Inactive-A Slowly losing access to system admin privileges, maybe a rootkit, as it's rewritten my entire window

Status
Not open for further replies.
AZNative

AZNative

Posts: 56   +0
Hi, I'm hoping someone can help... In searching for a "self help" option, I came across the below topic post in this forum. In looking through his logs, mine are very similar, as are the symptoms. Right down to the numbers following several of the programs in the logs. "8wekyb3d8bbwe"

I'm also running windows 10 64bit.

https://www.techspot.com/community/...ng-com-cant-install-run-most-programs.234861/

I use eset for av software, and it's removed several trojan's that were from very old backup email files. I'm happy to provide any logs, rerun anything, please advise and I'll get right on it. THX

Almost forgot, there have been various users set up, without my involvement, also tunneling adapters, and several other connections into and out of my pc that I didn't initiate or approve. It's made several reg edits to allow various firewall rules, and program edits too.
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thanks for that fast reply yesterday!!! :eek:) Frst is running and I'll post upon completion.

A few thing's I've noticed this am, I used to be running the windows 10 newest version (which I purposely didn't update to on my own, as I'd read about a lot of problems, and typically wait for them to be ironed out, prior to applying updates, but when my entire Windows system was copied to new directories, somehow in that process it was updated, anyway when I tried to do windows updates, (no luck by the way) it says I'm running 15xx version, I'm not exactly sure the last two digits.

I bought pc in 2015 with windows 7.1, then within a few months updated to Windows 10, but you'll notice the files all appear new in last few months.

Farbar results---

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2017
Ran by AIRWORX 2 (administrator) on AIRWORX2-PC (15-08-2017 05:00:35)
Running from C:\Users\AIRWORX 2\Desktop
Loaded Profiles: AIRWORX 2 (Available Profiles: AIRWORX 2 & Administrator)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1862.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(DigiData Corp.) C:\Program Files (x86)\Cox\Drag and Drop Backup\vewatch.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-20] (Hewlett-Packard )
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [18248 2013-05-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-07-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM\...\Policies\Explorer: [0] 0
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{6d74992a-85de-4a60-9382-4cc8d294c55b}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{fa3ce8d6-7afe-4ad0-a04f-b501407fe7a5}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2671885098-678752524-1400920573-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2671885098-678752524-1400920573-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDFViewer\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-24] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-24] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (Zeon Corporation)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1499697116239
DPF: HKLM-x32 {D66F9BB1-7D8E-4A96-9166-20FCC91CBFE9} hxxp://99.7.214.118/FDSH_DVR.CAB
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=3563

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-07-26] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDFViewer\bin\nppdf.dll [2011-07-15] (Zeon Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 10
CHR StartupUrls: Profile 10 -> "hxxps://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/","hxxps://www.google.com/","hxxps://productforums.google.com/forum/#!topic/chrome/KobCsRA5DC4"
CHR Profile: C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-28]
CHR Profile: C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10 [2017-08-15]
CHR Extension: (Google Slides) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-28]
CHR Extension: (Google Docs) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-28]
CHR Extension: (Google Drive) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-28]
CHR Extension: (YouTube) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-28]
CHR Extension: (Google Sheets) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-28]
CHR Extension: (Google Docs Offline) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-28]
CHR Extension: (Gmail) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-28]
CHR Extension: (Chrome Media Router) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR Profile: C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor4.0; C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 AJRouter; C:\WINDOWS\System32\AJRouter.dll [24576 2017-03-18] (Microsoft Corporation) [File not signed]
S3 ALG; C:\WINDOWS\System32\alg.exe [92672 2017-03-18] (Microsoft Corporation) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 AppHostSvc; C:\WINDOWS\system32\inetsrv\apphostsvc.dll [64512 2017-07-14] (Microsoft Corporation) [File not signed]
R2 AppHostSvc; C:\WINDOWS\SysWOW64\inetsrv\apphostsvc.dll [56832 2017-07-14] (Microsoft Corporation) [File not signed]
S3 AppIDSvc; C:\WINDOWS\System32\appidsvc.dll [120320 2017-03-18] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\WINDOWS\System32\appinfo.dll [138752 2017-03-18] (Microsoft Corporation) [File not signed]
S3 AppReadiness; C:\WINDOWS\system32\AppReadiness.dll [585216 2017-07-14] (Microsoft Corporation) [File not signed]
R3 AppXSvc; C:\WINDOWS\system32\appxdeploymentserver.dll [2804736 2017-07-14] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\WINDOWS\System32\AudioEndpointBuilder.dll [625152 2017-07-14] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\WINDOWS\System32\Audiosrv.dll [1357824 2017-07-14] (Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\WINDOWS\System32\AxInstSV.dll [111616 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\WINDOWS\System32\bdesvc.dll [385536 2017-03-18] (Microsoft Corporation) [File not signed]
R2 BFE; C:\WINDOWS\System32\bfe.dll [815616 2017-03-18] (Microsoft Corporation) [File not signed]
R2 BITS; C:\WINDOWS\System32\qmgr.dll [1159680 2017-03-18] (Microsoft Corporation) [File not signed]
R2 BrokerInfrastructure; C:\WINDOWS\System32\bisrv.dll [847872 2017-07-14] (Microsoft Corporation) [File not signed]
S3 Browser; C:\WINDOWS\System32\browser.dll [133120 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\WINDOWS\System32\BthHFSrv.dll [431616 2017-03-18] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\WINDOWS\system32\bthserv.dll [154112 2017-03-18] (Microsoft Corporation) [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CDPSvc; C:\WINDOWS\System32\CDPSvc.dll [970240 2017-07-14] (Microsoft Corporation) [File not signed]
S2 CDPUserSvc; C:\WINDOWS\System32\CDPUserSvc.dll [524288 2017-03-18] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\WINDOWS\System32\certprop.dll [189952 2017-07-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\system32\cryptsvc.dll [94720 2017-03-18] (Microsoft Corporation) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-24] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-07-12] (Dropbox, Inc.)
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [1085440 2017-07-14] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\WINDOWS\System32\defragsvc.dll [489984 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DeviceAssociationService; C:\WINDOWS\system32\das.dll [455168 2017-03-18] (Microsoft Corporation) [File not signed]
R3 DeviceInstall; C:\WINDOWS\system32\umpnpmgr.dll [114688 2017-03-18] (Microsoft Corporation) [File not signed]
S3 DevicesFlowUserSvc; C:\WINDOWS\System32\DevicesFlowBroker.dll [689152 2017-03-18] (Microsoft Corporation) [File not signed]
S3 DevQueryBroker; C:\WINDOWS\system32\DevQueryBroker.dll [33792 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\system32\dhcpcore.dll [365568 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\SysWOW64\dhcpcore.dll [304128 2017-03-18] (Microsoft Corporation) [File not signed]
S3 diagnosticshub.standardcollector.service; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [86528 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DiagTrack; C:\WINDOWS\system32\diagtrack.dll [2516480 2017-07-14] (Microsoft Corporation) [File not signed]
S3 DmEnrollmentSvc; C:\WINDOWS\system32\Windows.Internal.Management.dll [536064 2017-07-14] (Microsoft Corporation) [File not signed]
S3 DmEnrollmentSvc; C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll [394240 2017-07-14] (Microsoft Corporation) [File not signed]
S3 dmwappushservice; C:\WINDOWS\system32\dmwappushsvc.dll [55296 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [282624 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DoSvc; C:\WINDOWS\system32\dosvc.dll [1305088 2017-07-14] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\WINDOWS\System32\dot3svc.dll [252416 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DPS; C:\WINDOWS\system32\dps.dll [168448 2017-03-18] (Microsoft Corporation) [File not signed]
S3 DsmSvc; C:\WINDOWS\System32\DeviceSetupManager.dll [233984 2017-03-18] (Microsoft Corporation) [File not signed]
R3 DsSvc; C:\WINDOWS\System32\DsSvc.dll [149504 2017-03-18] (Microsoft Corporation) [File not signed]
R2 DusmSvc; C:\WINDOWS\System32\dusmsvc.dll [302592 2017-03-18] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [108032 2017-03-18] (Microsoft Corporation) [File not signed]
S3 EFS; C:\WINDOWS\system32\efssvc.dll [57344 2017-03-18] (Microsoft Corporation) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2625368 2017-08-09] (ESET)
S3 embeddedmode; C:\WINDOWS\System32\embeddedmodesvc.dll [149504 2017-07-14] (Microsoft Corporation) [File not signed]
R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33464 2016-11-08] (Microsoft Corporation)
S3 EntAppSvc; C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll [301056 2017-07-14] (Microsoft Corporation) [File not signed]
R2 EventLog; C:\WINDOWS\System32\wevtsvc.dll [1737216 2017-03-18] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\WINDOWS\system32\es.dll [452096 2017-03-18] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\WINDOWS\SysWOW64\es.dll [331776 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Fax; C:\WINDOWS\system32\fxssvc.exe [637440 2017-03-18] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\WINDOWS\system32\fdPHost.dll [20992 2017-03-18] (Microsoft Corporation) [File not signed]
R3 FDResPub; C:\WINDOWS\system32\fdrespub.dll [34816 2017-03-18] (Microsoft Corporation) [File not signed]
S3 fhsvc; C:\WINDOWS\system32\fhsvc.dll [121856 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 FontCache; C:\WINDOWS\system32\FntCache.dll [1888256 2017-07-14] (Microsoft Corporation) [File not signed]
S4 FrameServer; C:\WINDOWS\system32\FrameServer.dll [600064 2017-07-14] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\WINDOWS\System32\gpsvc.dll [1269248 2017-03-18] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\WINDOWS\system32\hidserv.dll [34304 2017-03-18] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\WINDOWS\SysWOW64\hidserv.dll [29696 2017-03-18] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\WINDOWS\system32\ListSvc.dll [269312 2017-03-18] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\WINDOWS\system32\provsvc.dll [463360 2017-03-18] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\WINDOWS\SysWOW64\provsvc.dll [396288 2017-03-18] (Microsoft Corporation) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
S3 icssvc; C:\WINDOWS\System32\tetheringservice.dll [210432 2017-03-18] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\WINDOWS\System32\ikeext.dll [934912 2017-03-18] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\WINDOWS\System32\iphlpsvc.dll [996864 2017-03-18] (Microsoft Corporation) [File not signed]
S3 IpxlatCfgSvc; C:\WINDOWS\System32\IpxlatCfg.dll [64000 2017-03-18] (Microsoft Corporation) [File not signed]
S3 irmon; C:\WINDOWS\System32\irmon.dll [24576 2017-03-18] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\WINDOWS\system32\keyiso.dll [93696 2017-03-18] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\WINDOWS\SysWOW64\keyiso.dll [69632 2017-03-18] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\WINDOWS\system32\msdtckrm.dll [368128 2017-03-18] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\WINDOWS\system32\srvsvc.dll [303616 2017-03-18] (Microsoft Corporation) [File not signed]
S4 LanmanWorkstation; C:\WINDOWS\System32\wkssvc.dll [272384 2017-03-18] (Microsoft Corporation) [File not signed]
R3 lfsvc; C:\WINDOWS\System32\lfsvc.dll [43520 2017-03-18] (Microsoft Corporation) [File not signed]
R3 LicenseManager; C:\WINDOWS\system32\LicenseManagerSvc.dll [26624 2017-03-18] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\WINDOWS\System32\lltdsvc.dll [268800 2017-03-18] (Microsoft Corporation) [File not signed]
R3 lmhosts; C:\WINDOWS\System32\lmhsvc.dll [26112 2017-03-18] (Microsoft Corporation) [File not signed]
R2 LSM; C:\WINDOWS\System32\lsm.dll [706048 2017-03-18] (Microsoft Corporation) [File not signed]
S2 MapsBroker; C:\WINDOWS\System32\moshost.dll [90624 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MessagingService; C:\WINDOWS\System32\MessagingService.dll [51712 2017-03-18] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\WINDOWS\system32\mpssvc.dll [972288 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [147456 2017-03-18] (Microsoft Corporation) [File not signed]
R2 MSiSCSI; C:\WINDOWS\system32\iscsiexe.dll [150016 2017-03-18] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\WINDOWS\System32\msiexec.exe [66048 2017-03-18] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [59392 2017-03-18] (Microsoft Corporation) [File not signed]
S2 MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.0\my.ini [8933 2017-08-07] () [File not signed]
S3 NaturalAuthentication; C:\WINDOWS\System32\NaturalAuth.dll [723968 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NcaSvc; C:\WINDOWS\System32\ncasvc.dll [167424 2017-03-18] (Microsoft Corporation) [File not signed]
R3 NcbService; C:\WINDOWS\System32\ncbservice.dll [334848 2017-03-18] (Microsoft Corporation) [File not signed]
R3 NcdAutoSetup; C:\WINDOWS\System32\NcdAutoSetup.dll [88064 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\netlogon.dll [777216 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\SysWOW64\netlogon.dll [665600 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Netman; C:\WINDOWS\System32\netman.dll [253440 2017-03-18] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\WINDOWS\System32\netprofmsvc.dll [519168 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NetSetupSvc; C:\WINDOWS\System32\NetSetupSvc.dll [261632 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NgcCtnrSvc; C:\WINDOWS\System32\NgcCtnrSvc.dll [491520 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NgcSvc; C:\WINDOWS\system32\ngcsvc.dll [1046016 2017-07-14] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\WINDOWS\System32\nlasvc.dll [365568 2017-03-18] (Microsoft Corporation) [File not signed]
R2 nsi; C:\WINDOWS\system32\nsisvc.dll [30720 2017-03-18] (Microsoft Corporation) [File not signed]
S2 OneSyncSvc; C:\WINDOWS\System32\APHostService.dll [342528 2017-03-18] (Microsoft Corporation) [File not signed]
S3 p2pimsvc; C:\WINDOWS\system32\pnrpsvc.dll [343040 2017-03-18] (Microsoft Corporation) [File not signed]
S4 p2psvc; C:\WINDOWS\system32\p2psvc.dll [421376 2017-03-18] (Microsoft Corporation) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-05-14] (Nuance Communications, Inc.)
S3 PerfHost; C:\WINDOWS\SysWow64\perfhost.exe [21504 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PhoneSvc; C:\WINDOWS\System32\PhoneService.dll [772096 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PimIndexMaintenanceSvc; C:\WINDOWS\System32\PimIndexMaintenance.dll [182272 2017-03-18] (Microsoft Corporation) [File not signed]
S3 pla; C:\WINDOWS\system32\pla.dll [1462272 2017-03-18] (Microsoft Corporation) [File not signed]
S3 pla; C:\WINDOWS\SysWOW64\pla.dll [1537536 2017-03-18] (Microsoft Corporation) [File not signed]
R3 PlugPlay; C:\WINDOWS\system32\umpnpmgr.dll [114688 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\WINDOWS\system32\pnrpauto.dll [27136 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\WINDOWS\system32\pnrpsvc.dll [343040 2017-03-18] (Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\WINDOWS\System32\ipsecsvc.dll [458240 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Power; C:\WINDOWS\system32\umpo.dll [148480 2017-07-14] (Microsoft Corporation) [File not signed]
S3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [2899968 2017-03-18] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\WINDOWS\system32\profsvc.dll [413696 2017-03-18] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\WINDOWS\system32\qwave.dll [278016 2017-03-18] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\WINDOWS\SysWOW64\qwave.dll [239104 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [104448 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\WINDOWS\System32\rasmans.dll [873472 2017-07-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [490496 2017-03-18] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\SysWOW64\mprdim.dll [406528 2017-03-18] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [154624 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RetailDemo; C:\WINDOWS\system32\RDXService.dll [647168 2017-07-14] (Microsoft Corporation) [File not signed]
S3 RmSvc; C:\WINDOWS\System32\RMapi.dll [152576 2017-03-18] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\WINDOWS\System32\RpcEpMap.dll [77824 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [11264 2017-03-18] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [1085440 2017-07-14] (Microsoft Corporation) [File not signed]
S4 SCardSvr; C:\WINDOWS\System32\SCardSvr.dll [250368 2017-07-14] (Microsoft Corporation) [File not signed]
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [200192 2017-07-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [877568 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\WINDOWS\System32\certprop.dll [189952 2017-07-14] (Microsoft Corporation) [File not signed]
R3 SDRSVC; C:\WINDOWS\System32\SDRSVC.dll [145920 2017-03-18] (Microsoft Corporation) [File not signed]
R3 seclogon; C:\WINDOWS\system32\seclogon.dll [31232 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SEMgrSvc; C:\WINDOWS\system32\SEMgrSvc.dll [1191424 2017-03-18] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\System32\sens.dll [69632 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SensorDataService; C:\WINDOWS\System32\SensorDataService.exe [1284608 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SensorService; C:\WINDOWS\system32\SensorService.dll [548864 2017-07-14] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\WINDOWS\system32\sensrsvc.dll [205824 2017-07-14] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\WINDOWS\system32\sessenv.dll [385536 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\WINDOWS\SysWOW64\sessenv.dll [337408 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [537600 2017-03-18] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [612864 2017-03-18] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\SysWOW64\shsvcs.dll [564224 2017-03-18] (Microsoft Corporation) [File not signed]
S4 shpamsvc; C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [192512 2017-07-14] (Microsoft Corporation) [File not signed]
S3 smphost; C:\WINDOWS\System32\smphost.dll [23552 2017-03-18] (Microsoft Corporation) [File not signed]
S3 smphost; C:\WINDOWS\SysWOW64\smphost.dll [20992 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SmsRouter; C:\WINDOWS\system32\SmsRouterSvc.dll [582656 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [15872 2017-07-14] (Microsoft Corporation) [File not signed]
S3 spectrum; C:\WINDOWS\system32\spectrum.exe [891904 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\System32\spoolsv.exe [757760 2017-03-18] (Microsoft Corporation) [File not signed]
S4 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [239616 2017-03-18] (Microsoft Corporation) [File not signed]
S4 SstpSvc; C:\WINDOWS\system32\sstpsvc.dll [208384 2017-03-18] (Microsoft Corporation) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT, Inc.) [File not signed]
R2 stisvc; C:\WINDOWS\System32\wiaservc.dll [634368 2017-03-18] (Microsoft Corporation) [File not signed]
R3 StorSvc; C:\WINDOWS\system32\storsvc.dll [750080 2017-07-14] (Microsoft Corporation) [File not signed]
S3 svsvc; C:\WINDOWS\system32\svsvc.dll [13824 2017-03-18] (Microsoft Corporation) [File not signed]
S3 swprv; C:\WINDOWS\System32\swprv.dll [460800 2017-03-18] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\WINDOWS\system32\sysmain.dll [972800 2017-07-14] (Microsoft Corporation) [File not signed]
R2 SystemEventsBroker; C:\WINDOWS\System32\SystemEventsBrokerServer.dll [292352 2017-03-18] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\WINDOWS\System32\TabSvc.dll [147456 2017-03-18] (Microsoft Corporation) [File not signed]
S4 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [306688 2017-03-18] (Microsoft Corporation) [File not signed]
S4 TapiSrv; C:\WINDOWS\SysWOW64\tapisrv.dll [252416 2017-03-18] (Microsoft Corporation) [File not signed]
S4 TermService; C:\WINDOWS\System32\termsrv.dll [992256 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\system32\themeservice.dll [69632 2017-03-18] (Microsoft Corporation) [File not signed]
S3 TieringEngineService; C:\WINDOWS\system32\TieringEngineService.exe [302592 2017-03-18] (Microsoft Corporation) [File not signed]
R2 tiledatamodelsvc; C:\WINDOWS\system32\tileobjserver.dll [632832 2017-07-14] (Microsoft Corporation) [File not signed]
R3 TimeBrokerSvc; C:\WINDOWS\System32\TimeBrokerServer.dll [165888 2017-03-18] (Microsoft Corporation) [File not signed]
R3 TokenBroker; C:\WINDOWS\System32\TokenBroker.dll [1054208 2017-07-14] (Microsoft Corporation) [File not signed]
R3 TokenBroker; C:\WINDOWS\SysWOW64\TokenBroker.dll [799232 2017-07-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\System32\trkwks.dll [116736 2017-03-18] (Microsoft Corporation) [File not signed]
R3 TrustedInstaller; C:\WINDOWS\servicing\TrustedInstaller.exe [121344 2017-03-18] (Microsoft Corporation) [File not signed]
S4 tzautoupdate; C:\WINDOWS\system32\tzautoupdate.dll [95744 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\WINDOWS\system32\UI0Detect.exe [43008 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UmRdpService; C:\WINDOWS\System32\umrdp.dll [274944 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UnistoreSvc; C:\WINDOWS\System32\unistore.dll [1177600 2017-07-14] (Microsoft Corporation) [File not signed]
S3 UnistoreSvc; C:\WINDOWS\SysWOW64\unistore.dll [969728 2017-07-14] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [432128 2017-03-18] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\SysWOW64\upnphost.dll [325120 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UserDataSvc; C:\WINDOWS\System32\userdataservice.dll [1628672 2017-03-18] (Microsoft Corporation) [File not signed]
R2 UserManager; C:\WINDOWS\System32\usermgr.dll [877568 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UsoSvc; C:\WINDOWS\system32\usocore.dll [681984 2017-07-14] (Microsoft Corporation) [File not signed]
R3 VaultSvc; C:\Windows\System32\vaultsvc.dll [346624 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vds; C:\WINDOWS\System32\vds.exe [643072 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicguestinterface; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicheartbeat; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmickvpexchange; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicrdv; C:\WINDOWS\System32\icsvcext.dll [307712 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicshutdown; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmictimesync; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicvmsession; C:\WINDOWS\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmicvss; C:\WINDOWS\System32\icsvcext.dll [307712 2017-03-18] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\system32\vssvc.exe [1550848 2017-03-18] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [524288 2017-03-18] (Microsoft Corporation) [File not signed]
S3 w3logsvc; C:\WINDOWS\system32\inetsrv\w3logsvc.dll [82432 2017-07-14] (Microsoft Corporation) [File not signed]
S3 w3logsvc; C:\WINDOWS\SysWOW64\inetsrv\w3logsvc.dll [72192 2017-07-14] (Microsoft Corporation) [File not signed]
S3 WalletService; C:\WINDOWS\system32\WalletService.dll [428032 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WAS; C:\WINDOWS\system32\inetsrv\iisw3adm.dll [559104 2017-07-14] (Microsoft Corporation) [File not signed]
S3 WAS; C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll [497664 2017-07-14] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\WINDOWS\system32\wbengine.exe [1528832 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\WINDOWS\System32\wbiosrvc.dll [942592 2017-07-14] (Microsoft Corporation) [File not signed]
R2 Wcmsvc; C:\WINDOWS\System32\wcmsvc.dll [802816 2017-07-14] (Microsoft Corporation) [File not signed]
R3 wcncsvc; C:\WINDOWS\System32\wcncsvc.dll [463872 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\WINDOWS\system32\wdi.dll [97792 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\WINDOWS\system32\wdi.dll [97792 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WdiSystemHost; C:\WINDOWS\SysWOW64\wdi.dll [89088 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WebClient; C:\WINDOWS\System32\webclnt.dll [224256 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\WINDOWS\SysWOW64\webclnt.dll [196608 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Wecsvc; C:\WINDOWS\system32\wecsvc.dll [202752 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [27648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\WINDOWS\System32\wercplsupport.dll [91648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\WINDOWS\System32\WerSvc.dll [176640 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WFDSConMgrSvc; C:\WINDOWS\System32\wfdsconmgrsvc.dll [555008 2017-07-14] (Microsoft Corporation) [File not signed]
S3 WiaRpc; C:\WINDOWS\System32\wiarpc.dll [81920 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-14] (Microsoft Corporation)
R2 Winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [221696 2017-03-18] (Microsoft Corporation) [File not signed]
S4 WinRM; C:\WINDOWS\system32\WsmSvc.dll [2757120 2017-03-18] (Microsoft Corporation) [File not signed]
S4 WinRM; C:\WINDOWS\SysWOW64\WsmSvc.dll [2354688 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wisvc; C:\WINDOWS\system32\flightsettings.dll [699904 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WlanSvc; C:\WINDOWS\System32\wlansvc.dll [2425856 2017-03-18] (Microsoft Corporation) [File not signed]
R3 wlidsvc; C:\WINDOWS\system32\wlidsvc.dll [2155008 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1295360 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\WINDOWS\system32\wbem\WmiApSrv.exe [199168 2017-03-18] (Microsoft Corporation) [File not signed]
S4 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1177088 2017-03-17] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\WINDOWS\system32\wpdbusenum.dll [86016 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WpnService; C:\WINDOWS\system32\WpnService.dll [276480 2017-03-18] (Microsoft Corporation) [File not signed]
S2 WpnUserService; C:\WINDOWS\System32\WpnUserService.dll [72704 2017-03-18] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\System32\wscsvc.dll [208896 2017-03-18] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [933376 2017-07-14] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [797184 2017-07-14] (Microsoft Corporation) [File not signed]
S2 wuauserv; C:\WINDOWS\system32\wuaueng.dll [2444288 2017-07-14] (Microsoft Corporation) [File not signed]
R3 wudfsvc; C:\WINDOWS\System32\WUDFSvc.dll [91648 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\WINDOWS\System32\wwansvc.dll [1396224 2017-07-14] (Microsoft Corporation) [File not signed]
S3 XblAuthManager; C:\WINDOWS\System32\XblAuthManager.dll [1013248 2017-03-18] (Microsoft Corporation) [File not signed]
S4 XblGameSave; C:\WINDOWS\System32\XblGameSave.dll [1135104 2017-03-18] (Microsoft Corporation) [File not signed]
S4 XboxGipSvc; C:\WINDOWS\System32\XboxGipSvc.dll [18944 2017-03-18] (Microsoft Corporation) [File not signed]
S4 XboxNetApiSvc; C:\WINDOWS\system32\XboxNetApiSvc.dll [1067008 2017-07-14] (Microsoft Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\WINDOWS\System32\drivers\1394ohci.sys [238080 2017-03-18] (Microsoft Corporation) [File not signed]
S3 AcpiDev; C:\WINDOWS\System32\drivers\AcpiDev.sys [20480 2017-03-18] (Microsoft Corporation) [File not signed]
S3 acpipagr; C:\WINDOWS\System32\drivers\acpipagr.sys [12800 2017-03-18] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\WINDOWS\System32\drivers\acpipmi.sys [14848 2017-03-18] (Microsoft Corporation) [File not signed]
S3 acpitime; C:\WINDOWS\System32\drivers\acpitime.sys [14336 2017-03-18] (Microsoft Corporation) [File not signed]
R1 ahcache; C:\WINDOWS\System32\DRIVERS\ahcache.sys [239616 2017-03-18] (Microsoft Corporation) [File not signed]
S3 AmdK8; C:\WINDOWS\System32\drivers\amdk8.sys [176640 2017-03-18] (Microsoft Corporation) [File not signed]
R3 AmdPPM; C:\WINDOWS\System32\drivers\amdppm.sys [172544 2017-03-18] (Microsoft Corporation) [File not signed]
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 applockerfltr; C:\WINDOWS\System32\drivers\applockerfltr.sys [17920 2017-03-18] (Microsoft Corporation) [File not signed]
R3 AsyncMac; C:\WINDOWS\System32\drivers\asyncmac.sys [28672 2017-03-18] (Microsoft Corporation) [File not signed]
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2017-03-18] (Qualcomm Atheros Communications, Inc.) [File not signed]
R1 BasicDisplay; C:\WINDOWS\System32\drivers\BasicDisplay.sys [57344 2017-03-18] (Microsoft Corporation) [File not signed]
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [35840 2017-07-14] (Microsoft Corporation) [File not signed]
S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [9728 2017-03-18] (Windows (R) Win 7 DDK provider) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [10240 2017-03-18] (Microsoft Corporation) [File not signed]
R3 bowser; C:\WINDOWS\System32\DRIVERS\bowser.sys [101888 2017-03-18] (Microsoft Corporation) [File not signed]
R3 BrSerId; C:\WINDOWS\system32\DRIVERS\BrSerId.sys [290816 2012-03-27] (Brother Industries Ltd.) [File not signed]
R3 BrUsbSer; C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys [14720 2011-07-18] (Brother Industries Ltd.) [File not signed]
S3 BthAvrcpTg; C:\WINDOWS\System32\drivers\BthAvrcpTg.sys [43520 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [97792 2017-03-18] (Microsoft Corporation) [File not signed]
S3 bthhfhid; C:\WINDOWS\System32\drivers\BthHFHid.sys [32256 2017-03-18] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [66560 2017-03-18] (Microsoft Corporation) [File not signed]
S3 buttonconverter; C:\WINDOWS\System32\drivers\buttonconverter.sys [39424 2017-03-18] (Microsoft Corporation) [File not signed]
S3 CapImg; C:\WINDOWS\System32\drivers\capimg.sys [122880 2017-03-18] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\WINDOWS\System32\DRIVERS\cdfs.sys [93184 2017-03-18] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\WINDOWS\System32\drivers\cdrom.sys [160256 2017-03-18] (Microsoft Corporation) [File not signed]
S3 circlass; C:\WINDOWS\System32\drivers\circlass.sys [49152 2017-03-18] (Microsoft Corporation) [File not signed]
S2 CldFlt; C:\WINDOWS\System32\drivers\cldflt.sys [12288 2017-03-18] (Microsoft Corporation) [File not signed]
R2 clreg; C:\WINDOWS\System32\drivers\registry.sys [14336 2017-03-18] (Microsoft Corporation) [File not signed]
S3 CmBatt; C:\WINDOWS\System32\drivers\CmBatt.sys [30208 2017-03-18] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys [40448 2017-03-18] (Microsoft Corporation) [File not signed]
R1 Dfsc; C:\WINDOWS\System32\Drivers\dfsc.sys [150528 2017-03-18] (Microsoft Corporation) [File not signed]
S3 dmvsc; C:\WINDOWS\System32\drivers\dmvsc.sys [47104 2017-03-18] (Microsoft Corporation) [File not signed]
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132824 2017-08-09] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107344 2017-03-09] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [14880 2017-03-09] (ESET)
R3 efavdrv; C:\WINDOWS\system32\drivers\efavdrv.sys [139704 2017-08-14] (ESET)
R3 efavdrv; C:\WINDOWS\SysWOW64\drivers\efavdrv.sys [115008 2017-08-14] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [178056 2017-03-09] (ESET)
S4 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50752 2017-03-09] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [78192 2017-03-09] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [101648 2017-03-09] (ESET)
S3 ErrDev; C:\WINDOWS\System32\drivers\errdev.sys [13824 2017-03-18] (Microsoft Corporation) [File not signed]
S3 ESETCleanersDriver; C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys [181160 2017-08-14] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [347136 2017-03-18] (Microsoft Corporation) [File not signed]
S3 fdc; C:\WINDOWS\System32\drivers\fdc.sys [32768 2017-03-18] (Microsoft Corporation) [File not signed]
R1 FileCrypt; C:\WINDOWS\System32\drivers\filecrypt.sys [54272 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\WINDOWS\System32\drivers\filetrace.sys [36864 2017-03-18] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\WINDOWS\System32\drivers\flpydisk.sys [26624 2017-03-18] (Microsoft Corporation) [File not signed]
S3 gencounter; C:\WINDOWS\System32\drivers\vmgencounter.sys [13824 2017-03-18] (Microsoft Corporation) [File not signed]
S3 genericusbfn; C:\WINDOWS\System32\drivers\genericusbfn.sys [21504 2017-03-18] (Microsoft Corporation) [File not signed]
R1 GpuEnergyDrv; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [8192 2017-03-18] (Microsoft Corporation) [File not signed]
S3 HdAudAddService; C:\WINDOWS\system32\DRIVERS\HdAudio.sys [416256 2017-03-18] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS\System32\drivers\HDAudBus.sys [86528 2017-07-14] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\WINDOWS\System32\drivers\hidbth.sys [106496 2017-03-18] (Microsoft Corporation) [File not signed]
S3 hidi2c; C:\WINDOWS\System32\drivers\hidi2c.sys [52224 2017-03-18] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\WINDOWS\System32\drivers\hidir.sys [46592 2017-03-18] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\WINDOWS\System32\drivers\hidusb.sys [40960 2017-03-18] (Microsoft Corporation) [File not signed]
S3 hyperkbd; C:\WINDOWS\System32\drivers\hyperkbd.sys [16896 2017-03-18] (Microsoft Corporation) [File not signed]
S3 i8042prt; C:\WINDOWS\System32\drivers\i8042prt.sys [115200 2017-03-18] (Microsoft Corporation) [File not signed]
S3 iagpio; C:\WINDOWS\System32\drivers\iagpio.sys [33280 2017-03-18] (Intel(R) Corporation) [File not signed]
S3 iai2c; C:\WINDOWS\System32\drivers\iai2c.sys [81408 2017-03-18] (Intel(R) Corporation) [File not signed]
S3 iaLPSS2i_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [70656 2017-03-18] (Intel Corporation) [File not signed]
S3 iaLPSS2i_GPIO2_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504 2017-03-18] (Intel Corporation) [File not signed]
S3 iaLPSS2i_I2C; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [165376 2017-03-18] (Intel Corporation) [File not signed]
S3 iaLPSS2i_I2C_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448 2017-03-18] (Intel Corporation) [File not signed]
S3 iaLPSSi_I2C; C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [113152 2017-03-18] (Intel Corporation) [File not signed]
S3 IndirectKmd; C:\WINDOWS\System32\drivers\IndirectKmd.sys [36864 2017-03-18] (Microsoft Corporation) [File not signed]
S3 intelppm; C:\WINDOWS\System32\drivers\intelppm.sys [193536 2017-03-18] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [87040 2017-03-18] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\WINDOWS\System32\drivers\ipnat.sys [214528 2017-03-18] (Microsoft Corporation) [File not signed]
S3 irda; C:\WINDOWS\system32\drivers\irda.sys [120320 2017-03-18] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\drivers\irenum.sys [19968 2017-03-18] (Microsoft Corporation) [File not signed]
R3 kbdhid; C:\WINDOWS\System32\drivers\kbdhid.sys [40448 2017-03-18] (Microsoft Corporation) [File not signed]
S3 kdnic; C:\WINDOWS\System32\drivers\kdnic.sys [23040 2017-03-18] (Microsoft Corporation) [File not signed]
R3 ksthunk; C:\WINDOWS\system32\drivers\ksthunk.sys [27136 2017-07-14] (Microsoft Corporation) [File not signed]
R3 L1C; C:\WINDOWS\System32\drivers\L1C63x64.sys [121344 2017-03-18] (Qualcomm Atheros Co., Ltd.) [File not signed]
R2 lltdio; C:\WINDOWS\System32\drivers\lltdio.sys [66560 2017-03-18] (Microsoft Corporation) [File not signed]
R2 luafv; C:\WINDOWS\system32\drivers\luafv.sys [124928 2017-03-18] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\WINDOWS\system32\drivers\mmcss.sys [50688 2017-03-18] (Microsoft Corporation) [File not signed]
R3 Modem; C:\WINDOWS\System32\drivers\modem.sys [42496 2017-03-18] (Microsoft Corporation) [File not signed]
R3 monitor; C:\WINDOWS\System32\drivers\monitor.sys [39424 2017-03-18] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\drivers\mouhid.sys [33280 2017-03-18] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\WINDOWS\System32\drivers\mpsdrv.sys [76800 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\WINDOWS\system32\drivers\mrxdav.sys [144384 2017-03-18] (Microsoft Corporation) [File not signed]
S4 mrxsmb10; C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys [285696 2017-07-14] (Microsoft Corporation) [File not signed]
S3 MsBridge; C:\WINDOWS\System32\drivers\bridge.sys [115712 2017-07-14] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\WINDOWS\System32\drivers\mshidkmdf.sys [8704 2017-03-18] (Microsoft Corporation) [File not signed]
S3 mshidumdf; C:\WINDOWS\System32\drivers\mshidumdf.sys [12288 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys [32768 2017-07-14] (Microsoft Corporation) [File not signed]
R2 MsLldp; C:\WINDOWS\System32\drivers\mslldp.sys [83456 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys [10752 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\system32\DRIVERS\MSPQM.sys [10752 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\WINDOWS\system32\DRIVERS\MSTEE.sys [12800 2017-03-18] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\WINDOWS\System32\drivers\MTConfig.sys [16896 2017-03-18] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\WINDOWS\System32\DRIVERS\nwifi.sys [549888 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\WINDOWS\System32\drivers\ndiscap.sys [50688 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NdisImPlatform; C:\WINDOWS\System32\drivers\NdisImPlatform.sys [128512 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\drivers\ndisuio.sys [65536 2017-03-18] (Microsoft Corporation) [File not signed]
R3 NdisVirtualBus; C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [20992 2017-03-18] (Microsoft Corporation) [File not signed]
S3 NdisWan; C:\WINDOWS\System32\drivers\ndiswan.sys [192000 2017-03-18] (Microsoft Corporation) [File not signed]
S3 ndiswanlegacy; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [192000 2017-03-18] (Microsoft Corporation) [File not signed]
R3 ndproxy; C:\WINDOWS\System32\DRIVERS\NDProxy.sys [62464 2017-03-18] (Microsoft Corporation) [File not signed]
R2 Ndu; C:\WINDOWS\System32\drivers\Ndu.sys [127488 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Netaapl; C:\WINDOWS\system32\DRIVERS\netaapl64.sys [23040 2014-06-10] (Apple Inc.) [File not signed]
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [122368 2017-03-18] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [305152 2017-03-18] (Microsoft Corporation) [File not signed]
S3 netvsc; C:\WINDOWS\System32\drivers\netvsc.sys [118784 2017-07-14] (Microsoft Corporation) [File not signed]
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2015-01-08] (CACE Technologies, Inc.)
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [69120 2017-03-18] (Microsoft Corporation) [File not signed]
R1 npsvctrig; C:\WINDOWS\System32\drivers\npsvctrig.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\WINDOWS\System32\drivers\nsiproxy.sys [41984 2017-03-18] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [7680 2017-03-18] (Microsoft Corporation) [File not signed]
S3 nvdimmn; C:\WINDOWS\System32\drivers\nvdimmn.sys [80896 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Parport; C:\WINDOWS\System32\drivers\parport.sys [97792 2017-03-18] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\WINDOWS\System32\drivers\peauth.sys [741376 2017-03-18] (Microsoft Corporation) [File not signed]
S3 pmem; C:\WINDOWS\System32\drivers\pmem.sys [101376 2017-03-18] (Microsoft Corporation) [File not signed]
S3 PptpMiniport; C:\WINDOWS\System32\drivers\raspptp.sys [97792 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Processor; C:\WINDOWS\System32\drivers\processr.sys [172032 2017-03-18] (Microsoft Corporation) [File not signed]
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [91976 2017-08-10] (Sysinternals - www.sysinternals.com)
S3 QWAVEdrv; C:\WINDOWS\system32\drivers\qwavedrv.sys [49664 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [17920 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasAgileVpn; C:\WINDOWS\System32\drivers\AgileVpn.sys [108544 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Rasl2tp; C:\WINDOWS\System32\drivers\rasl2tp.sys [107008 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [81920 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RasSstp; C:\WINDOWS\System32\drivers\rassstp.sys [79872 2017-03-18] (Microsoft Corporation) [File not signed]
S3 rdpbus; C:\WINDOWS\System32\drivers\rdpbus.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
S3 RDPDR; C:\WINDOWS\System32\drivers\rdpdr.sys [183296 2017-03-18] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\WINDOWS\System32\drivers\rspndr.sys [82432 2017-03-18] (Microsoft Corporation) [File not signed]
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2016-10-27] (Realsil Semiconductor Corporation)
S3 s3cap; C:\WINDOWS\System32\drivers\vms3cap.sys [9216 2017-03-18] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\WINDOWS\System32\DRIVERS\scfilter.sys [43520 2017-03-18] (Microsoft Corporation) [File not signed]
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 Serenum; C:\WINDOWS\System32\drivers\serenum.sys [26112 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Serial; C:\WINDOWS\System32\drivers\serial.sys [84480 2017-03-18] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\WINDOWS\System32\drivers\sermouse.sys [28672 2017-03-18] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\WINDOWS\System32\drivers\sfloppy.sys [18432 2017-03-18] (Microsoft Corporation) [File not signed]
R2 srv; C:\WINDOWS\System32\DRIVERS\srv.sys [414208 2017-07-14] (Microsoft Corporation) [File not signed]
R3 srv2; C:\WINDOWS\System32\DRIVERS\srv2.sys [722944 2017-07-14] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\WINDOWS\System32\DRIVERS\srvnet.sys [255488 2017-03-18] (Microsoft Corporation) [File not signed]
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [551936 2013-11-20] (IDT, Inc.) [File not signed]
S3 StillCam; C:\WINDOWS\system32\DRIVERS\serscan.sys [13312 2017-03-18] (Microsoft Corporation) [File not signed]
R2 storqosflt; C:\WINDOWS\System32\drivers\storqosflt.sys [79872 2017-03-18] (Microsoft Corporation) [File not signed]
S3 Synth3dVsc; C:\WINDOWS\System32\drivers\Synth3dVsc.sys [64512 2017-03-18] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\WINDOWS\System32\drivers\tcpipreg.sys [51712 2017-03-18] (Microsoft Corporation) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-08-14] ()
S3 TsUsbFlt; C:\WINDOWS\System32\drivers\tsusbflt.sys [61440 2017-03-18] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\WINDOWS\System32\drivers\TsUsbGD.sys [35328 2017-03-18] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\WINDOWS\System32\drivers\tunnel.sys [162304 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UcmCx0101; C:\WINDOWS\System32\Drivers\UcmCx.sys [104448 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UcmTcpciCx0101; C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys [179200 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UcmUcsi; C:\WINDOWS\System32\drivers\UcmUcsi.sys [51712 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [45568 2017-03-18] (Microsoft Corporation) [File not signed]
R4 udfs; C:\WINDOWS\System32\DRIVERS\udfs.sys [324096 2017-03-18] (Microsoft Corporation) [File not signed]
R3 umbus; C:\WINDOWS\System32\drivers\umbus.sys [57856 2017-03-18] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\WINDOWS\System32\drivers\umpass.sys [14336 2017-03-18] (Microsoft Corporation) [File not signed]
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
S3 usbcir; C:\WINDOWS\System32\drivers\usbcir.sys [103424 2017-03-18] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\WINDOWS\System32\drivers\usbohci.sys [30720 2017-03-18] (Microsoft Corporation) [File not signed]
R3 usbprint; C:\WINDOWS\System32\drivers\usbprint.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
R3 usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [47104 2017-03-18] (Microsoft Corporation) [File not signed]
S3 usbser; C:\WINDOWS\System32\drivers\usbser.sys [71680 2017-03-18] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\WINDOWS\System32\drivers\usbuhci.sys [35328 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vhf; C:\WINDOWS\System32\drivers\vhf.sys [35328 2017-03-18] (Microsoft Corporation) [File not signed]
R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [141920 2016-03-03] (Acronis)
S3 VMBusHID; C:\WINDOWS\System32\drivers\VMBusHID.sys [25088 2017-03-18] (Microsoft Corporation) [File not signed]
S3 vmgid; C:\WINDOWS\System32\drivers\vmgid.sys [10240 2017-03-18] (Microsoft Corporation) [File not signed]
R3 vwifibus; C:\WINDOWS\System32\drivers\vwifibus.sys [27136 2017-03-18] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\WINDOWS\System32\drivers\vwififlt.sys [77312 2017-03-18] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\WINDOWS\System32\drivers\vwifimp.sys [41472 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\WINDOWS\System32\drivers\wacompen.sys [30720 2017-03-18] (Microsoft Corporation) [File not signed]
R2 wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [81408 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wanarpv6; C:\WINDOWS\System32\DRIVERS\wanarp.sys [81408 2017-03-18] (Microsoft Corporation) [File not signed]
S3 wcnfs; C:\WINDOWS\system32\drivers\wcnfs.sys [72192 2017-03-18] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 wdiwifi; C:\WINDOWS\System32\DRIVERS\wdiwifi.sys [757248 2017-07-14] (Microsoft Corporation) [File not signed]
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 WinNat; C:\WINDOWS\System32\drivers\winnat.sys [217088 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WINUSB; C:\WINDOWS\System32\drivers\WinUSB.SYS [90112 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WmiAcpi; C:\WINDOWS\System32\drivers\wmiacpi.sys [18432 2017-03-18] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\WINDOWS\system32\drivers\ws2ifsl.sys [23552 2017-03-18] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\WINDOWS\System32\drivers\WudfPf.sys [100864 2017-03-18] (Microsoft Corporation) [File not signed]
S2 WUDFRd; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WUDFWpdFs; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation) [File not signed]
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation) [File not signed]
S3 xboxgip; C:\WINDOWS\System32\drivers\xboxgip.sys [277504 2017-07-14] (Microsoft Corporation) [File not signed]
S3 xinputhid; C:\WINDOWS\System32\drivers\xinputhid.sys [46592 2017-03-18] (Microsoft Corporation) [File not signed]





==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-15 04:58 - 2017-08-15 04:58 - 002395648 _____ (Farbar) C:\Users\AIRWORX 2\Desktop\FRST64.exe
2017-08-15 02:24 - 2017-08-15 02:24 - 021715575 _____ C:\Users\AIRWORX 2\Desktop\windows10.0-kb4034662-x64_f2380ab75c39045ffdde4fa875029e1b70bb5aec.msu
2017-08-14 14:40 - 2017-08-14 14:43 - 904101495 _____ C:\Users\AIRWORX 2\Desktop\windows10.0-kb4034674-x64_cae3409b2e93b492093c43a18aa81f66cc70cdad.msu
2017-08-14 14:40 - 2017-08-14 14:42 - 564953013 _____ C:\Users\AIRWORX 2\Desktop\windows10.0-kb4034674-x64_delta_891202a55f2b6051b8a03b309ea9922ba19e1cf6.msu
2017-08-14 12:03 - 2017-08-14 12:03 - 000583304 _____ (ESET spol. s r.o.) C:\Users\AIRWORX 2\Desktop\ESETHfsReader (1).exe
2017-08-14 11:59 - 2017-08-14 11:59 - 002273880 _____ (ESET) C:\Users\AIRWORX 2\Desktop\ERARemover_x86.exe
2017-08-14 11:59 - 2017-08-14 11:59 - 000115008 _____ (ESET) C:\WINDOWS\SysWOW64\Drivers\efavdrv.sys
2017-08-14 11:57 - 2017-08-14 11:57 - 002991832 _____ (ESET) C:\Users\AIRWORX 2\Desktop\ERARemover_x64 (1).exe
2017-08-14 11:57 - 2017-08-14 11:57 - 000139704 _____ (ESET) C:\WINDOWS\system32\Drivers\efavdrv.sys
2017-08-14 11:56 - 2017-08-14 11:56 - 000000060 _____ C:\Users\AIRWORX 2\Desktop\system file checker.txt
2017-08-14 09:15 - 2017-08-14 09:15 - 000260296 _____ (ESET) C:\Users\AIRWORX 2\Desktop\ESETNecursCleaner (1).exe
2017-08-14 09:04 - 2017-08-14 09:04 - 000001860 _____ C:\Users\AIRWORX 2\Desktop\sc-cleaner1.txt
2017-08-11 20:03 - 2017-08-11 20:03 - 008185288 _____ (Malwarebytes) C:\Users\AIRWORX 2\Desktop\adwcleaner_7.0.1.0.exe
2017-08-11 19:57 - 2017-08-11 19:58 - 008185288 _____ (Malwarebytes) C:\Users\AIRWORX 2\Desktop\AdwCleaner (1).exe
2017-08-11 19:55 - 2017-08-11 19:55 - 000219120 _____ C:\Users\AIRWORX 2\Desktop\ticket.pdf
2017-08-11 12:23 - 2017-08-14 12:24 - 000194776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-11 12:22 - 2017-08-14 14:16 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\mbar
2017-08-11 12:22 - 2017-08-14 12:23 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-08-11 12:22 - 2017-08-11 12:22 - 016563352 _____ (Malwarebytes Corp.) C:\Users\AIRWORX 2\Desktop\mbar-1.09.3.1001 (1).exe
2017-08-11 10:22 - 2017-08-14 02:21 - 000000000 ____D C:\AdwCleaner
2017-08-11 10:21 - 2017-08-11 11:47 - 000007680 _____ C:\Users\AIRWORX 2\Desktop\instructions.txt
2017-08-11 10:18 - 2017-08-11 10:18 - 006754944 _____ (ESET spol. s r.o.) C:\Users\AIRWORX 2\Desktop\esetonlinescanner_enu.exe
2017-08-11 10:14 - 2017-08-11 10:14 - 008185288 _____ (Malwarebytes) C:\Users\AIRWORX 2\Desktop\AdwCleaner.exe
2017-08-11 09:51 - 2017-08-11 09:51 - 000001613 _____ C:\Users\AIRWORX 2\Desktop\ProcmonConfiguration.pmc
2017-08-11 09:47 - 2017-08-11 09:47 - 000001737 _____ C:\Users\AIRWORX 2\Desktop\cross reference processes.CSV
2017-08-11 09:46 - 2017-08-11 09:46 - 000001188 _____ C:\Users\AIRWORX 2\Desktop\network events.CSV
2017-08-11 09:43 - 2017-08-14 09:03 - 000001860 _____ C:\Users\AIRWORX 2\Desktop\sc-cleaner.txt
2017-08-11 09:42 - 2017-08-11 09:42 - 000059971 _____ C:\Users\AIRWORX 2\Desktop\MTB1.txt
2017-08-11 09:41 - 2017-08-11 09:41 - 000059971 _____ C:\Users\AIRWORX 2\Desktop\MTB.txt
2017-08-11 09:22 - 2017-08-11 09:22 - 000620361 _____ C:\Users\AIRWORX 2\Desktop\verbose logging 8-7-17.txt
2017-08-11 08:28 - 2017-08-11 08:28 - 000003251 _____ C:\Users\AIRWORX 2\Desktop\command lines for windows 10.txt
2017-08-11 08:04 - 2017-08-11 08:04 - 000892416 _____ (Farbar) C:\Users\AIRWORX 2\Desktop\MiniToolBox.exe
2017-08-11 08:03 - 2017-08-11 08:03 - 000467072 _____ (Bleeping Computer, LLC) C:\Users\AIRWORX 2\Desktop\sc-cleaner.exe
2017-08-11 04:17 - 2017-08-11 04:17 - 000488556 _____ C:\Users\AIRWORX 2\Desktop\5-15-17 eset.xml
2017-08-11 04:16 - 2017-08-11 04:16 - 000211414 _____ C:\Users\AIRWORX 2\Desktop\6-27-17 eset findings.xml
2017-08-11 02:29 - 2017-08-11 02:29 - 000148871 _____ C:\Users\AIRWORX 2\Desktop\ssasbug.android findings eset.txt
2017-08-11 02:27 - 2017-08-11 02:27 - 000203442 _____ C:\Users\AIRWORX 2\Desktop\tv lite.jsn findings eset.txt
2017-08-11 02:26 - 2017-08-11 02:26 - 002683721 _____ C:\Users\AIRWORX 2\Desktop\Ink cant open .txt
2017-08-11 02:25 - 2017-08-11 02:25 - 000000201 _____ C:\Users\AIRWORX 2\Desktop\safe os mount eset.txt
2017-08-11 02:24 - 2017-08-11 02:24 - 000014529 _____ C:\Users\AIRWORX 2\Desktop\all eset scans.txt
2017-08-11 02:24 - 2017-08-11 02:24 - 000000127 _____ C:\Users\AIRWORX 2\Desktop\8-4-17 eset scan.txt
2017-08-11 02:22 - 2017-08-11 02:22 - 000109866 _____ C:\Users\AIRWORX 2\Desktop\eset history and NT Auth updates too.txt
2017-08-10 20:28 - 2017-08-10 20:28 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\ESET Rootkit Detector.app
2017-08-10 20:22 - 2017-08-10 20:22 - 002991832 _____ (ESET) C:\Users\AIRWORX 2\Desktop\ERARemover_x64.exe
2017-08-10 20:21 - 2017-08-14 12:03 - 000001244 _____ C:\Users\AIRWORX 2\Desktop\HfsReader_Log.txt
2017-08-10 20:15 - 2017-08-10 20:15 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\ESET_Rootkit_Detector
2017-08-10 20:10 - 2017-08-10 20:10 - 000260296 _____ (ESET) C:\Users\AIRWORX 2\Desktop\ESETNecursCleaner.exe
2017-08-10 20:09 - 2017-08-10 20:09 - 009757824 _____ (ESET) C:\Users\AIRWORX 2\Desktop\avremover_nt64_enu.exe
2017-08-10 20:09 - 2017-08-10 20:09 - 000616883 _____ C:\Users\AIRWORX 2\Desktop\ESET_Rootkit_Detector.zip
2017-08-10 20:09 - 2017-08-10 20:09 - 000583304 _____ (ESET spol. s r.o.) C:\Users\AIRWORX 2\Desktop\ESETHfsReader.exe
2017-08-10 12:24 - 2017-08-10 12:25 - 000010804 _____ C:\Users\AIRWORX 2\Desktop\Fixlog.txt
2017-08-10 12:19 - 2017-08-11 09:22 - 000100017 _____ C:\Users\AIRWORX 2\Desktop\DigiData.Vault.Adapter.log.1.txt
2017-08-10 11:44 - 2017-08-10 11:44 - 000069632 _____ C:\Users\AIRWORX 2\Documents\search UI.evtx
2017-08-10 11:44 - 2017-08-10 11:44 - 000069632 _____ C:\Users\AIRWORX 2\Documents\oneCore online setup.evtx
2017-08-10 11:43 - 2017-08-10 11:43 - 000069632 _____ C:\Users\AIRWORX 2\Documents\defender.evtx
2017-08-10 11:35 - 2017-08-10 11:35 - 000069632 _____ C:\Users\AIRWORX 2\Documents\Analytic.evtx
2017-08-10 09:40 - 2017-08-10 09:40 - 000094570 _____ C:\Users\AIRWORX 2\Desktop\cmd group status.txt
2017-08-10 07:54 - 2017-08-10 07:54 - 000091976 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2017-08-10 07:54 - 2017-08-10 07:54 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\ProcessMonitor
2017-08-10 07:53 - 2017-08-10 07:53 - 001005016 _____ C:\Users\AIRWORX 2\Desktop\ProcessMonitor.zip
2017-08-10 07:30 - 2017-08-10 07:30 - 000022715 _____ C:\Users\AIRWORX 2\Desktop\Employee-Referral-Form.pdf
2017-08-10 05:40 - 2017-08-10 05:40 - 000000824 _____ C:\Users\AIRWORX 2\Desktop\hosts.txt
2017-08-09 10:44 - 2017-08-09 10:44 - 000000646 _____ C:\windows reg did not find any errors.txt
2017-08-09 10:23 - 2017-08-09 10:23 - 000009985 _____ C:\Users\AIRWORX 2\Desktop\cmd we ran 8-9-17.txt
2017-08-09 09:20 - 2017-08-09 09:20 - 000000347 _____ C:\Users\AIRWORX 2\Desktop\junk text commandtxt.txt
2017-08-09 09:10 - 2017-08-09 09:10 - 000035172 _____ C:\Users\AIRWORX 2\Desktop\services.xlsx
2017-08-09 08:52 - 2017-08-09 08:52 - 016563352 _____ (Malwarebytes Corp.) C:\Users\AIRWORX 2\Desktop\mbar-1.09.3.1001.exe
 
2017-08-09 05:56 - 2017-08-09 05:56 - 002396604 _____ C:\Users\AIRWORX 2\Desktop\WVCheck.exe
2017-08-09 05:53 - 2017-08-09 05:53 - 000380928 _____ C:\Users\AIRWORX 2\Desktop\n0i6wip8.exe
2017-08-09 02:29 - 2017-08-09 02:29 - 065033984 _____ (Malwarebytes ) C:\Users\AIRWORX 2\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-08-09 02:25 - 2017-08-09 02:25 - 000000249 _____ C:\Users\AIRWORX 2\Desktop\wondershare paste.txt
2017-08-08 21:28 - 2017-08-08 21:28 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Publishers
2017-08-08 14:49 - 2017-08-08 14:50 - 021567079 _____ C:\Users\AIRWORX 2\Desktop\eset ignore known.xml
2017-08-08 11:20 - 2017-08-08 11:40 - 000007704 _____ C:\Users\AIRWORX 2\Desktop\SystemLook.txt
2017-08-08 11:18 - 2017-08-08 11:18 - 000165376 _____ C:\Users\AIRWORX 2\Desktop\SystemLook_x64.exe
2017-08-08 09:39 - 2017-08-08 09:39 - 000000000 ___RD C:\Users\AIRWORX 2\Downloads\Cosmic Jump AIRWORX Team Folder
2017-08-08 06:43 - 2017-08-08 06:43 - 000224885 _____ C:\Users\AIRWORX 2\Desktop\HHS Syllabus Signature Form -signed.pdf
2017-08-08 06:41 - 2017-08-08 06:41 - 000079927 _____ C:\Users\AIRWORX 2\Desktop\HHS Syllabus Signature Form .pdf
2017-08-08 06:37 - 2017-08-08 06:37 - 000130011 _____ C:\Users\AIRWORX 2\Desktop\ACFrOgBX20iFWV0zlOfIcnVvXuWFsRsWFHxh-F_BkAp8bDwqqj0Yv8DmcWC9UunIF7Yc3GQ_FPzGqJGE3Udx6ZkfZbWjV2IWVIT2uMiJq5IMsfJkGNwBJkC4onio8yk=.pdf
2017-08-08 06:15 - 2017-08-09 09:10 - 000065097 _____ C:\Users\AIRWORX 2\Desktop\services.csv
2017-08-08 05:16 - 2017-08-08 05:16 - 000081951 _____ C:\Users\AIRWORX 2\Desktop\myeventviewer-x64.zip
2017-08-08 05:07 - 2017-08-08 05:07 - 000061440 _____ ( ) C:\Users\AIRWORX 2\Desktop\VEW.exe
2017-08-08 04:21 - 2017-08-08 04:21 - 001770460 _____ C:\Users\AIRWORX 2\Downloads\Windows Defender ATP - Ransomware response playbook.pdf
2017-08-08 04:20 - 2017-08-14 09:05 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\CrashDumps
2017-08-08 04:14 - 2017-08-08 04:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
2017-08-08 04:14 - 2017-08-08 04:14 - 000000000 ____D C:\Program Files (x86)\EMET 5.5
2017-08-08 04:13 - 2017-08-08 04:13 - 026812416 _____ C:\Users\AIRWORX 2\Downloads\EMET Setup.msi
2017-08-08 04:10 - 2017-08-08 04:39 - 000768464 _____ C:\Users\AIRWORX 2\Downloads\Windows10andWindowsServer2016PolicySettings.xlsx
2017-08-08 02:55 - 2017-08-08 02:55 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\JetBrains
2017-08-08 02:49 - 2017-08-08 02:50 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Microsoft Help
2017-08-08 02:49 - 2017-08-08 02:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2017-08-08 02:43 - 2017-08-09 11:24 - 000000000 ____D C:\Android
2017-08-08 02:42 - 2017-08-09 11:20 - 000000000 ____D C:\Program Files\Android
2017-08-07 13:01 - 2017-08-07 13:04 - 000790638 _____ C:\TDSSKiller.3.1.0.15_07.08.2017_13.01.55_log.txt
2017-08-07 12:43 - 2017-08-07 12:44 - 000008106 _____ C:\TDSSKiller.3.1.0.15_07.08.2017_12.43.03_log.txt
2017-08-07 12:41 - 2017-08-07 12:41 - 004922400 _____ (AO Kaspersky Lab) C:\Users\AIRWORX 2\Desktop\tdsskiller.exe
2017-08-07 12:25 - 2017-08-07 12:25 - 000000155 _____ C:\WINDOWS\system32\all.txt
2017-08-07 10:00 - 2017-08-07 10:00 - 000879551 _____ C:\Users\AIRWORX 2\Desktop\CryptoSearch.zip
2017-08-04 11:10 - 2017-08-04 14:39 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\AP
2017-08-04 10:48 - 2017-08-04 10:48 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-08-04 10:37 - 2017-08-04 10:37 - 000000546 _____ C:\Users\AIRWORX 2\Desktop\Encrypted documents - Copy.zip
2017-08-04 10:34 - 2017-07-25 07:46 - 000000595 _____ C:\Users\AIRWORX 2\Desktop\Encrypted documents - Copy.CSV
2017-08-04 10:16 - 2017-08-10 12:21 - 002381824 _____ (Farbar) C:\Users\AIRWORX 2\Desktop\FRST64 (2).exe
2017-08-04 10:01 - 2017-08-04 10:02 - 000047265 _____ C:\Users\AIRWORX 2\Desktop\appcrashview (1).zip
2017-08-04 05:40 - 2017-08-04 09:24 - 000004816 _____ C:\Users\AIRWORX 2\Desktop\links to findings.txt
2017-08-03 20:55 - 2017-08-03 20:55 - 000055111 _____ C:\Users\AIRWORX 2\Desktop\ACFrOgAjZaC8g0bE5UVjMkDU-EGyfCbydESYIcl5Ek-Jk2dgOtZdX5ShW7Uo0TTTXhI7ZV4o60JCCrjfMp-q84aBwoJKcJbRGbK_B2rm9Yaii0wppseh1AkAy87pTKo=.pdf
2017-08-03 18:35 - 2017-08-03 19:07 - 000001974 _____ C:\Users\AIRWORX 2\Desktop\cvv windows microsoft.txt
2017-08-03 13:10 - 2017-08-03 13:10 - 000011327 _____ C:\Users\AIRWORX 2\Desktop\eset.txt
2017-08-03 12:55 - 2017-08-03 12:55 - 000019119 _____ C:\Users\AIRWORX 2\Desktop\es.dat
2017-08-03 12:52 - 2017-08-03 12:52 - 000011327 _____ C:\Users\AIRWORX 2\Desktop\eset scans.txt
2017-08-03 07:53 - 2017-08-03 07:53 - 000333952 _____ (ESET) C:\Users\AIRWORX 2\Downloads\ESETEternalBlueChecker.exe
2017-08-03 07:38 - 2017-08-03 07:38 - 004836307 _____ C:\Users\AIRWORX 2\Downloads\eset_sysrescue_userguide_enu.pdf
2017-08-03 04:01 - 2017-08-14 03:33 - 099876864 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-08-03 03:58 - 2017-08-03 03:59 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-08-02 15:53 - 2017-08-02 15:53 - 044003024 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Desktop\Windows-KB890830-x64-V5.50 (1).exe
2017-08-02 10:02 - 2017-08-02 10:02 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\LogMeIn
2017-08-02 07:44 - 2017-08-02 07:44 - 000000000 ____D C:\Users\AIRWORX 2\Documents\Security
2017-08-02 07:20 - 2017-08-10 11:44 - 000000000 ____D C:\Users\AIRWORX 2\Documents\LocaleMetaData
2017-08-02 07:19 - 2017-08-02 07:20 - 000069632 _____ C:\Users\AIRWORX 2\Documents\events.evtx
2017-08-02 03:08 - 2017-08-02 03:08 - 145707800 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Desktop\msert.exe
2017-08-02 03:05 - 2017-08-02 03:05 - 000001174 _____ C:\Users\AIRWORX 2\Desktop\app crash viewer.txt
2017-08-02 03:03 - 2017-08-04 10:06 - 000000469 _____ C:\Users\AIRWORX 2\Desktop\AppCrashView.cfg
2017-08-01 08:19 - 2017-08-01 08:19 - 000011327 _____ C:\Users\AIRWORX 2\Desktop\eset yesterday.txt
2017-08-01 06:18 - 2017-08-10 12:21 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\FRST-OlderVersion
2017-08-01 05:58 - 2017-08-01 05:58 - 000000000 ____D C:\WINDOWS\Panther
2017-07-31 15:33 - 2017-07-31 15:33 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\NetworkTiles
2017-07-31 15:25 - 2017-07-31 15:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\MicrosoftEdge
2017-07-31 13:36 - 2017-07-31 13:36 - 006754944 _____ (ESET spol. s r.o.) C:\Users\AIRWORX 2\Downloads\esetonlinescanner_enu (1).exe
2017-07-31 13:29 - 2017-07-31 13:29 - 000511683 _____ C:\Users\AIRWORX 2\Desktop\find files.txt
2017-07-28 08:44 - 2017-07-28 08:44 - 000000000 _____ C:\WINDOWS\system32\set
2017-07-28 06:15 - 2017-07-28 06:15 - 000576231 _____ C:\Users\AIRWORX 2\Downloads\DTec13656.pdf
2017-07-28 06:06 - 2017-07-28 06:06 - 000075669 _____ C:\Users\AIRWORX 2\Downloads\COSMIC JUMP (4).pdf
2017-07-28 06:01 - 2017-07-28 06:01 - 000053739 _____ C:\Users\AIRWORX 2\Downloads\HS-2.8.17 #2888 CJump KCity Jan Inv&Rep SH (1).pdf
2017-07-28 05:54 - 2017-07-28 05:54 - 000151083 _____ C:\Users\AIRWORX 2\Downloads\COSMIC JUMP - Inv.pdf
2017-07-28 05:39 - 2017-07-28 06:17 - 000002182 _____ C:\Users\AIRWORX 2\Downloads\data (35).csv
2017-07-28 05:17 - 2017-07-28 05:17 - 000002299 _____ C:\Users\AIRWORX 2\Desktop\Google Chrome.lnk
2017-07-28 03:35 - 2017-07-28 03:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-07-27 07:33 - 2017-07-27 07:33 - 008162248 _____ (Malwarebytes) C:\Users\AIRWORX 2\Downloads\AdwCleaner.exe
2017-07-27 07:33 - 2017-07-27 07:33 - 001790024 _____ (Malwarebytes) C:\Users\AIRWORX 2\Downloads\JRT.exe
2017-07-27 07:31 - 2017-08-07 12:12 - 000100352 _____ C:\Users\AIRWORX 2\Desktop\copy and paste stuff.txt
2017-07-27 06:25 - 2017-07-27 06:25 - 000995572 _____ C:\Users\AIRWORX 2\Desktop\rel.XML
2017-07-27 06:02 - 2017-07-27 06:02 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\.IdentityService
2017-07-27 04:08 - 2017-07-27 04:08 - 000183220 _____ C:\Users\AIRWORX 2\Downloads\Appsdiagnostic10.diagcab
2017-07-27 03:23 - 2017-07-27 03:23 - 000011327 _____ C:\Users\AIRWORX 2\Desktop\eset threat findings.txt
2017-07-26 12:22 - 2017-07-26 12:22 - 000004857 _____ C:\Users\AIRWORX 2\Desktop\msrt results no infected files.txt
2017-07-26 11:56 - 2017-07-26 11:56 - 140634896 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\msert (4).exe
2017-07-26 10:47 - 2017-08-07 14:34 - 129732880 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\mpam-fe (3).exe
2017-07-26 10:45 - 2017-07-26 10:46 - 129732880 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\mpam-fe (2).exe
2017-07-26 10:45 - 2017-07-26 10:45 - 129732880 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\mpam-fe (1).exe
2017-07-26 10:38 - 2017-07-26 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2017-07-26 10:25 - 2017-07-28 02:15 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\Visual Studio Setup
 
2017-07-26 10:25 - 2017-07-26 10:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\vstelemetry
2017-07-26 10:25 - 2017-07-26 10:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\ServiceHub
2017-07-26 10:24 - 2017-07-28 02:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-07-26 09:01 - 2017-07-26 09:01 - 000000000 ____D C:\DGLogs
2017-07-26 09:00 - 2017-07-26 09:00 - 000000000 ____D C:\Users\AIRWORX 2\Downloads\DG_CG_hardware_readiness_tool_v3.2
2017-07-26 08:59 - 2017-05-04 12:11 - 000075680 _____ C:\Users\AIRWORX 2\Downloads\DG_Readiness_Tool_v3.2.ps1
2017-07-26 08:58 - 2017-07-26 08:58 - 000031743 _____ C:\Users\AIRWORX 2\Downloads\DG_CG_hardware_readiness_tool_v3.2.zip
2017-07-26 07:41 - 2017-07-26 07:42 - 000901670 _____ C:\Users\AIRWORX 2\Desktop\reliability history 7-26-2017.XML
2017-07-26 07:34 - 2017-07-26 07:34 - 044003024 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\Windows-KB890830-x64-V5.50.exe
2017-07-26 07:16 - 2017-07-26 07:17 - 001771288 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\nis_full.exe
2017-07-26 07:12 - 2017-07-26 07:12 - 000002259 _____ C:\WINDOWS\epplauncher.mif
2017-07-26 07:11 - 2017-07-26 07:17 - 129705744 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\mpam-fe.exe
2017-07-26 03:19 - 2017-07-26 03:19 - 000195346 _____ C:\Users\AIRWORX 2\Desktop\wu170509.diagcab
2017-07-26 02:59 - 2017-07-26 02:59 - 000022932 _____ C:\Users\AIRWORX 2\Desktop\allowed outbound firewall rules.txt
2017-07-26 02:58 - 2017-07-26 02:58 - 000033651 _____ C:\Users\AIRWORX 2\Desktop\allowed inbound firewall settings.txt
2017-07-25 07:46 - 2017-08-04 10:36 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\Encrypted documents
2017-07-25 07:46 - 2017-07-25 07:46 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\Documents_1
2017-07-25 05:46 - 2017-07-25 05:46 - 000068611 _____ C:\Users\AIRWORX 2\Downloads\f.txt
2017-07-25 04:56 - 2017-07-25 04:56 - 005780817 _____ C:\Users\AIRWORX 2\Downloads\17351442_117133718779563_5086019384804114432_n.bin
2017-07-24 18:39 - 2017-07-24 18:25 - 3007731185 ____N C:\Users\AIRWORX 2\Desktop\LGBackup_170724.lbf
2017-07-24 11:31 - 2017-07-24 11:31 - 000843873 _____ C:\Users\AIRWORX 2\Downloads\TS103488179.potx
2017-07-24 11:29 - 2017-07-24 11:29 - 000004318 _____ C:\Users\AIRWORX 2\Downloads\MC900054580.WMF
2017-07-24 11:07 - 2017-07-24 11:07 - 000000000 ____D C:\Program Files (x86)\Seagate
2017-07-24 09:54 - 2017-07-24 09:54 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2017-07-24 09:54 - 2017-07-24 09:54 - 000000000 ____D C:\Program Files\IDT
2017-07-24 09:54 - 2013-11-20 10:43 - 006101504 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll
2017-07-24 09:54 - 2013-11-20 10:43 - 001897984 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl
2017-07-24 09:54 - 2013-11-20 10:43 - 001703424 _____ (IDT, Inc.) C:\WINDOWS\sttray64.exe
2017-07-24 09:54 - 2013-11-20 10:43 - 000464384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slapoi64.dll
2017-07-24 09:54 - 2013-11-20 10:43 - 000030389 _____ C:\WINDOWS\system32\DTS_TOWER.XML
2017-07-24 09:48 - 2017-08-09 11:55 - 000000000 ____D C:\WINDOWS\Minidump
2017-07-24 09:42 - 2017-07-24 09:42 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\FBA95002-17BB-4264-B1E2-EE748AD9FCC7
2017-07-24 09:42 - 2017-07-24 09:42 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\BE7A0D4F-259E-4ACF-95D4-65A4A82C6258
2017-07-24 08:29 - 2017-07-24 08:29 - 000453034 _____ C:\Users\AIRWORX 2\Downloads\eStmt_2016-10-31.pdf
2017-07-24 08:28 - 2017-07-24 08:28 - 000477980 _____ C:\Users\AIRWORX 2\Downloads\eStmt_2016-09-30.pdf
2017-07-24 08:27 - 2017-07-24 08:27 - 000479815 _____ C:\Users\AIRWORX 2\Downloads\eStmt_2016-06-30.pdf
2017-07-24 08:25 - 2017-07-24 08:25 - 000469343 _____ C:\Users\AIRWORX 2\Downloads\eStmt_2016-08-31.pdf
2017-07-24 08:18 - 2017-07-24 08:18 - 003286340 _____ C:\Users\AIRWORX 2\Downloads\DOC071317-002.pdf
2017-07-24 06:56 - 2017-07-24 14:50 - 000002073 _____ C:\Users\AIRWORX 2\Desktop\my post.txt
2017-07-24 05:55 - 2017-07-24 05:55 - 000000000 _____ C:\Users\AIRWORX 2\defogger_reenable
2017-07-24 05:54 - 2017-07-24 05:54 - 000050477 _____ C:\Users\AIRWORX 2\Downloads\Defogger.exe
2017-07-24 05:30 - 2017-07-24 05:30 - 002001544 _____ C:\Users\AIRWORX 2\Downloads\pc-decrapifier-3.0.1.exe
2017-07-24 05:12 - 2017-07-24 05:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-07-24 05:12 - 2017-07-24 05:12 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-07-24 05:10 - 2017-07-24 05:10 - 019709440 ____N (Luis Cobian, CobianSoft) C:\Users\AIRWORX 2\Downloads\cbSetup.exe
2017-07-24 05:04 - 2017-08-10 12:29 - 000042890 _____ C:\Users\AIRWORX 2\Desktop\Addition.txt
2017-07-24 05:01 - 2017-08-15 05:01 - 000062018 _____ C:\Users\AIRWORX 2\Desktop\FRST.txt
2017-07-24 05:01 - 2017-08-15 05:00 - 000000000 ____D C:\FRST
2017-07-24 04:15 - 2017-07-24 04:15 - 000059467 ____N C:\Users\AIRWORX 2\Downloads\HS-5.8.17 #3104 CJump Allen April Inv&Rep SH (1).pdf
2017-07-24 04:12 - 2017-07-24 04:12 - 000071158 ____N C:\Users\AIRWORX 2\Downloads\07.11.17 Olathe-Holmes III LLC.pdf
2017-07-24 04:10 - 2017-07-24 04:10 - 000196464 ____N C:\Users\AIRWORX 2\Downloads\07.01.17 Olathe-AT&T.pdf
2017-07-24 04:09 - 2017-07-24 04:09 - 000480772 ____N C:\Users\AIRWORX 2\Downloads\07.17 Olathe-BOA Stmt.pdf
2017-07-24 04:08 - 2017-07-24 04:08 - 000072792 ____N C:\Users\AIRWORX 2\Downloads\06.30.17 Houston-CocaCola.pdf
2017-07-24 04:07 - 2017-07-24 04:07 - 000073576 ____N C:\Users\AIRWORX 2\Downloads\06.30.17 Dallas II-CocaCola.pdf
2017-07-24 04:01 - 2017-07-24 04:01 - 000044143 ____N C:\Users\AIRWORX 2\Downloads\Texas Notice of Tax-Fee Due.pdf
2017-07-24 03:48 - 2017-07-24 03:48 - 000257899 ____N C:\Users\AIRWORX 2\Downloads\1718abcdecalendar.pdf
2017-07-24 03:47 - 2017-07-24 03:47 - 001494216 ____N C:\Users\AIRWORX 2\Downloads\1718districtcalendar071917.pdf
2017-07-21 07:57 - 2017-07-21 07:57 - 001118208 ____N C:\Users\AIRWORX 2\Desktop\eventviewer.evtx
2017-07-21 07:54 - 2017-07-21 07:54 - 000626956 ____N C:\Users\AIRWORX 2\Desktop\sys info.txt
2017-07-21 02:37 - 2017-07-21 02:37 - 000031963 ____N C:\Users\AIRWORX 2\Downloads\Backup_17-17-07 10-43AM (1).zip
2017-07-21 02:36 - 2017-07-21 02:36 - 000031963 ____N C:\Users\AIRWORX 2\Downloads\Backup_17-17-07 10-43AM.zip
2017-07-21 02:18 - 2017-07-21 02:18 - 000001516 ____N C:\Users\AIRWORX 2\Desktop\malware bytes quar.txt
2017-07-20 12:57 - 2017-07-20 12:57 - 000000000 ____D C:\WINDOWS\ERUNT
2017-07-20 12:56 - 2017-07-20 12:58 - 000000646 _____ C:\DelFix.txt
2017-07-20 12:30 - 2015-08-09 11:12 - 000043104 _____ (NirSoft) C:\Users\AIRWORX 2\Desktop\AppCrashView.exe
2017-07-20 12:30 - 2015-08-09 11:12 - 000015426 ____N C:\Users\AIRWORX 2\Desktop\AppCrashView.chm
2017-07-20 12:30 - 2015-08-09 11:12 - 000007123 ____N C:\Users\AIRWORX 2\Desktop\readme.txt
2017-07-20 12:29 - 2017-07-20 12:29 - 000047265 ____N C:\Users\AIRWORX 2\Desktop\appcrashview.zip
2017-07-20 08:55 - 2017-06-27 12:06 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-20 08:54 - 2017-07-20 08:55 - 065033984 ____N (Malwarebytes ) C:\Users\AIRWORX 2\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-20 08:16 - 2017-07-20 08:16 - 135729424 ____N (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\msert (3).exe
2017-07-20 04:48 - 2017-07-20 04:48 - 001818624 ____N C:\Users\AIRWORX 2\Downloads\MBSASetup-x64-EN.msi
2017-07-19 08:41 - 2017-07-19 08:42 - 000066957 _____ C:\WINDOWS\system32\AIRWORX
2017-07-19 08:36 - 2017-07-19 08:40 - 000051333 ____N C:\Users\AIRWORX 2\Desktop\sfcdetails.txt
2017-07-19 07:56 - 2017-07-19 07:56 - 000342981 ____N C:\Users\AIRWORX 2\Downloads\PATIENT ACQUAINTENCE FORM 2017-signed.pdf
2017-07-19 07:13 - 2017-07-19 07:13 - 044003024 ____N (Microsoft Corporation) C:\Users\AIRWORX 2\Desktop\Windows-KB890830-x64-V5.50.exe
2017-07-19 06:58 - 2017-07-19 06:58 - 006361088 ____N C:\Users\AIRWORX 2\Desktop\windows security logs.evtx
2017-07-19 06:56 - 2017-07-19 06:56 - 001118208 ____N C:\Users\AIRWORX 2\Desktop\recent events.evtx
2017-07-19 06:56 - 2017-07-19 06:56 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\LocaleMetaData
2017-07-19 05:13 - 2017-07-19 05:13 - 000335756 ____N C:\Users\AIRWORX 2\Desktop\reliability history.XML
2017-07-19 04:31 - 2017-07-19 04:31 - 000006054 ____N C:\Users\AIRWORX 2\Desktop\Kas findings some not addressed.txt
2017-07-19 03:06 - 2017-07-19 03:06 - 000012672 ____N C:\Users\AIRWORX 2\Desktop\full scan kas.txt
2017-07-19 03:05 - 2017-07-19 03:05 - 000002066 ____N C:\Users\AIRWORX 2\Desktop\Vul scan.txt
2017-07-18 19:47 - 2017-07-18 19:47 - 000455756 ____N C:\Users\AIRWORX 2\Downloads\OFFICE POLICIES FOR PPWORK 2017 WITH LOGO-signed.pdf
2017-07-18 14:04 - 2017-07-19 07:59 - 000100526 ____N C:\Users\AIRWORX 2\Downloads\HIPAA Privacy Authorization Form.pdf
2017-07-18 14:04 - 2017-07-18 14:04 - 000377763 ____N C:\Users\AIRWORX 2\Downloads\OFFICE POLICIES FOR PPWORK 2017 WITH LOGO.pdf
2017-07-18 14:04 - 2017-07-18 14:04 - 000179165 ____N C:\Users\AIRWORX 2\Downloads\PATIENT ACQUAINTENCE FORM 2017.pdf
2017-07-18 13:40 - 2017-07-18 13:58 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\kc
2017-07-18 13:16 - 2017-07-18 13:16 - 000002066 ____N C:\Users\AIRWORX 2\Desktop\ks items found.txt
2017-07-18 13:15 - 2017-07-18 13:15 - 000002066 ____N C:\Users\AIRWORX 2\Desktop\kas items found.txt
2017-07-18 13:05 - 2017-07-18 13:05 - 000631136 ____N C:\Users\AIRWORX 2\Downloads\CCF10112016 (2).pdf
2017-07-18 13:05 - 2017-07-18 13:05 - 000631136 ____N C:\Users\AIRWORX 2\Downloads\CCF10112016 (2) (1).pdf
2017-07-18 13:05 - 2017-07-18 13:05 - 000627784 ____N C:\Users\AIRWORX 2\Downloads\CCF10112016 (3).pdf
2017-07-18 13:05 - 2017-07-18 13:05 - 000413116 ____N C:\Users\AIRWORX 2\Downloads\CCF10112016 (1).pdf
2017-07-18 13:02 - 2017-07-18 13:02 - 000531500 ____N C:\Users\AIRWORX 2\Desktop\KC Receipts April 2016.pdf
2017-07-18 12:59 - 2017-07-18 12:59 - 000779604 ____N C:\Users\AIRWORX 2\Downloads\KC May 2016 Receipts.pdf
2017-07-18 12:59 - 2017-07-18 12:59 - 000779604 ____N C:\Users\AIRWORX 2\Desktop\KC May 2016 Receipts (1).pdf
2017-07-18 12:56 - 2017-07-18 12:56 - 000888660 ____N C:\Users\AIRWORX 2\Desktop\KC Receipts June 2016.pdf
2017-07-18 12:54 - 2017-07-18 12:54 - 000218291 ____N C:\Users\AIRWORX 2\Downloads\KC Reports 8.1.pdf
2017-07-18 12:51 - 2017-07-18 12:51 - 001149113 ____N C:\Users\AIRWORX 2\Desktop\KC Receipts July 2016.pdf
2017-07-18 12:49 - 2017-07-18 12:49 - 000234159 ____N C:\Users\AIRWORX 2\Downloads\CCI09012016.pdf
2017-07-18 12:48 - 2017-07-18 12:48 - 000458582 ____N C:\Users\AIRWORX 2\Downloads\9.7.16 (1).pdf
2017-07-18 12:46 - 2017-07-18 12:46 - 000005049 ____N C:\Users\AIRWORX 2\Downloads\Aged Receivables.pdf
2017-07-18 12:45 - 2017-07-18 12:45 - 000413116 ____N C:\Users\AIRWORX 2\Downloads\CCF10112016.pdf
2017-07-18 12:41 - 2017-07-18 12:41 - 000197013 ____N C:\Users\AIRWORX 2\Downloads\CCF01102017 (1).pdf
2017-07-18 12:38 - 2017-07-18 12:38 - 000023765 ____N C:\Users\AIRWORX 2\Downloads\KC Tramp Specs.pdf
2017-07-18 12:34 - 2017-07-18 12:34 - 000195196 ____N C:\Users\AIRWORX 2\Downloads\07-15-17.pdf
2017-07-18 12:31 - 2017-07-18 12:31 - 000384839 ____N C:\Users\AIRWORX 2\Downloads\CCF06172017_0001.pdf
2017-07-18 12:30 - 2017-07-18 12:30 - 000374743 ____N C:\Users\AIRWORX 2\Downloads\CCF07092017 (1).pdf
 
2017-07-18 05:43 - 2017-07-18 05:43 - 000000801 ____N C:\Users\AIRWORX 2\Downloads\Downloads - Shortcut.lnk
2017-07-18 04:35 - 2017-07-17 10:14 - 005542722 ____N C:\Users\AIRWORX 2\Downloads\SysInspector-AIRWORX2-PC-170717-072446.xml
2017-07-17 10:26 - 2017-07-17 10:26 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-07-17 10:25 - 2017-07-17 10:25 - 002724512 ____N (Sysinternals - www.sysinternals.com) C:\Users\AIRWORX 2\Downloads\procexp.exe
2017-07-17 10:14 - 2017-07-17 10:14 - 000504650 _____ C:\Users\AIRWORX 2\SysInspector-AIRWORX2-PC-170717-072446.zip
2017-07-17 09:55 - 2017-07-17 09:55 - 000000000 _____ C:\WINDOWS\system32\wmic
2017-07-17 09:22 - 2017-07-17 09:22 - 141475088 ____N (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\msert (2).exe
2017-07-17 09:21 - 2017-07-17 09:21 - 007340032 ____N C:\Users\AIRWORX 2\Downloads\msert (1).exe
2017-07-17 09:14 - 2017-07-17 09:14 - 001048576 ____N C:\Users\AIRWORX 2\Downloads\msert.exe
2017-07-17 07:40 - 2017-07-17 07:40 - 006754944 ____N (ESET spol. s r.o.) C:\Users\AIRWORX 2\Downloads\esetonlinescanner_enu.exe
2017-07-17 07:11 - 2017-07-17 07:11 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\DBG
2017-07-17 03:31 - 2017-07-24 04:50 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\Cleanup apps

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-15 04:39 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-15 03:36 - 2017-07-14 05:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-14 21:48 - 2017-07-14 06:12 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DBB8FF06-B999-4A95-A7CE-15C213181723}
2017-08-14 20:05 - 2017-05-15 11:04 - 000037894 _____ C:\Users\AIRWORX 2\Documents\Mary Brooks.flp
2017-08-14 20:05 - 2017-05-03 08:35 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\Family Lawyer
2017-08-14 20:05 - 2017-05-03 08:26 - 000000000 ____D C:\Program Files (x86)\Family Lawyer
2017-08-14 14:16 - 2017-07-12 06:53 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-14 09:17 - 2014-03-04 13:12 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\ESET
2017-08-14 09:12 - 2017-06-26 09:52 - 000181160 _____ (ESET) C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys
2017-08-14 08:59 - 2017-07-14 06:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-08-14 03:34 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-14 03:33 - 2017-07-14 06:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-14 03:33 - 2017-03-18 04:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-08-14 03:33 - 2016-07-01 17:30 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-08-14 02:43 - 2017-07-11 04:04 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-08-11 10:03 - 2017-05-31 09:35 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\Samsung
2017-08-11 10:03 - 2017-05-31 09:35 - 000000000 ____D C:\Program Files (x86)\Samsung
2017-08-10 20:23 - 2017-06-26 07:42 - 000000000 ____D C:\ProgramData\ESET
2017-08-10 20:17 - 2014-03-27 13:37 - 000000000 ____D C:\Program Files (x86)\DahuaTech
2017-08-10 16:57 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-10 13:00 - 2014-03-26 16:20 - 000000000 ___RD C:\Users\AIRWORX 2\Dropbox
2017-08-10 11:50 - 2017-02-20 08:22 - 000000000 ____D C:\Program Files\Recuva
2017-08-10 03:41 - 2017-07-14 06:11 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-10 03:41 - 2017-01-24 15:31 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-08-09 20:18 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-09 17:15 - 2017-07-14 06:11 - 000003280 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAIRWORX 2
2017-08-09 13:11 - 2017-07-14 05:46 - 000000000 ____D C:\Users\AIRWORX 2
2017-08-09 13:11 - 2015-07-13 07:14 - 000132824 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2017-08-09 11:55 - 2014-01-11 04:08 - 000180232 ____N C:\WINDOWS\Minidump\080917-30328-01.dmp
2017-08-09 11:52 - 2014-03-06 03:09 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-09 11:52 - 2014-03-06 03:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 11:36 - 2017-06-26 07:43 - 000002065 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2017-08-09 11:17 - 2017-02-16 07:37 - 000000000 ____D C:\Users\AIRWORX 2\.android
2017-08-09 10:34 - 2017-07-11 09:24 - 000000602 _____ C:\junk.txt
2017-08-09 02:26 - 2014-11-12 15:43 - 000099886 ____H C:\Users\AIRWORX 2\Desktop\.ppinfocache
2017-08-09 02:26 - 2014-11-12 15:43 - 000010568 ____H C:\Users\AIRWORX 2\Desktop\maxdesk.ini2
2017-08-09 02:26 - 2014-11-12 15:43 - 000008344 ____H C:\Users\AIRWORX 2\Desktop\PP11Thumbs.ptn2
2017-08-09 02:26 - 2014-11-12 15:33 - 007196349 ____H C:\Users\AIRWORX 2\Desktop\PP11Thumbs.ptn
2017-08-09 02:26 - 2014-03-12 15:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\.oit
2017-08-08 10:12 - 2014-03-12 15:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Nuance
2017-08-08 05:09 - 2017-07-11 13:45 - 000031995 _____ C:\VEW.txt
2017-08-07 12:27 - 2014-07-02 11:24 - 000002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-07 12:10 - 2017-07-12 06:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-07 09:22 - 2017-07-12 09:28 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-08-07 08:40 - 2013-10-14 16:36 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-08-07 08:34 - 2014-01-10 13:21 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Packages
2017-08-04 10:48 - 2017-07-11 04:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-08-04 10:48 - 2017-07-11 04:03 - 000000000 ____D C:\Program Files\RogueKiller
2017-08-04 10:43 - 2015-01-29 18:03 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\ElevatedDiagnostics
 
2017-08-04 03:20 - 2017-07-14 05:45 - 001401184 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-03 10:06 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-03 04:54 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-02 12:02 - 2017-03-18 04:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-08-02 10:02 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-08-02 10:02 - 2014-03-13 11:19 - 000000000 ____D C:\ProgramData\LogMeIn
2017-08-02 09:23 - 2015-06-05 11:23 - 000000000 ____D C:\Program Files (x86)\SetupLogs
2017-08-02 09:01 - 2015-04-20 17:06 - 000000000 __RDO C:\Users\AIRWORX 2\OneDrive
2017-08-02 09:01 - 2014-04-18 14:27 - 000000000 ____D C:\Program Files (x86)\ASAP Utilities
2017-08-02 08:07 - 2014-09-11 15:41 - 000000496 _____ C:\Users\AIRWORX 2\Desktop\ITSupport247 (3).website
2017-08-02 08:06 - 2015-01-07 12:51 - 000001552 _____ C:\Users\AIRWORX 2\Desktop\iexplore - Shortcut.lnk
2017-08-02 03:02 - 2017-07-07 09:56 - 017225690 _____ C:\Users\AIRWORX 2\Desktop\calls and txtsBook2.xlsx
2017-08-01 13:25 - 2014-01-11 04:08 - 000178568 ____N C:\WINDOWS\Minidump\080117-28453-01.dmp
2017-07-31 15:37 - 2014-01-21 15:23 - 000000000 ___RD C:\Users\AIRWORX 2\Google Drive
2017-07-31 15:16 - 2015-07-08 12:08 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Western Digital
2017-07-31 02:19 - 2015-11-12 07:03 - 000000000 ____D C:\Program Files\Common Files\AV
2017-07-31 02:17 - 2015-10-29 23:28 - 000000000 ____D C:\Users\Default.migrated
2017-07-28 12:54 - 2014-03-26 13:47 - 000007609 _____ C:\Users\AIRWORX 2\AppData\Local\resmon.resmoncfg
2017-07-28 02:14 - 2017-07-14 06:14 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-07-28 02:14 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-27 10:31 - 2012-07-25 22:26 - 000000222 _____ C:\WINDOWS\win.ini
2017-07-26 19:40 - 2015-01-29 16:07 - 000000519 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-07-26 09:41 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Registration
2017-07-26 07:02 - 2016-02-09 09:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxAct
2017-07-26 04:53 - 2014-05-15 13:29 - 000000000 ____D C:\Program Files (x86)\Brother
2017-07-26 04:50 - 2014-12-30 17:16 - 000000000 ____D C:\Program Files (x86)\AVIGenerator2.0
2017-07-26 04:50 - 2014-05-15 13:29 - 000000000 ____D C:\Program Files (x86)\ControlCenter4
2017-07-24 11:00 - 2017-02-20 09:27 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\VERIZON
2017-07-24 05:40 - 2014-10-29 11:50 - 000000000 ____D C:\Users\Public\Documents\CyberLink
2017-07-24 05:40 - 2013-10-14 16:40 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-07-24 05:39 - 2013-10-14 16:53 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2017-07-21 10:44 - 2014-06-19 09:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SurveillanceSystem
2017-07-20 04:56 - 2017-07-14 06:17 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-07-19 03:26 - 2014-06-19 09:37 - 000000000 ____D C:\Program Files (x86)\SurveillanceSystem
2017-07-18 22:47 - 2016-03-08 09:58 - 000000000 ____D C:\Users\AIRWORX 2\Documents\Outlook Files
2017-07-18 20:18 - 2015-07-30 12:30 - 000525312 _____ C:\Users\AIRWORX 2\Outlook.pst
2017-07-18 13:40 - 2014-09-04 12:53 - 000021516 ____H C:\Users\AIRWORX 2\Downloads\.ppinfocache
2017-07-18 13:27 - 2014-03-26 12:59 - 000042262 ____H C:\Users\AIRWORX 2\Documents\PP11Thumbs.ptn2
2017-07-18 04:26 - 2017-02-20 09:10 - 000001887 ____N C:\Users\AIRWORX 2\Desktop\Recuva.lnk
2017-07-18 04:25 - 2016-10-02 22:21 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\ConnectedDevicesPlatform
2017-07-18 03:55 - 2017-02-13 05:55 - 000565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-07-18 03:53 - 2017-07-14 05:36 - 000532544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-18 03:51 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-07-17 03:43 - 2016-04-19 19:11 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\Alarm Activity Formatted Download_files


==================== Files in the root of some directories =======

2015-04-01 09:26 - 2005-12-08 19:51 - 000000060 ____R () C:\Program Files (x86)\BRINST.INI
2017-04-14 06:58 - 2017-04-14 06:58 - 000000000 _____ () C:\Users\AIRWORX 2\AppData\Roaming\IVOPEN.$$$
2014-12-17 10:09 - 2014-12-17 10:10 - 000012962 _____ () C:\Users\AIRWORX 2\AppData\Roaming\Microsoft Excel 97-2003.CAL
2014-03-26 13:47 - 2017-07-28 12:54 - 000007609 _____ () C:\Users\AIRWORX 2\AppData\Local\resmon.resmoncfg
2015-12-09 12:34 - 2015-12-09 12:34 - 000000145 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2014-03-24 15:02 - 2014-10-23 13:06 - 000000226 _____ () C:\ProgramData\RSUserCfg.ini

Files to move or delete:
====================
C:\Users\AIRWORX 2\ASAP_Utilities_5-2-1_HS_Setup.exe
C:\Users\AIRWORX 2\WDMyCloud_win.exe


Some files in TEMP:
====================
2017-08-01 04:48 - 2017-07-14 06:30 - 001930320 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\dllnt_dump.dll
2017-08-07 13:39 - 2017-08-07 13:49 - 001503232 _____ () C:\Users\AIRWORX 2\AppData\Local\Temp\libmysqlinstanceconf.dll
2013-10-05 01:38 - 2013-10-05 01:38 - 000455328 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\msvcp120.dll
2013-10-05 01:38 - 2013-10-05 01:38 - 000970912 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\msvcr120.dll
2016-07-30 17:08 - 2016-07-30 17:08 - 003112960 _____ (Jason York) C:\Users\AIRWORX 2\AppData\Local\Temp\pc-decrapifier.exe
2017-07-28 02:28 - 2017-07-28 02:28 - 000510752 _____ (Acronis) C:\Users\AIRWORX 2\AppData\Local\Temp\setupapp_amd64.exe
2017-07-28 02:28 - 2017-07-28 02:28 - 000540432 _____ () C:\Users\AIRWORX 2\AppData\Local\Temp\setupnt64.dll
2017-07-26 04:50 - 2006-05-24 10:10 - 000455600 _____ (Macrovision Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\_isC014.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe
[2017-07-14 06:30] - [2017-07-14 06:30] - 000706560 _____ (Microsoft Corporation) 31E3287EF6D97C5864A301CEA75BBBA1

C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\SysWOW64\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2017-07-14 06:22] - [2017-07-14 06:22] - 001085440 _____ (Microsoft Corporation) 0E79A4C76CAAA0CFE9CA42C13E5AA086

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-07 04:17

==================== End of FRST.txt ============================
 
I will paste this, if you want it that way, I thought might be easier to review in one post? Sorry in advance if I'm incorrect. :eek:)
 

Attachments

  • Addition.txt
    55.5 KB · Views: 2
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
Ran by AIRWORX 2 (15-08-2017 05:03:40)
Running from C:\Users\AIRWORX 2\Desktop
Windows 10 Home Version 1703 (X64) (2017-07-14 13:25:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2671885098-678752524-1400920573-500 - Administrator - Disabled) => C:\Users\Administrator
AIRWORX 2 (S-1-5-21-2671885098-678752524-1400920573-1001 - Administrator - Enabled) => C:\Users\AIRWORX 2
DefaultAccount (S-1-5-21-2671885098-678752524-1400920573-503 - Limited - Disabled)
Guest (S-1-5-21-2671885098-678752524-1400920573-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Photoshop Elements 4.0 (HKLM-x32\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.)
Adobe Reader XI (11.0.21) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.21 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{05E5AD66-7CD0-4719-A229-0D3A7A5240D2}) (Version: 20.22.2217.13862 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.22.2217.13862 - Alcor Micro Corp.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{40959651-122E-1A16-9011-40629C01703F}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ASAP Utilities (HKLM-x32\...\ASAP Utilities_is1) (Version: 7.1 - Bastien Mensink - A Must in Every Office BV)
Broderbund Family Lawyer (HKLM-x32\...\{ED95E1BA-8C35-4D78-8A20-FD5A728711E2}) (Version: 1.00.0000 - Bluecase) Hidden
Broderbund Family Lawyer (HKLM-x32\...\InstallShield_{ED95E1BA-8C35-4D78-8A20-FD5A728711E2}) (Version: 1.00.0000 - Bluecase)
Cloud Drive (HKLM-x32\...\{F40EC703-6B64-4C2D-80BC-5ED2D8295C04}) (Version: 5.1.30.18 - Cox Secure Online Backup for Windows)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
Drag and Drop Backup (HKLM-x32\...\{480EA68A-699D-450D-9869-2216AC49D23C}) (Version: 2.1.33 - Cox)
Dropbox (HKLM-x32\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
EMET 5.52 (HKLM-x32\...\{BC26560D-1FC4-4DD5-8756-7E0606A79AE3}) (Version: 5.52 - Microsoft Corporation)
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Escaperoom Software (HKLM-x32\...\{7BAA7E0D-9B92-4FE7-AEC8-F11EAE801922}) (Version: 3.1.0.0 - Escaperoom Software)
ESET Smart Security (HKLM\...\{2B587448-4CE3-4196-A237-A425E557F052}) (Version: 10.1.204.0 - ESET, spol. s r.o.)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.19.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.7.27.15 - HP)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MySQL Connector/ODBC 5.1 (HKLM-x32\...\{38CDEC3E-ABC4-4EB8-BE3B-2181A97813AE}) (Version: 5.1.12 - Oracle Corporation)
MySQL Server 5.0 (HKLM-x32\...\{97EFE060-CE35-4709-9B3A-5D3C8F686FED}) (Version: 5.0.90 - MySQL AB)
Nuance PaperPort 14 (HKLM-x32\...\{14CB3B82-FBDC-4462-919E-86147983F09B}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM\...\{AAA715B7-02F9-4F2D-92C9-80EC63835AA1}) (Version: 7.10.6408 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM-x32\...\{AAA715B7-02F9-4F2D-92C9-80EC63835AA1}) (Version: 7.10.6408 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{FC984E39-43D0-4AB2-ACC7-A7B87977B009}) (Version: 7.20.3274 - Nuance Communications, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Rock Gym Pro (HKLM-x32\...\{827570FB-0E88-444C-ADBC-9E799571E292}) (Version: 1.1.21247 - RGP Development LLC)
RogueKiller version 12.11.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.9.0 - Adlice Software)
Scansoft PDF Create (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version: - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shutterfly Uploader (HKLM-x32\...\{CD928A00-1C70-4353-B9B9-7BC8600F3E43}) (Version: 2.9.0.737 - Shutterfly, Inc.)
SyncFileSetup (x86) (HKLM-x32\...\{04848A0A-02B1-4703-B15D-6E7DCF95FB84}) (Version: 1.3.5949.26210 - Western Digital Technologies, Inc) Hidden
TaxAct 2016 1040 Edition (HKLM-x32\...\TaxAct 2016 1040 Edition) (Version: 1.03 - TaxAct, Inc.)
WD Sync (HKLM-x32\...\{0d591303-bbc5-4645-a03b-1c3f75f1a762}) (Version: 1.3.5949.26210 - Western Digital Technologies, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
WorkForce GT-1500 Scanner Driver Update (HKLM-x32\...\{37D0F29D-AB95-4598-ACF0-D3CC38C161D9}) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2671885098-678752524-1400920573-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-2671885098-678752524-1400920573-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2671885098-678752524-1400920573-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncApi64.dll => No File
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-08-09] (ESET)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers1: [WDSyncContextMenuHandler] -> {5A51BDCB-F8C2-4698-B79C-A77DF0AA466B} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [Zeon.MFCDirectShellExt] -> {353C642C-F13D-4699-9FF2-EFAF490B6C69} => C:\Program Files (x86)\Nuance\PDFCreate\bin\DirectShellExt.dll [2010-07-16] (Zeon International Investment Corp. )
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-08-09] (ESET)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-08-09] (ESET)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [WDSyncContextMenuHandler] -> {5A51BDCB-F8C2-4698-B79C-A77DF0AA466B} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005B78DE-9ECF-4C1D-85D3-6330FE864BA6} - System32\Tasks\GoogleUpdateTaskMachineCore1d040ece2e11a19 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {0129A265-6C44-46AC-AA19-4D63B43D8AE8} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {073958F3-8E5F-4CF7-8625-ABD15377481E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {264F49CB-3415-488D-B8DA-9F6F8BE48331} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {2EE58945-C40B-43A8-A167-173E412D9D98} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf681e553bf8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37C32B19-9630-4A28-9E5A-8EA8CD06CFA2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-24] (Dropbox, Inc.)
Task: {3BBEDA70-02DB-4E54-B6A5-E773003872B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {46064571-564C-4D46-9842-A167DDF1D942} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f601e825b6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {4FD0925E-6E79-4BC0-A382-3D5CCA5C36B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-06-28] (HP Inc.)
Task: {5DB34D0B-4B82-47F6-B06D-2D195446A83A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {7A8C073B-9921-4385-A061-FF8B5410A453} - System32\Tasks\{39393239-4118-43A9-9EF4-579F68CFC882} => C:\WINDOWS\system32\pcalua.exe -a C:\PROGRA~2\SAAZOD\Uninstall\uninstall.exe -c "/U:C:\PROGRA~2\SAAZOD\Uninstall\uninstall.xml"
Task: {8258540A-E194-4B1C-A446-B100E53A7B7B} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {8A6CE6D2-BAFF-47BD-B636-5632FA76D78E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {8EE60D19-E484-4EC5-87B6-BEB1AE19CF50} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8dc0ce6bb10d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {8F630B83-069D-434E-B4C4-59AD3C10A507} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-airworx@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {916845C6-0741-433C-AC62-C4B3A5F302DB} - System32\Tasks\S-1-5-21-2671885098-678752524-1400920573-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
Task: {ACE8B2E6-FDA5-4314-A2D5-4B96CC439AEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {B0F52980-9E9F-4BE0-971E-08686D2B7726} - System32\Tasks\HPCeeScheduleForAIRWORX 2 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B9FA1D84-F00D-445B-8400-F7C7E90DD53E} - System32\Tasks\RGP Backup => C:\Program Files (x86)\Rock Gym Pro\Backup.exe [2017-06-04] ()
Task: {E622463C-A190-4A30-A528-A6EF1AACE5FC} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-24] (Dropbox, Inc.)
Task: {E6505B7C-6B08-451F-A300-AF1087B421C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {FD8EB85B-000D-4D3B-861F-700C79FA8A4B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d76736477ba15566\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 10"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\600fb694c0849943\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 9"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Brandi - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4"

==================== Loaded Modules (Whitelisted) ==============

2005-09-09 03:24 - 2005-09-09 03:24 - 000102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
2015-11-04 16:43 - 2015-11-04 16:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 13:59 - 2017-03-18 19:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-03 22:39 - 2017-08-03 22:39 - 000019968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-08-03 22:39 - 2017-08-03 22:39 - 028986880 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-08-03 22:39 - 2017-08-03 22:39 - 000428032 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-08-03 22:39 - 2017-08-03 22:39 - 020510208 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-08-03 22:39 - 2017-08-03 22:39 - 002339328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-08-03 22:39 - 2017-08-03 22:39 - 003041792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-06-08 02:07 - 2017-06-08 02:07 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-14 12:21 - 2017-06-14 12:22 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-08-03 22:39 - 2017-08-03 22:39 - 001361920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-07-22 02:52 - 2017-07-22 02:52 - 004323328 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1862.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-07-14 04:41 - 2017-07-14 04:47 - 003500456 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1862.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-08 02:07 - 2017-06-08 02:07 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-25 02:11 - 2017-07-25 02:11 - 010631168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-07-25 02:11 - 2017-07-25 02:11 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-08-07 12:27 - 2017-08-02 00:39 - 002692952 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\swiftshader\libglesv2.dll
2017-08-07 12:27 - 2017-08-02 00:39 - 000137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\swiftshader\libegl.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 040622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2017-07-13 13:47 - 2017-07-12 12:58 - 000746816 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-07-13 13:47 - 2017-07-12 12:58 - 001787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2015-12-11 01:07 - 2017-07-12 12:58 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-11 01:07 - 2017-07-12 13:01 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000020432 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-11 01:07 - 2017-07-12 12:58 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-06 10:17 - 2017-07-12 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-07-13 13:47 - 2017-07-12 12:58 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-11 01:07 - 2017-07-12 13:01 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-06 10:17 - 2017-07-12 13:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-05-17 12:53 - 2017-07-12 13:01 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2015-12-11 01:07 - 2017-07-12 13:01 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 003928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 001826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 001972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-24 11:41 - 2017-07-12 13:01 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-04-15 15:18 - 2017-07-12 13:01 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-02-25 12:07 - 2017-07-12 13:01 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-07-13 13:47 - 2017-07-12 12:59 - 000033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-07-13 13:47 - 2017-07-12 12:59 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-28 16:09 - 2017-07-12 13:01 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-07-13 13:47 - 2017-07-12 12:59 - 001637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-08-06 10:17 - 2017-07-12 13:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-07 11:59 - 2017-07-12 13:01 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-10-19 12:08 - 2017-07-12 12:58 - 000697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81613965.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81613965.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Control Panel\Desktop\\Wallpaper -> c:\users\airworx 2\appdata\local\microsoft\windows\themes\transcodedwallpaper
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: CDPUserSvc_492c3 => 2
MSCONFIG\Services: CDPUserSvc_5d4d8 => 2
MSCONFIG\Services: MessagingService_492c3 => 3
MSCONFIG\Services: MessagingService_5d4d8 => 3
MSCONFIG\Services: OneSyncSvc_492c3 => 2
MSCONFIG\Services: OneSyncSvc_5d4d8 => 2
HKLM\...\StartupApproved\StartupFolder: => "BackupRemind.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Cox Cloud Drive.lnk"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "BeatsOSDApp"
HKLM\...\StartupApproved\Run: => "Lathem.USBTM.UI"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "PPort14reminder"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PDFCreHook"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "Adobe Photo Downloader"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "DiscWizardMonitor.exe"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Vault Explorer Cache Watcher"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\StartupFolder: => "Verizon Wireless Software Utility Application for Android – Samsung.lnk"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\Run: => "SmartSwitchPDLR.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{4E0064DA-7DC1-46E8-A80F-30CBA40D4B4B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{FB9DD912-3695-46A5-AB95-70BCD176799A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{AAE31264-8CE8-4629-B563-610EEF1CD042}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-08-2017 13:20:48 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2017 04:52:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: AIRWORX2-PC)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

Error: (08/15/2017 04:30:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program notepad.exe version 10.0.15063.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 840

Start Time: 01d315b9e3838f78

Termination Time: 15

Application Path: C:\Windows\System32\notepad.exe

Report Id: b7c2ddac-604b-4805-b615-17a27ff07180

Faulting package full name:

Faulting package-relative application ID:

Error: (08/15/2017 03:20:11 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nuance\PaperPort\CheckPPFolders.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.

Error: (08/14/2017 04:29:30 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (08/14/2017 09:05:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotoshopElementsEditor.exe, version: 4.0.0.0, time stamp: 0x43215edf
Faulting module name: xmlparse.dll, version: 1.0.0.1, time stamp: 0x42d391ed
Exception code: 0xc0000005
Fault offset: 0x00016001
Faulting process id: 0x1e18
Faulting application start time: 0x01d315171e94f570
Faulting application path: C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsEditor.exe
Faulting module path: C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\browser\xmlparse.dll
Report Id: ceff9486-6d30-451b-9bc3-7abfaf5868aa
Faulting package full name:
Faulting package-relative application ID:

Error: (08/14/2017 09:05:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PhotoshopElementsEditor.exe, version: 4.0.0.0, time stamp: 0x43215edf
Faulting module name: xmlparse.dll, version: 1.0.0.1, time stamp: 0x42d391ed
Exception code: 0xc0000005
Fault offset: 0x00016001
Faulting process id: 0x1e18
Faulting application start time: 0x01d315171e94f570
Faulting application path: C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsEditor.exe
Faulting module path: C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\browser\xmlparse.dll
Report Id: ca50533d-b18e-4280-9683-0be32156d58e
Faulting package full name:
Faulting package-relative application ID:

Error: (08/14/2017 06:29:34 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (08/14/2017 03:45:15 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nuance\PaperPort\CheckPPFolders.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.

Error: (08/14/2017 03:35:02 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting


For more information, see Help and Support Center at http://www.mysql.com.

Error: (08/14/2017 03:35:02 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Default storage engine (InnoDB) is not available

For more information, see Help and Support Center at http://www.mysql.com.


System errors:
=============
Error: (08/15/2017 04:26:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: 2017-08 Security Update for Adobe Flash Player for Windows 10 Version 1703 for x64-based Systems (KB4034662).

Error: (08/15/2017 02:30:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows (KB4034674).

Error: (08/15/2017 02:16:55 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: 2017-08 Security Update for Adobe Flash Player for Windows 10 Version 1703 for x64-based Systems (KB4034662).

Error: (08/14/2017 07:54:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/14/2017 07:54:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/14/2017 07:54:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/14/2017 07:54:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/14/2017 07:54:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/14/2017 07:54:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/14/2017 07:53:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================
Date: 2017-08-14 12:53:49.830
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod74BB.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-14 12:53:48.746
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod74BB.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-14 12:53:47.702
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod74BB.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-14 12:53:46.615
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod74BB.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-14 12:53:45.531
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod74BB.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-14 12:53:44.500
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod74BB.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-14 12:53:42.796
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod4D74.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-14 12:53:41.699
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod4D74.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-14 12:53:40.627
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod4D74.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-08-14 12:53:39.502
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\ESET\ESET Security\updfiles\base_nonnups\nod4D74.dll.nup.raw because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A8-6500 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 48%
Total physical RAM: 7365.48 MB
Available physical RAM: 3814.66 MB
Total Virtual: 7765.48 MB
Available Virtual: 3435.6 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1842.47 GB) (Free:1725.49 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.63 GB) (Free:2.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Aug 03 2017) (CDROM) (Total:4.38 GB) (Free:3.57 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 8834CD72)

Partition: GPT.

==================== End of Addition.txt ============================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
First log, in list...

RogueKiller V12.11.10.0 (x64) [Aug 14 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : AIRWORX 2 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 08/17/2017 05:57:53 (Duration : 00:47:51)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2671885098-678752524-1400920573-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2671885098-678752524-1400920573-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[File.Forged][File] C:\Windows\System32\drivers\ks.sys -> Replaced at reboot ( @src C:\Users\AIRWORX 2\AppData\Local\Temp\snack\ks.sys)
[File.Forged][File] C:\Windows\System32\drivers\nwifi.sys -> Replaced at reboot ( @src C:\Users\AIRWORX 2\AppData\Local\Temp\snack\nwifi.sys)

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Profile 10 [SecurePrefs] : session.startup_urls [https://www.bleepingcomputer.com/fo...s.google.com/forum/#!topic/chrome/KobCsRA5DC4] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM001-1CH164 +++++
--- User ---
[MBR] f86f4a6d732d5d11731309772e1fbe7f
[BSP] 2bf3dd60e501e1f0f760c942b8d1b006 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1023 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2097152 | Size: 360 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2834432 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 3096576 | Size: 1886686 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 3867029504 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 3867951104 | Size: 19076 MB
User = LL1 ... OK
User = LL2 ... OK
 
Yes, sorry, it's becoming almost impossible to even have a browser opened. A while ago, I noticed that what ever this is, has made reg edits to the mwb that I formerly had installed, so I uninstalled and reinstalled it today, but no luck.

The odd thing to me is the Windows 8, as I have 10, but as I'd mentioned, this has completely rewritten my OS and has been met with some hesitation from my firewall, which it's definitely got a pretty good grasp on that too, again. Cannot update windows at all, not os updates,security updates, defender, etc..

Malwarebytes Anti-Rootkit BETA 1.9.4.1001
www.malwarebytes.org

Database version:
main: v2017.08.17.08
rootkit: v2017.08.02.01

Windows 8 x64 NTFS
Internet Explorer 11.483.15063.0
AIRWORX 2 :: AIRWORX2-PC [administrator]

8/17/2017 1:22:36 PM
mbar-log-2017-08-17 (13-22-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 357
Time elapsed: 35 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 11.483.15063.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.493000 GHz
Memory total: 7723261952, free: 5058174976

Downloaded database version: v2017.08.11.07
Downloaded database version: v2017.08.02.01
Downloaded database version: v2017.08.11.01
Initializing...
======================
Driver version: 0.3.0.4
------------ Kernel report ------------
08/11/2017 12:23:10
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\vsflt53.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\drivers\timntr.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\system32\DRIVERS\edevmon.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\??\C:\Program Files\ESET\ESET Smart Security\em000k_64\1012\em000k_64.dll
\??\C:\Program Files\ESET\ESET Smart Security\em006_64\1165\em006_64.dll
\??\C:\Program Files\ESET\ESET Smart Security\em018k_64\1502\em018k_64.dll
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\epfw.sys
\??\C:\Program Files\ESET\ESET Smart Security\em008k_64\1489\em008k_64.dll
\??\C:\Program Files\ESET\ESET Smart Security\em042_64\1947\em042_64.dll
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\epfwwfp.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\WINDOWS\system32\drivers\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\vididr.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys
\SystemRoot\System32\drivers\msiscsi.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\L1C63x64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\Drivers\RtsUer.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\drivers\vwifimp.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\mmcss.sys
\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\drivers\Ndu.sys
\??\C:\WINDOWS\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
 
----------- End -----------
Scan Interrupted
Done!

Scan started
Database versions:
main: v2017.08.14.07
rootkit: v2017.08.02.01

Scan was aborted.
=======================================

Scan started
Database versions:
main: v2017.08.14.07
rootkit: v2017.08.02.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffaf0ab1dce060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffaf0ab1dceb00, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffaf0ab1dced30, DeviceName: \Device\00000029\, DriverName: \Driver\edevmon\
DevicePointer: 0xffffaf0ab1dd09f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffaf0ab1dce060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffaf0ab025e340, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffaf0ab11b8060, DeviceName: \Device\00000027\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\00000029\, DriverName: \Driver\edevmon\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 8834CD72

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3658510603
GPT Header CurrentLba = 1 BackupLba 3907029167
GPT Header FirstUsableLba 34 LastUsableLba 3907029134
GPT Header Guid dc610215-160f-41d2-902c-f31d24fe712
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3658510603
Backup GPT header CurrentLba = 3907029167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 3907029134
Backup GPT header Guid dc610215-160f-41d2-902c-f31d24fe712
Backup GPT header Contains 128 partition entries starting at LBA 3907029135
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 53ed1ed7-7de8-48c6-9b91-9a1d4e6ca156
FirstLBA 2048 Last LBA 2097151
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 43b3353f-31be-457e-aa3b-d088a2b5a831
FirstLBA 2097152 Last LBA 2834431
Attributes 0
Partition Name EFI system partition

GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID dd91fbcc-65eb-4285-a443-2fac6c18fd62
FirstLBA 2834432 Last LBA 3096575
Attributes 0
Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 4ba8056a-8eac-4884-b49a-bc47691f6311
FirstLBA 3096576 Last LBA 3867029503
Attributes 0
Partition Name Basic data partition

Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 68312dcc-5207-4a34-91f1-54a2f466167a
FirstLBA 3867029504 Last LBA 3867951103
Attributes 1
Partition Name

Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 128c5fd3-3e75-4eee-84e9-c146634454d7
FirstLBA 3867951104 Last LBA 3907018751
Attributes 1
Partition Name Basic data partition

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffaf0ab1b0d610, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffaf0ab6b41520, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffaf0ab3548490, DeviceName: \Device\00000059\, DriverName: \Driver\edevmon\
DevicePointer: 0xffffaf0aba381040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffaf0ab1b0d610, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffaf0ab4aa1a90, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffaf0ab1a10670, DeviceName: \Device\00000058\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\00000059\, DriverName: \Driver\edevmon\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B8CF1895

Partition information:

Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 32 Numsec = 31266784
Partition is not bootable
Partition file system is FAT32

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Disk Size: 16008609792 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msIso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msIso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drprov.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntlanman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\davclnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\davhlpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERMGRCLI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdmaud.drv" is sparse (flags = 32768)
File "C:\Windows\System32\avrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ksuser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.drv" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\midimap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STATEREPOSITORY.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STATEREPOSITORY.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msi.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9279_none_50939ec6bcb7c97c\msvcr90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hid.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\logoncli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\odbc32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
 
File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.15063.483_none_9e9856e456d5e776\GdiPlus.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SECURITYHEALTHSERVICE.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\mstask.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MSASCuiL.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MSASCuiL.exe" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\security.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntdsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemdisp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wmiutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NapiNSP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpnsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winrnr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\ImmersiveControlPanel\SYSTEMSETTINGS.EXE" is sparse (flags = 32768)
File "C:\Windows\ImmersiveControlPanel\SYSTEMSETTINGS.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\WWAHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\Taskmgr.exe" is sparse (flags = 32768)
File "C:\Windows\regedit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\notepad.exe" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\wab.exe" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cldflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\registry.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPATIALGRAPHFILTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HdAudio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HdAudio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tunnel.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\Spectrum.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NATURALAUTH.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NATURALAUTH.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXGIPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXGIPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESFLOWBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESFLOWBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dusmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
 
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\xbgmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPXLATCFG.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPXLATCFG.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\irmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lpasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEMgrSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\iisw3adm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TOKENBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\w3logsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WFDSCONMGRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
File "C:\Users\AIRWORX 2\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
File "C:\ProgramData\Microsoft\Network\Downloader\qmgr.db" is sparse (flags = 32768)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-7F0D7899C969CEC0AA4EFA5FD98720FF33A52929.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-7F0D7899C969CEC0AA4EFA5FD98720FF33A52929.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-7F0D7899C969CEC0AA4EFA5FD98720FF33A52929.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-7F0D7899C969CEC0AA4EFA5FD98720FF33A52929.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-7F0D7899C969CEC0AA4EFA5FD98720FF33A52929.bin.83" is compressed (flags = 1)
Scan finished
=======================================
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-32-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.4.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 11.483.15063.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.493000 GHz
Memory total: 7723261952, free: 5001994240

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.4.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 11.483.15063.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.493000 GHz
Memory total: 7723261952, free: 5159452672

Downloaded database version: v2017.08.17.08
Initializing...
======================
Driver version: 0.3.0.4
------------ Kernel report ------------
08/17/2017 13:22:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\vsflt53.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\drivers\timntr.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\system32\DRIVERS\edevmon.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\??\C:\Program Files\ESET\ESET Smart Security\em000k_64\1012\em000k_64.dll
\??\C:\Program Files\ESET\ESET Smart Security\em006_64\1165\em006_64.dll
\??\C:\Program Files\ESET\ESET Smart Security\em018k_64\1502\em018k_64.dll
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\epfw.sys
\??\C:\Program Files\ESET\ESET Smart Security\em008k_64\1489\em008k_64.dll
\??\C:\Program Files\ESET\ESET Smart Security\em042_64\1957\em042_64.dll
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\epfwwfp.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\vididr.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys
\SystemRoot\System32\drivers\msiscsi.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\L1C63x64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\BrUsbSer.sys
\SystemRoot\system32\DRIVERS\BrSerId.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\Drivers\RtsUer.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\vwifimp.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\Ndu.sys
\??\C:\WINDOWS\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\System32\drivers\asyncmac.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
main: v2017.08.17.08
rootkit: v2017.08.02.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffd604c70eb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffd604c7015c20, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffd604c70ebc50, DeviceName: \Device\00000029\, DriverName: \Driver\edevmon\
DevicePointer: 0xffffd604c70ed9f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffd604c70eb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffd604c7015e30, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffd604c6f25060, DeviceName: \Device\00000027\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\00000029\, DriverName: \Driver\edevmon\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 8834CD72
 
GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3658510603
GPT Header CurrentLba = 1 BackupLba 3907029167
GPT Header FirstUsableLba 34 LastUsableLba 3907029134
GPT Header Guid dc610215-160f-41d2-902c-f31d24fe712
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3658510603
Backup GPT header CurrentLba = 3907029167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 3907029134
Backup GPT header Guid dc610215-160f-41d2-902c-f31d24fe712
Backup GPT header Contains 128 partition entries starting at LBA 3907029135
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 53ed1ed7-7de8-48c6-9b91-9a1d4e6ca156
FirstLBA 2048 Last LBA 2097151
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 43b3353f-31be-457e-aa3b-d088a2b5a831
FirstLBA 2097152 Last LBA 2834431
Attributes 0
Partition Name EFI system partition

GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID dd91fbcc-65eb-4285-a443-2fac6c18fd62
FirstLBA 2834432 Last LBA 3096575
Attributes 0
Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 4ba8056a-8eac-4884-b49a-bc47691f6311
FirstLBA 3096576 Last LBA 3867029503
Attributes 0
Partition Name Basic data partition

Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 68312dcc-5207-4a34-91f1-54a2f466167a
FirstLBA 3867029504 Last LBA 3867951103
Attributes 1
Partition Name

Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 128c5fd3-3e75-4eee-84e9-c146634454d7
FirstLBA 3867951104 Last LBA 3907018751
Attributes 1
Partition Name Basic data partition

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.15063.413_none_55bc94a37c2a2854\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msIso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msIso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drprov.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntlanman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\davclnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\davhlpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERMGRCLI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STATEREPOSITORY.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STATEREPOSITORY.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msi.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9279_none_50939ec6bcb7c97c\msvcr90.dll" is sparse (flags = 32768)
Scan Interrupted
File "C:\Windows\System32\hid.dll" is sparse (flags = 32768)
Scan was aborted.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
Sorry, I just found this report too, still says windows 8?

I really appreciate your help by the way, I've read many posts of those you've helped, and I was super happy when I saw your name pop up, as who would help!!! :eek:) Thanks for your time, help and advise.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/17/17
Scan Time: 1:41 PM
Log File: mwb.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2608
License: Free

-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: AIRWORX2-PC\AIRWORX 2

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 506702
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 22 min, 29 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 
# AdwCleaner 7.0.1.0 - Logfile created on Fri Aug 18 04:11:38 2017
# Updated on 2017/05/08 by Malwarebytes
# Database: 08-17-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C01].txt - [1761 B] - [2017/8/14 9:20:24]
C:/AdwCleaner/AdwCleaner[C0].txt - [1761 B] - [2017/8/11 18:46:54]
C:/AdwCleaner/AdwCleaner[C2].txt - [1334 B] - [2017/8/14 9:21:36]
C:/AdwCleaner/AdwCleaner[S0].txt - [1676 B] - [2017/8/11 17:27:10]
C:/AdwCleaner/AdwCleaner[S1].txt - [1081 B] - [2017/8/12 3:7:34]


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by AIRWORX 2 (Administrator) on Thu 08/17/2017 at 21:16:47.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/17/2017 at 21:19:02.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Status
Not open for further replies.

Latest posts

Back