--------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.523.17134.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.495000 GHz Memory total: 4161232896, free: 1678159872 Downloaded database version: v2019.02.10.05 Downloaded database version: v2019.02.10.05 Downloaded database version: v2018.01.20.01 ======================================= Initializing... Driver version: 4.3.0.15 ------------ Kernel report ------------ 02/10/2019 20:56:21 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlmp.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\WppRecorder.sys \SystemRoot\system32\drivers\SleepStudyHelper.sys \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\system32\drivers\SgrmAgent.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\tpm.sys \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\storahci.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\drivers\wd\WdFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\system32\DRIVERS\amdpsp.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\vmbkmclr.sys \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afunix.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\gpuenergydrv.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\bam.sys \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys \SystemRoot\system32\DRIVERS\ahcache.sys \??\C:\WINDOWS\4A0E9D8CD472.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\System32\drivers\CAD.sys \SystemRoot\System32\DriverStore\FileRepository\c0312445.inf_amd64_162b22a7d7229709\atikmpag.sys \SystemRoot\System32\DriverStore\FileRepository\c0312445.inf_amd64_162b22a7d7229709\atikmdag.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\portcls.sys \SystemRoot\System32\drivers\drmk.sys \SystemRoot\System32\drivers\athw10x.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\rt640x64.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\System32\drivers\AsusTP.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\CmBatt.sys \SystemRoot\System32\drivers\BATTC.SYS \SystemRoot\System32\drivers\amdppm.sys \SystemRoot\System32\drivers\amdgpio2.sys \SystemRoot\System32\Drivers\msgpioclx.sys \SystemRoot\System32\drivers\amduart.sys \SystemRoot\system32\drivers\SerCx2.sys \SystemRoot\System32\drivers\amdi2c.sys \SystemRoot\system32\drivers\SpbCx.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\AsRadioControl.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\drivers\UEFI.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\system32\DRIVERS\AiCharger.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\drivers\AtihdWT6.sys \SystemRoot\system32\drivers\CHDRT64.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_storahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\system32\DRIVERS\btfilter.sys \SystemRoot\System32\drivers\BTHUSB.sys \SystemRoot\System32\drivers\bthport.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys \SystemRoot\System32\drivers\rfcomm.sys \SystemRoot\System32\drivers\BthEnum.sys \SystemRoot\System32\drivers\bthpan.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\system32\drivers\cldflt.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\ndisuio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\drivers\vwifimp.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\drivers\rassstp.sys \SystemRoot\System32\DRIVERS\NDProxy.sys \SystemRoot\System32\drivers\AgileVpn.sys \SystemRoot\System32\drivers\rasl2tp.sys \SystemRoot\System32\drivers\raspptp.sys \SystemRoot\System32\DRIVERS\raspppoe.sys \SystemRoot\System32\DRIVERS\ndistapi.sys \SystemRoot\System32\drivers\ndiswan.sys \SystemRoot\System32\Drivers\mbamswissarmy.sys \SystemRoot\System32\drivers\condrv.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\2214659D.sys ----------- End ----------- Done! Scan started Database versions: main: v2019.02.10.05 rootkit: v2019.02.10.05 <<<2>>> Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffff880e0fa8e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffff880e0f96a9d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff880e0fa8e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffff880e0f7cf060, DeviceName: \Device\00000037\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffff880e0fa8f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffff880e0f96b9d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff880e0fa8f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffff880e0f7d3060, DeviceName: \Device\00000036\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 0 Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: BB026784 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1792050791 GPT Header CurrentLba = 1 BackupLba 1953525167 GPT Header FirstUsableLba 34 LastUsableLba 1953525134 GPT Header Guid d8366eeb-2f8a-4f3a-bde7-6eb44445dd3b GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1792050791 Backup GPT header CurrentLba = 1953525167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134 Backup GPT header Guid d8366eeb-2f8a-4f3a-bde7-6eb44445dd3b Backup GPT header Contains 128 partition entries starting at LBA 1953525135 Backup GPT header Partition entry size = 128 Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID ef0baee7-9e84-4379-89be-5a8ce793c1af FirstLBA 2048 Last LBA 1953523711 Attributes 0 Partition Name Basic data partition Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Drive 1 This is a System drive Scanning MBR on drive 1... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: ACD0DA97 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 768891522 GPT Header CurrentLba = 1 BackupLba 250069679 GPT Header FirstUsableLba 34 LastUsableLba 250069646 GPT Header Guid 9a48cd8f-1d83-4fae-9f3b-f1db55d45f75 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 768891522 Backup GPT header CurrentLba = 250069679 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 250069646 Backup GPT header Guid 9a48cd8f-1d83-4fae-9f3b-f1db55d45f75 Backup GPT header Contains 128 partition entries starting at LBA 250069647 Backup GPT header Partition entry size = 128 Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID 64e48baf-9c0d-4e77-93ee-34323fc7c188 FirstLBA 2048 Last LBA 534527 Attributes 0 Partition Name EFI system partition GPT Partition 0 is bootable Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID c381173e-37ca-4295-a5a5-a87fc123df93 FirstLBA 534528 Last LBA 567295 Attributes 0 Partition Name Microsoft reserved partition Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 1bb025d6-23df-488a-b53e-5a2237fc255 FirstLBA 567296 Last LBA 248430591 Attributes 0 Partition Name Basic data partition Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID f618e903-fb2-49aa-956a-ca8dacecef38 FirstLBA 248430592 Last LBA 250068991 Attributes 1 Partition Name Basic data partition Disk Size: 128035676160 bytes Sector size: 512 bytes Done! File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\user32.dll" is sparse (flags = 32768) File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768) File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768) File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768) File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768) File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768) File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768) File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768) File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768) File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768) File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768) File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768) File "C:\Windows\System32\combase.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768) File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768) File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768) File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768) File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768) File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768) File "C:\Windows\System32\version.dll" is sparse (flags = 32768) File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768) File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768) File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768) File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768) File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768) File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768) File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768) File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.523_none_40fda94a45138881\comctl32.dll" is sparse (flags = 32768) File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768) File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768) File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768) File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768) File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768) File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768) File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768) File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768) File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768) File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768) File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768) File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768) File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768) File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768) File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768) File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768) File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768) File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768) File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768) File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768) File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768) File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768) File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768) File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768) File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768) File "C:\Windows\System32\smss.exe" is sparse (flags = 32768) File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768) File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768) File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768) File "C:\Windows\System32\services.exe" is sparse (flags = 32768) File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768) File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768) File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768) File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768) File "C:\Windows\System32\hid.dll" is sparse (flags = 32768) File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768) File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768) File "C:\Windows\System32\avrt.dll" is sparse (flags = 32768) File "C:\Windows\System32\SECURITYHEALTHSERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.523_none_73d8c7959f75cd2a\GdiPlus.dll" is sparse (flags = 32768) File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.523_none_42edd4b044e3535c\comctl32.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768) File "C:\Windows\explorer.exe" is sparse (flags = 32768) File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768) File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768) File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768) File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768) File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768) File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\rmclient.dll" is sparse (flags = 32768) File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\APPRESOLVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\slc.dll" is sparse (flags = 32768) File "C:\Windows\System32\BCP47LANGS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\sppc.dll" is sparse (flags = 32768) File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\dui70.dll" is sparse (flags = 32768) File "C:\Windows\System32\duser.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.GLOBALIZATION.DLL" is sparse (flags = 32768) File "C:\Windows\System32\BCP47mrm.dll" is sparse (flags = 32768) File "C:\Windows\System32\xmllite.dll" is sparse (flags = 32768) File "C:\Windows\System32\STRUCTUREDQUERY.DLL" is sparse (flags = 32768) File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ntlanman.dll" is sparse (flags = 32768) File "C:\Windows\System32\davhlpr.dll" is sparse (flags = 32768) File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768) File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768) File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768) File "C:\Windows\System32\fdWCN.dll" is sparse (flags = 32768) File "C:\Windows\System32\WcnApi.dll" is sparse (flags = 32768) File "C:\Windows\System32\atl.dll" is sparse (flags = 32768) File "C:\Windows\System32\dfscli.dll" is sparse (flags = 32768) File "C:\Windows\System32\browcli.dll" is sparse (flags = 32768) File "C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768) File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768) File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768) File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768) File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768) File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768) File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wbem\wbemdisp.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\unsecapp.exe" is sparse (flags = 32768) File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768) File "C:\Windows\System32\dinput8.dll" is sparse (flags = 32768) File "C:\Windows\System32\wdmaud.drv" is sparse (flags = 32768) File "C:\Windows\System32\ksuser.dll" is sparse (flags = 32768) File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768) File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\msdmo.dll" is sparse (flags = 32768) File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768) File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768) File "C:\Windows\System32\credui.dll" is sparse (flags = 32768) File "C:\Windows\System32\dxva2.dll" is sparse (flags = 32768) File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768) File "C:\Windows\System32\cryptui.dll" is sparse (flags = 32768) File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768) File "C:\Windows\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768) File "C:\Windows\System32\mf.dll" is sparse (flags = 32768) File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768) File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768) File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768) File "C:\Windows\System32\COMPPKGSUP.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MFREADWRITE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\mfcore.dll" is sparse (flags = 32768) File "C:\Windows\System32\evr.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\MSCORLIB.NI.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\b25aa23cb6124cbf3bc169bb0cfd519d\System.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SmartAudio\6d90c1e7912f61e28fe6ed59e2a6ca96\SmartAudio.ni.exe" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d74326b9518cdee2d987cd01b4aa673a\System.Core.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\03e3502f3247d915cc335712fd85523f\WindowsBase.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7e29673b498ec3e1357cdcac4dcba883\PresentationCore.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\d103a771e35a668cc57e59f18a4d869d\PresentationFramework.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a81daa8eda20dc900f6c3900b7bdd770\System.Xaml.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\b6d4bf3234a5efd6c5004bda2a2d243e\Microsoft.VisualBasic.ni.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\02bafcf9c2511af76eb0da8d993b9b0c\System.Drawing.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9c83b97c79134abff0c628e09c7715ac\System.Windows.Forms.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\f8042ba59a0b5579e8e5d123bfd1cccf\System.Configuration.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\aff318269006d861a332e55de85d82a3\System.Xml.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\349f1caf0861453c66e6734858d308fa\System.Runtime.Remoting.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.CxHef9fb4ae#\1dac2dd6fc81c04ddcb03979d8c877e5\Interop.CxHDAudioAPILib.ni.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\a2c85af5a72759eaecc34fee61040d00\WindowsFormsIntegration.ni.dll" is sparse (flags = 32768) File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\83e7843225892290b8a523d35cc1405d\PresentationFramework.Aero2.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\30c756121814963c289cf73c32872185\UIAutomationTypes.ni.dll" is sparse (flags = 32768) File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\msi.dll" is sparse (flags = 32768) File "C:\Windows\System32\cryptdll.dll" is sparse (flags = 32768) File "C:\Windows\System32\msiltcfg.dll" is sparse (flags = 32768) File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768) File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768) File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768) File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768) File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768) File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768) File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768) File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768) File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bindflt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bthenum.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\HYPERVIDEO.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bthport.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bttflt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cldflt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768) File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768) File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768) File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768) File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\netvsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768) File "C:\Windows\System32\vds.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ramdisk.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\Spectrum.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768) File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768) File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\winnat.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768) File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768) File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768) File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768) File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768) File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768) File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\BCASTDVRUSERSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768) File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\netman.dll" is sparse (flags = 32768) File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768) File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768) File "C:\Windows\System32\BTAGSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\BTHAVCTPSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768) File "C:\Windows\System32\das.dll" is sparse (flags = 32768) File "C:\Windows\System32\CAPABILITYACCESSMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768) File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\dusmsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768) File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768) File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768) File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\INSTALLSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768) File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\lpasvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768) File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768) File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768) File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768) File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768) File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\PUSHTOINSTALL.DLL" is sparse (flags = 32768) File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768) File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768) File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768) File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\SHAREDREALITYSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768) File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768) File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TOKENBROKER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768) File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768) File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768) File "C:\Windows\System32\WAASMEDICSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\WFDSCONMGRSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WPCDESKTOPMONSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768) File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768) File "C:\ProgramData\Microsoft\Network\Downloader\qmgr.db" is sparse (flags = 32768) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BD91A3D2411BBAFD2554838F4252A4FD62D934CE.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BD91A3D2411BBAFD2554838F4252A4FD62D934CE.bin.7C" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-BD91A3D2411BBAFD2554838F4252A4FD62D934CE.bin.83" is compressed (flags = 1) <<<2>>> <<<3>>> Volume: D: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RubusFund 2.0 --> [Trojan.MalPack] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ToolwizCareFree --> [Trojan.MalPack] Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZjQ3MjJhZmYzNjc1YmQy|ImagePath --> [Adware.Wajam.Generic] Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ZJQ3MJJHZMYZNJC1YMQY --> [Adware.Wajam.Generic] Infected: C:\Windows\pbnkjcmy.hbnkj --> [Adware.Wajam.Generic] Scan finished Creating System Restore point... Cleaning up... Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action reg.exe... Success! Executing an action cmd.exe... Success! Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action reg.exe Queuing an action cmd.exe Queuing an action cmd.exe Queuing an action cmd.exe Queuing an action cmd.exe Queuing an action cmd.exe Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.17134 Windows 10 x64 Account is Administrative Internet Explorer version: 11.523.17134.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.495000 GHz Memory total: 4161232896, free: 2604089344 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.523.17134.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.495000 GHz Memory total: 4161232896, free: 1729015808 Downloaded database version: v2019.02.10.05 Downloaded database version: v2019.02.10.05 Downloaded database version: v2018.01.20.01 ======================================= Initializing... Driver version: 4.3.0.15 ------------ Kernel report ------------ 02/10/2019 21:19:43 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlmp.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\WppRecorder.sys \SystemRoot\system32\drivers\SleepStudyHelper.sys \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\system32\drivers\SgrmAgent.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\tpm.sys \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\storahci.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\drivers\wd\WdFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\system32\DRIVERS\amdpsp.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\vmbkmclr.sys \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afunix.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\gpuenergydrv.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\bam.sys \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys \SystemRoot\system32\DRIVERS\ahcache.sys \??\C:\WINDOWS\4A0E9D8CD472.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\System32\drivers\CAD.sys \SystemRoot\System32\DriverStore\FileRepository\c0312445.inf_amd64_162b22a7d7229709\atikmpag.sys \SystemRoot\System32\DriverStore\FileRepository\c0312445.inf_amd64_162b22a7d7229709\atikmdag.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\portcls.sys \SystemRoot\System32\drivers\drmk.sys \SystemRoot\System32\drivers\athw10x.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\rt640x64.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\System32\drivers\AsusTP.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\CmBatt.sys \SystemRoot\System32\drivers\BATTC.SYS \SystemRoot\System32\drivers\amdppm.sys \SystemRoot\System32\drivers\amdgpio2.sys \SystemRoot\System32\Drivers\msgpioclx.sys \SystemRoot\System32\drivers\amduart.sys \SystemRoot\system32\drivers\SerCx2.sys \SystemRoot\System32\drivers\amdi2c.sys \SystemRoot\system32\drivers\SpbCx.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\AsRadioControl.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\drivers\UEFI.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\system32\DRIVERS\AiCharger.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\drivers\AtihdWT6.sys \SystemRoot\system32\drivers\CHDRT64.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_storahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\system32\DRIVERS\btfilter.sys \SystemRoot\System32\drivers\BTHUSB.sys \SystemRoot\System32\drivers\bthport.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys \SystemRoot\System32\drivers\rfcomm.sys \SystemRoot\System32\drivers\BthEnum.sys \SystemRoot\System32\drivers\bthpan.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\system32\drivers\cldflt.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\drivers\ndisuio.sys \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\drivers\vwifimp.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\drivers\rassstp.sys \SystemRoot\System32\DRIVERS\NDProxy.sys \SystemRoot\System32\drivers\AgileVpn.sys \SystemRoot\System32\drivers\rasl2tp.sys \SystemRoot\System32\drivers\raspptp.sys \SystemRoot\System32\DRIVERS\raspppoe.sys \SystemRoot\System32\DRIVERS\ndistapi.sys \SystemRoot\System32\drivers\ndiswan.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\System32\Drivers\mbamswissarmy.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\A2D282CE.sys ----------- End ----------- Done! Scan started Database versions: main: v2019.02.10.05 rootkit: v2019.02.10.05 <<<2>>> Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffff9b8921a59060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffff9b8921934920, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff9b8921a59060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffff9b89217a6060, DeviceName: \Device\00000037\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffff9b8921a58060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffff9b89219358d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff9b8921a58060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffff9b89217a9060, DeviceName: \Device\00000036\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 0 Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: BB026784 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1792050791 GPT Header CurrentLba = 1 BackupLba 1953525167 GPT Header FirstUsableLba 34 LastUsableLba 1953525134 GPT Header Guid d8366eeb-2f8a-4f3a-bde7-6eb44445dd3b GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1792050791 Backup GPT header CurrentLba = 1953525167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134 Backup GPT header Guid d8366eeb-2f8a-4f3a-bde7-6eb44445dd3b Backup GPT header Contains 128 partition entries starting at LBA 1953525135 Backup GPT header Partition entry size = 128 Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID ef0baee7-9e84-4379-89be-5a8ce793c1af FirstLBA 2048 Last LBA 1953523711 Attributes 0 Partition Name Basic data partition Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Drive 1 This is a System drive Scanning MBR on drive 1... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: ACD0DA97 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 768891522 GPT Header CurrentLba = 1 BackupLba 250069679 GPT Header FirstUsableLba 34 LastUsableLba 250069646 GPT Header Guid 9a48cd8f-1d83-4fae-9f3b-f1db55d45f75 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 768891522 Backup GPT header CurrentLba = 250069679 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 250069646 Backup GPT header Guid 9a48cd8f-1d83-4fae-9f3b-f1db55d45f75 Backup GPT header Contains 128 partition entries starting at LBA 250069647 Backup GPT header Partition entry size = 128 Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID 64e48baf-9c0d-4e77-93ee-34323fc7c188 FirstLBA 2048 Last LBA 534527 Attributes 0 Partition Name EFI system partition GPT Partition 0 is bootable Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID c381173e-37ca-4295-a5a5-a87fc123df93 FirstLBA 534528 Last LBA 567295 Attributes 0 Partition Name Microsoft reserved partition Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 1bb025d6-23df-488a-b53e-5a2237fc255 FirstLBA 567296 Last LBA 248430591 Attributes 0 Partition Name Basic data partition Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID f618e903-fb2-49aa-956a-ca8dacecef38 FirstLBA 248430592 Last LBA 250068991 Attributes 1 Partition Name Basic data partition Disk Size: 128035676160 bytes Sector size: 512 bytes Done! File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\user32.dll" is sparse (flags = 32768) File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768) File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768) File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768) File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768) File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768) File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768) File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768) File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768) File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768) File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768) File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768) File "C:\Windows\System32\combase.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768) File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768) File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768) File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768) File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768) File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768) File "C:\Windows\System32\version.dll" is sparse (flags = 32768) File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768) File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768) File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768) File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768) File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768) File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.523_none_40fda94a45138881\comctl32.dll" is sparse (flags = 32768) File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768) File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768) File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768) File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768) File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768) File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768) File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768) File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768) File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768) File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768) File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768) File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768) File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768) File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768) File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768) File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768) File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768) File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768) File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768) File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768) File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768) File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768) File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768) File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768) File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768) File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768) File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768) File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768) File "C:\Windows\System32\smss.exe" is sparse (flags = 32768) File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768) File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768) File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768) File "C:\Windows\System32\services.exe" is sparse (flags = 32768) File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768) File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768) File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768) File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768) File "C:\Windows\System32\hid.dll" is sparse (flags = 32768) File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768) File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768) File "C:\Windows\System32\avrt.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.523_none_42edd4b044e3535c\comctl32.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.523_none_73d8c7959f75cd2a\GdiPlus.dll" is sparse (flags = 32768) File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768) File "C:\Windows\explorer.exe" is sparse (flags = 32768) File "C:\Windows\System32\SECURITYHEALTHSERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768) File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768) File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768) File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768) File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768) File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768) File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768) File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\rmclient.dll" is sparse (flags = 32768) File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768) File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768) File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768) File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768) File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768) File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768) File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wbem\wbemdisp.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\unsecapp.exe" is sparse (flags = 32768) File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768) File "C:\Windows\System32\dinput8.dll" is sparse (flags = 32768) File "C:\Windows\System32\wdmaud.drv" is sparse (flags = 32768) File "C:\Windows\System32\ksuser.dll" is sparse (flags = 32768) File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768) File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\APPRESOLVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\BCP47LANGS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\slc.dll" is sparse (flags = 32768) File "C:\Windows\System32\sppc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL" is sparse (flags = 32768) File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768) File "C:\Windows\System32\msdmo.dll" is sparse (flags = 32768) File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768) File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768) File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768) File "C:\Windows\System32\credui.dll" is sparse (flags = 32768) File "C:\Windows\System32\dxva2.dll" is sparse (flags = 32768) File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768) File "C:\Windows\System32\cryptui.dll" is sparse (flags = 32768) File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768) File "C:\Windows\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768) File "C:\Windows\System32\mf.dll" is sparse (flags = 32768) File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768) File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768) File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768) File "C:\Windows\System32\COMPPKGSUP.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MFREADWRITE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\mfcore.dll" is sparse (flags = 32768) File "C:\Windows\System32\evr.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\MSCORLIB.NI.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\b25aa23cb6124cbf3bc169bb0cfd519d\System.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SmartAudio\6d90c1e7912f61e28fe6ed59e2a6ca96\SmartAudio.ni.exe" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d74326b9518cdee2d987cd01b4aa673a\System.Core.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\03e3502f3247d915cc335712fd85523f\WindowsBase.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7e29673b498ec3e1357cdcac4dcba883\PresentationCore.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\d103a771e35a668cc57e59f18a4d869d\PresentationFramework.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a81daa8eda20dc900f6c3900b7bdd770\System.Xaml.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\b6d4bf3234a5efd6c5004bda2a2d243e\Microsoft.VisualBasic.ni.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\02bafcf9c2511af76eb0da8d993b9b0c\System.Drawing.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9c83b97c79134abff0c628e09c7715ac\System.Windows.Forms.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\f8042ba59a0b5579e8e5d123bfd1cccf\System.Configuration.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\aff318269006d861a332e55de85d82a3\System.Xml.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\349f1caf0861453c66e6734858d308fa\System.Runtime.Remoting.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.CxHef9fb4ae#\1dac2dd6fc81c04ddcb03979d8c877e5\Interop.CxHDAudioAPILib.ni.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\a2c85af5a72759eaecc34fee61040d00\WindowsFormsIntegration.ni.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\83e7843225892290b8a523d35cc1405d\PresentationFramework.Aero2.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\30c756121814963c289cf73c32872185\UIAutomationTypes.ni.dll" is sparse (flags = 32768) File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\msi.dll" is sparse (flags = 32768) File "C:\Windows\System32\xmllite.dll" is sparse (flags = 32768) File "C:\Windows\System32\cryptdll.dll" is sparse (flags = 32768) File "C:\Windows\System32\msiltcfg.dll" is sparse (flags = 32768) File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768) File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768) File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768) File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768) File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768) File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768) File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768) File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768) File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bindflt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bthenum.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\HYPERVIDEO.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bthport.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bttflt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cldflt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768) File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768) File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768) File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768) File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\netvsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768) File "C:\Windows\System32\vds.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ramdisk.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\Spectrum.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768) File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768) File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\winnat.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768) File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768) File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768) File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768) File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768) File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768) File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\BCASTDVRUSERSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768) File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\netman.dll" is sparse (flags = 32768) File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768) File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768) File "C:\Windows\System32\BTAGSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\BTHAVCTPSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768) File "C:\Windows\System32\das.dll" is sparse (flags = 32768) File "C:\Windows\System32\CAPABILITYACCESSMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768) File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\dusmsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768) File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768) File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768) File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\INSTALLSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768) File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\lpasvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768) File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768) File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768) File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768) File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768) File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\PUSHTOINSTALL.DLL" is sparse (flags = 32768) File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768) File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768) File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768) File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\SHAREDREALITYSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768) File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768) File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TOKENBROKER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768) File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768) File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768) File "C:\Windows\System32\WAASMEDICSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\WFDSCONMGRSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WPCDESKTOPMONSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768) File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768) File "C:\ProgramData\Microsoft\Network\Downloader\qmgr.db" is sparse (flags = 32768) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-7EFE18B2ADA6B11D840AF2BD12A4B038898DD89E.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-7EFE18B2ADA6B11D840AF2BD12A4B038898DD89E.bin.7C" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-7EFE18B2ADA6B11D840AF2BD12A4B038898DD89E.bin.83" is compressed (flags = 1) <<<2>>> <<<3>>> Volume: D: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.523.17134.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.495000 GHz Memory total: 4161232896, free: 1854980096 Downloaded database version: v2019.02.10.05 Downloaded database version: v2019.02.10.05 Downloaded database version: v2018.01.20.01 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.17134 Windows 10 x64 Account is Administrative Internet Explorer version: 11.523.17134.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.495000 GHz Memory total: 4161232896, free: 2505506816 =======================================