
[PUP.Gen1][File] C:\Users\Home User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://hao.169x.cn/?v=108 -> Not selected
[PUP.Gen1][File] C:\Users\Home User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk [LNK@] C:\PROGRA~1\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108 -> Not selected
[PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [LNK@] C:\PROGRA~1\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108 -> Not selected
[PUP.HackTool][Folder] C:\Program Files\KMSpico -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\data\data_1_0.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\data\data_1_1.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\data\data_1_2.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\data\data_1_3.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\data\data_2_0.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\data\data_2_1.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\data\data_3_0.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\data\data_3_1.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\data\data_4_0.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\data\data_4_1.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\data\data_5_0.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\data\data_5_1.dat -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\data -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\data2\data2_1_0.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\data2\data2_1_1.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\data2\data2_1_2.dat -> Deleted
[PUP.HackTool][File] C:\Program Files\KMSpico\data2\data2_1_3.dat -> Deleted
[PUP.HackTool][Folder] C:\Program Files\KMSpico\data2 -> Deleted
[PUP.Gen1][File] C:\Users\Home User\Desktop\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://hao.169x.cn/?v=108 -> Not selected
[PUP.Gen1][File] C:\Users\Public\Desktop\Mozilla Firefox.lnk [LNK@] C:\PROGRA~1\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108 -> Not selected

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] gmwalweh.default-1485632660967 : user_pref("browser.startup.homepage", "http://www.bbc.co.uk/news"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500312CS ATA Device +++++
--- User ---
[MBR] 260959dd968aa6a7c9af2c1d9692ed55
[BSP] bcf305a83b3aead904a665cf783c7b98 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 109 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 224910 | Size: 476388 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975868425 | Size: 439 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3500312CS ATA Device +++++
--- User ---
[MBR] 78c0d9aac84b01da99144eb47108e234
[BSP] 686e80f438d5f93163807e60ba363ea0 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 117 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 240975 | Size: 476388 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975884490 | Size: 431 MB
User = LL1 ... OK
User = LL2 ... OK

Regarding any issue, yes, I rebooted the machine and when I opened Firefox it opened the following page: https://www.hao123.com/?tn=95988847_hao_pg instead of www.bbc.co.uk/news which is set as my homepage.


Edited by Eddie1944, 02 February 2017 - 03:15 PM.


#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 AM

Posted 03 February 2017 - 05:23 AM

Hi again,

 

Please do the following,

http://hao.169x.cn/?v=108 -> Not selected

=====================================

Please open RogueKiller again.

  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Make sure only the following lines are checked:-
[PUP.Gen1][File] C:\Users\Public\Desktop\Mozilla Firefox.lnk [LNK@] C:\PROGRA~1\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108 -> Not selected
[PUP.Gen1][File] C:\Users\Home User\Desktop\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://hao.169x.cn/?v=108 -> Not selected
[PUP.Gen1][File] C:\Users\Home User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://hao.169x.cn/?v=108 -> Not selected
[PUP.Gen1][File] C:\Users\Home User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk [LNK@] C:\PROGRA~1\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108 -> Not selected
[PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [LNK@] C:\PROGRA~1\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108 -> Not selected
[PUP.Gen1][File] C:\Users\Home User\Desktop\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://hao.169x.cn/?v=108 -> Not selected
[PUP.Gen1][File] C:\Users\Public\Desktop\Mozilla Firefox.lnk [LNK@] C:\PROGRA~1\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108 -> Not selected
Suspicious.Path] HKEY_LOCAL_MACHINE\RK_System_ON_F_6E0B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {47B56B68-2F36-4818-B3FD-FD2E3473F6C6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Home User\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (TCP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\RK_System_ON_F_6E0B\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {BB738546-54D4-4728-A9AC-3ECA0BF01F4B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Home User\AppData\Roaming\uTorrent\uTorrent.exe|Name=?Torrent (UDP-In)|Desc=Allow ?Torrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Not selected
  • Now click the Delete button.
  • Please copy and paste the report in your next reply. A copy of the RKreport.txt can be found on your desktop.

========================================

 ESET Online Scanner:

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked 
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Delete found harmfulPlace a checkmark at Delete application's data on close, click Finish and close the program.

Don't forget to re-enable previously switched-off protection software!

--------------------------------------------------------------------------------------------------------

 

How is your machine now and Any issue ?


Edited by olgun52, 03 February 2017 - 05:29 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users