Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Start Windows Defender, and even open Task Manager.


  • This topic is locked This topic is locked
38 replies to this topic

#1 XeLiOs

XeLiOs

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 12 June 2017 - 08:31 AM

Hello,

 

I'm having trouble with my dads computer. I recently found out that his computer contained viruses when his flashdrive had that hidden files malware when it was plugged in to my computer. So i tried to scan his computer with windows defender but it wont start saying service is not an installed service, so i tried malwarebytes antimalware and its stuck at scanning startup files. i tried opening task manager and it says a dll is missing. Can this be fixed? Heres the log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-06-2017
Ran by axcel (administrator) on AXCEL-PC (12-06-2017 21:24:18)
Running from C:\Users\axcel\Downloads
Loaded Profiles: axcel &  (Available Profiles: axcel)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(CANON INC.) C:\Windows\System32\CNAB4RPD.EXE
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(WALTOP International Corp.) C:\Windows\SysWOW64\tblmouse.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
() C:\Program Files (x86)\Hostless Modem\SMART BRO\CheckNDISPort_df.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
() C:\Program Files (x86)\Hostless Modem\SMART BRO\CancelAutoPlay_df.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
() C:\ProgramData\309974\Luminosity.exe
() C:\Windows\Installer\{B6BBF663-4571-1ED1-1E90-09ACFD4AD36D}\syshost.exe
(Intel® Corporation) C:\Program Files\Intel\ConnectCenter\bin\CCFManager.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Windows\System32\atwtusb.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Windows\System32\atwtusb.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Program Files\Intel\STCServ\STCServ.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel® Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TblMouse] => C:\WINDOWS\SysWOW64\TblMouse.exe [65184 2007-10-09] (WALTOP International Corp.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [CheckNDISPort51ac05] => C:\Program Files (x86)\Hostless Modem\SMART BRO\CheckNDISPort_df.exe [468736 2014-11-03] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Hostless Modem\SMART BRO\CancelAutoPlay_df.exe [447744 2014-11-03] ()
HKLM-x32\...\Run: [syshost32] => C:\Windows\Installer\{B6BBF663-4571-1ED1-1E90-09ACFD4AD36D}\syshost.exe [205666 2017-04-05] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-1753474392-3383805119-188504131-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-1753474392-3383805119-188504131-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcovm.exe <===== ATTENTION
HKU\S-1-5-21-1753474392-3383805119-188504131-1000\...\MountPoints2: {b0cbd2bb-0ade-11e6-93dd-fae955779297} - F:\AutoRun.exe
HKU\S-1-5-21-1753474392-3383805119-188504131-1000\...\MountPoints2: {e5ff8356-9c18-11e5-972d-d1789349f4ef} - F:\AutoRun.exe
HKU\S-1-5-21-1753474392-3383805119-188504131-1000\...\Winlogon: [Shell] explorer.exe,"C:\Users\axcel\AppData\Roaming\clientmon.exe" <==== ATTENTION
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211134973\...\Policies\Explorer: [] 
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211134973\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcovm.exe <===== ATTENTION
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211134973\...\MountPoints2: {b0cbd2bb-0ade-11e6-93dd-fae955779297} - F:\AutoRun.exe
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211134973\...\MountPoints2: {e5ff8356-9c18-11e5-972d-d1789349f4ef} - F:\AutoRun.exe
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211134973\...\Winlogon: [Shell] explorer.exe,"C:\Users\axcel\AppData\Roaming\clientmon.exe" <==== ATTENTION
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211154962\...\Policies\Explorer: [] 
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211154962\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcovm.exe <===== ATTENTION
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211154962\...\MountPoints2: {b0cbd2bb-0ade-11e6-93dd-fae955779297} - F:\AutoRun.exe
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211154962\...\MountPoints2: {e5ff8356-9c18-11e5-972d-d1789349f4ef} - F:\AutoRun.exe
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211154962\...\Winlogon: [Shell] explorer.exe,"C:\Users\axcel\AppData\Roaming\clientmon.exe" <==== ATTENTION
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40BDD41C-6357-4BB1-A713-544F120FD22B}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{5E6F35CA-E26D-4615-9553-94DBCDB56746}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{A192F5CD-219D-4439-8EB3-3A75417140EA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A2B3B1B7-B514-455E-A795-673814B0865D}: [NameServer] 203.115.130.8,203.115.130.10
Tcpip\..\Interfaces\{A2B3B1B7-B514-455E-A795-673814B0865D}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{D1BCA943-E6FC-441C-A958-3D22521C9E45}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1753474392-3383805119-188504131-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211134973\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211154962\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2013-11-21] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2013-11-21] (SAP, Walldorf)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-15] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\AXEL\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://121.97.115.17/","hxxp://192.168.1.254/"
CHR Profile: C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default [2017-06-12]
CHR Extension: (Google Slides) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-18]
CHR Extension: (Google Docs) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-18]
CHR Extension: (Google Drive) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Sheets) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Planner 5D) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc [2015-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Gmail) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
CHR Extension: (Chrome Media Router) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-14]
CHR Profile: C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-06-04]
CHR Profile: C:\Users\axcel\AppData\Local\Google\Chrome\User Data\System Profile [2017-06-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"e837be2242989542" => service could not be unlocked. <===== ATTENTION
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations) [File not signed]
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18720 2012-02-09] (Autodesk, Inc.)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2015-09-23] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [3337728 2015-10-30] (Microsoft Corporation) [File not signed]
R2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
R2 WTService; C:\Windows\System32\atwtusb.exe [662248 2009-07-30] () [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-24] (Atheros) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
U4 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 1394ohci; C:\Windows\system32\DRIVERS\1394ohci.sys [227840 2009-07-14] () [File not signed]
R0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [334416 2009-07-14] () [File not signed]
S3 AcpiPmi; C:\Windows\system32\DRIVERS\acpipmi.sys [12288 2009-07-14] () [File not signed]
S3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [35600 2014-05-19] () [File not signed]
S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [491088 2009-07-14] () [File not signed]
S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [339536 2009-07-14] () [File not signed]
S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [182864 2009-07-14] () [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [500224 2009-07-14] () [File not signed]
S3 agp440; C:\Windows\system32\DRIVERS\agp440.sys [61008 2009-07-14] () [File not signed]
S1 aiptektp; C:\Windows\System32\DRIVERS\aiptektp.sys [29696 2007-07-27] (WALTOP International Corp.)
S3 aliide; C:\Windows\system32\DRIVERS\aliide.sys [15440 2009-07-14] () [File not signed]
S3 amdide; C:\Windows\system32\DRIVERS\amdide.sys [15440 2009-07-14] () [File not signed]
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [64512 2009-07-14] () [File not signed]
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [60928 2009-07-14] () [File not signed]
S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [106576 2009-07-14] () [File not signed]
S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [194128 2009-07-14] () [File not signed]
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-07-14] () [File not signed]
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [163808 2013-02-13] () [File not signed]
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [163808 2013-02-13] () [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2009-07-14] () [File not signed]
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [87632 2009-07-14] () [File not signed]
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [97856 2009-07-14] () [File not signed]
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] () [File not signed]
R0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [24128 2009-07-14] () [File not signed]
R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [89168 2013-01-24] () [File not signed]
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3884032 2013-03-25] () [File not signed]
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-11] () [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-11] () [File not signed]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] () [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] () [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-14] () [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2009-07-14] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-11] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-11] () [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] () [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-11] () [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-11] () [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-11] () [File not signed]
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [346192 2013-01-24] () [File not signed]
R3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [115280 2013-01-24] () [File not signed]
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [34384 2013-01-24] () [File not signed]
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [179432 2013-01-24] () [File not signed]
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] () [File not signed]
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [136424 2013-01-24] () [File not signed]
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [581200 2013-01-24] () [File not signed]
R3 BthEnum; C:\Windows\System32\DRIVERS\BthEnum.sys [41984 2009-07-14] () [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-14] () [File not signed]
R3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [118784 2009-07-14] () [File not signed]
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [551936 2009-07-14] () [File not signed]
R3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [79360 2009-07-14] () [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2009-07-14] () [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] () [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-14] () [File not signed]
S3 cmdide; C:\Windows\system32\DRIVERS\cmdide.sys [17488 2009-07-14] () [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [460504 2009-07-14] () [File not signed]
R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDRT64.sys [1680992 2013-03-05] () [File not signed]
R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-14] () [File not signed]
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2009-07-14] () [File not signed]
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-14] () [File not signed]
R1 CSC; C:\Windows\System32\drivers\csc.sys [514048 2009-07-14] () [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2009-07-14] () [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] () [File not signed]
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-14] () [File not signed]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-14] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [974848 2009-07-14] () [File not signed]
U5 e837be2242989542; C:\Windows\System32\Drivers\e837be2242989542.sys [76248 2017-04-05] () <===== ATTENTION Necurs Rootkit?
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] () [File not signed]
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-14] () [File not signed]
S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [9728 2009-07-14] () [File not signed]
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [355664 2013-02-27] () [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] () [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] () [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] () [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [290368 2009-07-14] () [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] () [File not signed]
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23104 2009-07-14] () [File not signed]
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223448 2009-07-14] () [File not signed]
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] () [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-11] () [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2009-07-14] () [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2009-07-14] () [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] () [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] () [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] () [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2009-07-14] () [File not signed]
S3 HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [77888 2009-07-14] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [751616 2009-07-14] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14416 2009-07-14] () [File not signed]
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-14] () [File not signed]
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [652784 2013-01-31] () [File not signed]
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] () [File not signed]
S3 iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [410688 2009-07-14] () [File not signed]
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [4431840 2013-05-08] () [File not signed]
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] () [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [442368 2013-05-08] () [File not signed]
S3 intelide; C:\Windows\system32\DRIVERS\intelide.sys [16960 2009-07-14] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2009-07-14] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [78848 2009-07-14] () [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] () [File not signed]
S3 isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [20544 2009-07-14] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\DRIVERS\msiscsi.sys [224832 2009-07-14] () [File not signed]
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [20464 2013-12-20] () [File not signed]
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [369648 2013-12-20] () [File not signed]
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [790512 2013-12-20] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] () [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2009-07-14] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95312 2009-07-14] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [153152 2009-07-14] () [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] () [File not signed]
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-06-20] () [File not signed]
R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX64.sys [39008 2014-05-19] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] () [File not signed]
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] () [File not signed]
S0 MBAMChameleon; C:\Windows\System32\drivers\0BF54BA9.sys [188312 2017-06-12] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-06-12] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\660E4B92.sys [252832 2017-06-12] (Malwarebytes)
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] () [File not signed]
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] () [File not signed]
R3 MEIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [64624 2013-05-15] () [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94784 2009-07-14] () [File not signed]
S3 mpio; C:\Windows\system32\DRIVERS\mpio.sys [155216 2009-07-14] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2009-07-14] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [157184 2009-07-14] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [285696 2009-07-14] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [125952 2009-07-14] () [File not signed]
R0 msahci; C:\Windows\System32\DRIVERS\msahci.sys [30272 2009-07-14] () [File not signed]
S3 msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [140352 2009-07-14] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [367168 2009-07-14] () [File not signed]
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [947776 2009-07-14] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56320 2009-07-14] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2009-07-14] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2009-07-14] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [259072 2009-07-14] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659984 2009-07-14] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed]
S3 nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [149056 2009-07-14] () [File not signed]
S3 nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [167488 2009-07-14] () [File not signed]
S3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75840 2009-07-14] () [File not signed]
R0 pci; C:\Windows\System32\DRIVERS\pci.sys [183872 2009-07-14] () [File not signed]
S3 pciide; C:\Windows\system32\DRIVERS\pciide.sys [12352 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111616 2009-07-14] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2009-07-14] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [130048 2009-07-14] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2009-07-14] () [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165376 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [204800 2009-07-14] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [214096 2009-07-14] () [File not signed]
R3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-14] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [327752 2013-04-23] () [File not signed]
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8243144 2013-04-24] () [File not signed]
S3 s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [6656 2009-07-14] () [File not signed]
S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [104016 2009-07-14] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2009-07-14] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-11] () [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [14336 2009-07-14] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [465408 2009-07-14] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [407040 2009-07-14] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [162816 2009-07-14] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed]
R0 storflt; C:\Windows\System32\DRIVERS\vmstorfl.sys [46672 2009-07-14] () [File not signed]
S3 storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [34896 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1898576 2009-07-14] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1898576 2009-07-14] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [44544 2009-07-14] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-14] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [99840 2009-07-14] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [62544 2009-07-14] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [38400 2009-07-14] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2009-07-14] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [327168 2009-07-14] () [File not signed]
S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2009-07-14] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2009-07-14] () [File not signed]
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [100352 2009-07-14] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [51200 2009-07-14] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2009-07-14] () [File not signed]
S3 usbohci; C:\Windows\system32\DRIVERS\usbohci.sys [25600 2009-07-14] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [89600 2009-07-14] () [File not signed]
S3 usbuhci; C:\Windows\system32\DRIVERS\usbuhci.sys [30720 2009-07-14] () [File not signed]
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [184576 2009-07-14] () [File not signed]
S3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [19968 2009-07-14] () [File not signed]
R0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [217680 2009-07-14] () [File not signed]
S3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7808 2009-04-17] (Windows ® Codename Longhorn DDK provider)
S3 viaide; C:\Windows\system32\DRIVERS\viaide.sys [17488 2009-07-14] () [File not signed]
S3 vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [200272 2009-07-14] () [File not signed]
S3 VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [21760 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [71760 2009-07-14] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363584 2009-07-14] () [File not signed]
R0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [294992 2009-07-14] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785512 2014-05-19] () [File not signed]
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-03-10] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [40448 2009-07-14] () [File not signed]
S3 WmiAcpi; C:\Windows\system32\DRIVERS\wmiacpi.sys [14336 2009-07-14] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2009-07-14] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2009-07-14] () [File not signed]
U5 e837be2242989542;  <===== ATTENTION: Locked Service
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-12 21:24 - 2017-06-12 21:24 - 00042420 _____ C:\Users\axcel\Downloads\FRST.txt
2017-06-12 21:23 - 2017-06-12 21:24 - 00000000 ____D C:\FRST
2017-06-12 21:22 - 2017-06-12 21:23 - 02438656 _____ (Farbar) C:\Users\axcel\Downloads\FRST64.exe
2017-06-12 21:21 - 2017-06-12 21:21 - 05659512 _____ (Swearware) C:\Users\axcel\Downloads\ComboFix.exe
2017-06-12 21:10 - 2017-06-12 21:10 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\660E4B92.sys
2017-06-12 21:10 - 2017-06-12 21:10 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\0BF54BA9.sys
2017-06-12 20:26 - 2016-05-17 15:18 - 00401408 _____ C:\Users\axcel\AppData\Roaming\clientmon.exe
2017-06-12 20:25 - 2017-06-12 20:25 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\6E0E290A.sys
2017-06-12 20:25 - 2017-06-12 20:25 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\44112907.sys
2017-06-12 20:25 - 2017-06-12 20:25 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\69F8291D.sys
2017-06-12 20:24 - 2017-06-12 21:10 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-12 20:24 - 2017-06-12 20:25 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-06-12 20:24 - 2017-06-12 20:24 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\3AC12867.sys
2017-06-12 20:23 - 2017-06-12 20:23 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\534327F1.sys
2017-06-12 20:23 - 2017-06-12 20:23 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\273C27F8.sys
2017-06-12 20:23 - 2017-06-12 20:23 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-12 20:23 - 2017-06-12 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-12 20:23 - 2017-06-12 20:23 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-12 20:23 - 2017-05-25 11:58 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-12 20:22 - 2017-06-12 20:22 - 00001365 _____ C:\Users\axcel\Downloads\Windefend.zip
2017-06-12 20:16 - 2017-06-12 20:21 - 64232976 _____ (Malwarebytes ) C:\Users\axcel\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-10 22:45 - 2017-06-10 22:45 - 00000000 ____D C:\Windows\udtablet
2017-06-10 22:45 - 2017-06-10 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MacroKey Manager
2017-06-10 22:45 - 2009-08-04 11:51 - 00007582 _____ C:\Windows\aiptbl.ini
2017-06-10 22:38 - 2017-06-10 22:38 - 00003220 _____ C:\Windows\System32\Tasks\{48A571C6-7EBF-4DC6-A1A1-E93FC0AA2C85}
2017-06-10 22:25 - 2017-06-10 22:45 - 00000000 ____D C:\Windows\calib_da
2017-06-10 22:25 - 2009-04-17 03:18 - 00007808 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Drivers\walvhid.sys
2017-06-10 22:00 - 2017-06-10 22:00 - 00003018 _____ C:\Windows\System32\Tasks\{6189AE25-FBDC-4D3A-9F37-C6EC7AC5AF6A}
2017-06-06 22:40 - 2017-06-06 22:42 - 00000000 _____ C:\Users\axcel\AppData\Roaming\svchost.exe
2017-06-06 22:40 - 2017-06-06 22:42 - 00000000 _____ C:\Users\axcel\AppData\Roaming\rundll32.exe
2017-06-06 22:40 - 2017-06-06 22:42 - 00000000 _____ C:\Users\axcel\AppData\Roaming\rundll3.exe
2017-06-06 22:40 - 2017-06-06 22:40 - 00178530 __RSH C:\Users\axcel\AppData\Roaming\csrss.exe
2017-06-04 01:48 - 2017-06-04 01:48 - 01005568 _____ (Microsoft Corporation) C:\Users\axcel\Downloads\dotNetFx45_Full_setup.exe
2017-06-04 01:45 - 2017-06-04 01:45 - 00003298 _____ C:\Windows\System32\Tasks\IntelBootstrapCCDashExe
2017-06-04 01:44 - 2017-06-04 01:44 - 00000000 ____D C:\Users\axcel\AppData\Local\Share Link
2017-06-04 01:44 - 2017-06-04 01:44 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-06-04 01:42 - 2017-06-04 01:44 - 24885896 _____ (ASUSTEK ) C:\Users\axcel\Downloads\ShareLinkSetup.exe
2017-06-02 23:49 - 2017-06-02 23:49 - 00123298 _____ C:\Users\axcel\Downloads\M Tirol Kitchen june01 2017.pdf
2017-06-02 23:47 - 2017-06-02 23:47 - 00135001 _____ C:\Users\axcel\Downloads\M Tirol FLOOR PLAN  june01  2017.pdf
2017-06-02 23:45 - 2017-06-02 23:45 - 00113296 _____ C:\Users\axcel\Downloads\M Tirol BEDROOM 01  june01  2017.pdf
2017-06-02 23:42 - 2017-06-02 23:42 - 00191557 _____ C:\Users\axcel\Downloads\M Tirol MASTER'S BEDROOM   june01  2017.pdf
2017-06-02 23:40 - 2017-06-02 23:40 - 00114913 _____ C:\Users\axcel\Downloads\Avida Living -Dining  elevations (1).pdf
2017-06-02 23:40 - 2017-06-02 23:40 - 00110865 _____ C:\Users\axcel\Downloads\Avida Kitchen Plans (1).pdf
2017-06-02 23:39 - 2017-06-02 23:39 - 00124016 _____ C:\Users\axcel\Downloads\Avida Floor Plan (1).pdf
2017-06-02 23:39 - 2017-06-02 23:39 - 00114393 _____ C:\Users\axcel\Downloads\Avida Kitchen Elevations (1).pdf
2017-06-02 23:39 - 2017-06-02 23:39 - 00109453 _____ C:\Users\axcel\Downloads\Avida Bedroom Cabinets (1).pdf
2017-06-02 23:38 - 2017-06-02 23:38 - 00207415 _____ C:\Users\axcel\Downloads\Avida Bedroom & TnB   Elevations (2).pdf
2017-06-02 23:38 - 2017-06-02 23:38 - 00114566 _____ C:\Users\axcel\Downloads\Avida  T&B  Cabinet &  underCounter (2).pdf
2017-06-02 23:32 - 2017-06-02 23:32 - 00207415 _____ C:\Users\axcel\Downloads\Avida Bedroom & TnB   Elevations (1).pdf
2017-06-02 23:31 - 2017-06-02 23:31 - 00114566 _____ C:\Users\axcel\Downloads\Avida  T&B  Cabinet &  underCounter (1).pdf
2017-06-02 23:22 - 2017-06-02 23:22 - 00207415 _____ C:\Users\axcel\Downloads\Avida Bedroom & TnB   Elevations.pdf
2017-06-02 23:22 - 2017-06-02 23:22 - 00124016 _____ C:\Users\axcel\Downloads\Avida Floor Plan.pdf
2017-06-02 23:22 - 2017-06-02 23:22 - 00114913 _____ C:\Users\axcel\Downloads\Avida Living -Dining  elevations.pdf
2017-06-02 23:22 - 2017-06-02 23:22 - 00114566 _____ C:\Users\axcel\Downloads\Avida  T&B  Cabinet &  underCounter.pdf
2017-06-02 23:22 - 2017-06-02 23:22 - 00114393 _____ C:\Users\axcel\Downloads\Avida Kitchen Elevations.pdf
2017-06-02 23:22 - 2017-06-02 23:22 - 00110865 _____ C:\Users\axcel\Downloads\Avida Kitchen Plans.pdf
2017-06-02 23:22 - 2017-06-02 23:22 - 00109453 _____ C:\Users\axcel\Downloads\Avida Bedroom Cabinets.pdf
2017-05-30 11:58 - 2017-05-30 11:58 - 00878648 _____ C:\Windows\Minidump\053017-16801-01.dmp
2017-05-28 19:20 - 2017-05-28 19:20 - 00172349 _____ C:\Users\axcel\Downloads\Lavatory UnderCounter & Ledge above  TV.pdf
2017-05-25 22:18 - 2017-05-25 22:18 - 00010562 _____ C:\Users\axcel\Downloads\Book1.xlsx
2017-05-25 22:16 - 2017-05-25 22:16 - 00000000 _____ C:\Users\axcel\Downloads\noname (8)
2017-05-25 22:16 - 2017-05-25 22:16 - 00000000 _____ C:\Users\axcel\Downloads\noname (7)
2017-05-19 16:58 - 2017-05-19 16:58 - 00878336 _____ C:\Windows\Minidump\051917-16255-01.dmp
2017-05-19 16:07 - 2017-05-19 16:07 - 00878336 _____ C:\Windows\Minidump\051917-16348-01.dmp
2017-05-19 15:51 - 2017-05-19 15:51 - 00871304 _____ C:\Windows\Minidump\051917-15943-01.dmp
2017-05-18 23:02 - 2017-05-19 16:47 - 00503296 _____ C:\Users\axcel\Desktop\Final_AXEL Assembly May 2017.ppt
2017-05-18 22:55 - 2017-05-18 22:58 - 00111104 _____ C:\Users\axcel\Desktop\taste-and-see.ppt
2017-05-18 22:50 - 2017-05-18 22:55 - 00108544 _____ C:\Users\axcel\Downloads\taste-and-see.ppt
2017-05-18 21:08 - 2017-05-18 21:41 - 00101888 _____ C:\Users\axcel\Desktop\you-are-my-hiding-place.ppt
2017-05-18 21:07 - 2017-05-18 21:07 - 00101888 _____ C:\Users\axcel\Downloads\you-are-my-hiding-place.ppt
2017-05-17 22:25 - 2017-05-17 22:25 - 00021092 _____ C:\Users\axcel\Downloads\Copy of Breakfast Participants 2017 (1)-1.xlsx
2017-05-17 13:54 - 2017-06-10 22:46 - 00000000 ____D C:\Windows\vhid
2017-05-15 02:14 - 2017-05-15 02:14 - 00000000 ____D C:\Users\axcel\AppData\Roaming\SYSTEMAX Software Development
2017-05-15 02:14 - 2017-05-15 02:14 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2017-05-15 01:45 - 2017-05-15 01:47 - 48631643 _____ C:\Users\axcel\Downloads\Paint Tool SAI Anglicised with Custom Brushes and Transparency Mod.zip
2017-05-14 23:28 - 2017-06-10 21:35 - 00000000 ____D C:\Users\axcel\AppData\Local\Spotify
2017-05-14 23:28 - 2017-05-14 23:28 - 00001805 _____ C:\Users\axcel\Desktop\Spotify.lnk
2017-05-14 23:28 - 2017-05-14 23:28 - 00001791 _____ C:\Users\axcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-05-14 23:28 - 2017-05-14 23:28 - 00000000 ____D C:\Users\axcel\Tracing
2017-05-14 23:27 - 2017-06-11 01:37 - 00000000 ____D C:\Users\axcel\AppData\Roaming\Skype
2017-05-14 23:27 - 2017-05-14 23:27 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-14 23:27 - 2017-05-14 23:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-14 23:27 - 2017-05-14 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-05-14 23:22 - 2017-06-10 20:52 - 00000000 ____D C:\Users\axcel\AppData\Roaming\Spotify
2017-05-14 23:21 - 2017-05-14 23:25 - 58128344 _____ (Skype Technologies S.A.) C:\Users\axcel\Downloads\SkypeSetupFull.exe
2017-05-14 23:21 - 2017-05-14 23:21 - 00003160 _____ C:\Windows\System32\Tasks\{6980CB4E-74E2-42CF-84E2-0426912B9077}
2017-05-14 23:20 - 2017-05-14 23:20 - 00668880 _____ (Spotify Ltd) C:\Users\axcel\Downloads\SpotifySetup.exe
2017-05-14 21:57 - 2017-05-14 21:57 - 00000000 ____D C:\Users\axcel\AppData\Local\FireAlpaca
2017-05-14 21:46 - 2017-06-10 22:45 - 00000000 ____D C:\ProgramData\Tablet
2017-05-14 21:46 - 2011-10-05 16:49 - 00011563 _____ C:\Windows\system32\aiptbl.ini
2017-05-14 21:32 - 2017-05-14 21:38 - 14835668 _____ C:\Users\axcel\Downloads\G-Pen 560 V4.13.rar
2017-05-14 21:32 - 2017-05-14 21:32 - 00001190 _____ C:\Users\Public\Desktop\FireAlpaca.lnk
2017-05-14 21:32 - 2017-05-14 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FireAlpaca
2017-05-14 21:32 - 2017-05-14 21:32 - 00000000 ____D C:\Program Files (x86)\FireAlpaca
2017-05-14 21:32 - 2016-08-19 17:51 - 00689664 _____ C:\Windows\system32\MdpThumb64.dll
2017-05-14 21:28 - 2017-05-14 21:30 - 27787848 _____ (firealpaca.com ) C:\Users\axcel\Downloads\FireAlpaca_setup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-12 21:25 - 2016-12-23 00:25 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {6B25CB13-7D7B-4794-9EA0-8322CE0EF909}.job
2017-06-12 21:25 - 2016-12-23 00:25 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {0517B812-8C6B-430F-8A77-589A57347ABE}.job
2017-06-12 21:25 - 2016-12-23 00:25 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {6B25CB13-7D7B-4794-9EA0-8322CE0EF909}.job
2017-06-12 21:25 - 2016-12-23 00:25 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {0517B812-8C6B-430F-8A77-589A57347ABE}.job
2017-06-12 21:25 - 2015-06-28 23:25 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B3B82D78-9BCE-4596-BB08-E5B77ABD953E}.job
2017-06-12 21:24 - 2016-12-23 00:24 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B6C1B646-0BEA-438F-B7E4-B775FB74E09B}.job
2017-06-12 21:24 - 2016-12-23 00:24 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {47CF474E-FF0D-4FA4-85E8-8A6958711741}.job
2017-06-12 21:24 - 2016-12-23 00:24 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {1B1BA525-8D26-47D4-9C81-9265F9E46A9C}.job
2017-06-12 21:24 - 2016-12-23 00:24 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {47CF474E-FF0D-4FA4-85E8-8A6958711741}.job
2017-06-12 21:22 - 2015-06-28 23:22 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {C80DA302-F99C-4203-9BC5-A7CA7B2474D7}.job
2017-06-12 21:22 - 2015-06-28 23:22 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {A1AC75D8-5C5A-4E2A-8F17-5E9DA01A2D49}.job
2017-06-12 21:21 - 2016-12-22 23:21 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {EDEB0373-E70B-4BDA-8130-6B6A81E1E630}.job
2017-06-12 21:21 - 2016-12-22 23:21 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {423CCF81-54FF-4298-B4F6-50B8F8EAC898}.job
2017-06-12 21:21 - 2016-12-22 23:21 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {145256CE-C5E3-4574-B831-B74C6535FC8E}.job
2017-06-12 21:21 - 2016-12-22 23:21 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {EDEB0373-E70B-4BDA-8130-6B6A81E1E630}.job
2017-06-12 21:21 - 2016-12-22 23:21 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {145256CE-C5E3-4574-B831-B74C6535FC8E}.job
2017-06-12 21:20 - 2016-12-23 00:20 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {8095E00A-CF7B-45BB-B5FD-28C78A6B2780}.job
2017-06-12 21:20 - 2016-12-23 00:20 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {8095E00A-CF7B-45BB-B5FD-28C78A6B2780}.job
2017-06-12 21:18 - 2016-12-23 00:18 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {F19EFECB-7579-4C75-8B69-65B54DC0CB50}.job
2017-06-12 21:18 - 2016-12-23 00:18 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {94720362-C5C8-48D4-9016-E75551A6DD81}.job
2017-06-12 21:18 - 2016-12-23 00:18 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {57DFA46F-C11E-49AA-A809-DCF342B7CC3C}.job
2017-06-12 21:18 - 2016-12-23 00:18 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {0F559F96-FB77-4E62-88DF-833183CD56EF}.job
2017-06-12 21:18 - 2016-12-23 00:18 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {0CC11548-410E-4C8F-8E5A-C15452C0A899}.job
2017-06-12 21:18 - 2016-12-23 00:18 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {F19EFECB-7579-4C75-8B69-65B54DC0CB50}.job
2017-06-12 21:18 - 2016-12-23 00:18 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {94720362-C5C8-48D4-9016-E75551A6DD81}.job
2017-06-12 21:18 - 2016-12-23 00:18 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {0CC11548-410E-4C8F-8E5A-C15452C0A899}.job
2017-06-12 21:15 - 2016-08-13 12:15 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {7ECD5781-5D80-4BBD-933A-50B62ECB468B}.job
2017-06-12 21:15 - 2016-08-13 12:15 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {767F6155-2FBD-4FF8-BD3B-811BA10C859F}.job
2017-06-12 21:15 - 2016-08-13 12:15 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {7ECD5781-5D80-4BBD-933A-50B62ECB468B}.job
2017-06-12 21:15 - 2009-07-14 12:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-12 21:15 - 2009-07-14 12:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-12 21:14 - 2015-06-28 23:14 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B8E7F1D8-186A-467E-BAE2-7E5B9ECC56A3}.job
2017-06-12 21:14 - 2015-06-28 23:14 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {AB511A25-4A30-4CB1-96C6-8825595B6317}.job
2017-06-12 21:13 - 2016-12-23 00:13 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {31112A45-7E26-47BE-B657-D9C405C4B212}.job
2017-06-12 21:13 - 2016-12-23 00:13 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {31112A45-7E26-47BE-B657-D9C405C4B212}.job
2017-06-12 21:11 - 2016-12-23 00:11 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {DCF90CA5-5BA3-472F-8A95-58B8107B7E8B}.job
2017-06-12 21:11 - 2016-12-23 00:11 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {8173010E-6B21-4E91-8A3E-03DDD5E16F25}.job
2017-06-12 21:11 - 2016-12-23 00:11 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {575026A6-4F7F-47DE-9ECE-4DCC620A284F}.job
2017-06-12 21:11 - 2016-12-23 00:11 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {8173010E-6B21-4E91-8A3E-03DDD5E16F25}.job
2017-06-12 21:11 - 2016-12-23 00:11 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {575026A6-4F7F-47DE-9ECE-4DCC620A284F}.job
2017-06-12 21:10 - 2016-06-22 15:50 - 00003174 _____ C:\Windows\System32\Tasks\LuminosityLink
2017-06-12 21:10 - 2016-06-22 15:50 - 00001586 _____ C:\ProgramData\XML
2017-06-12 21:10 - 2015-06-28 23:10 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {D7EA2013-C310-40D4-BDCD-2DAE785B38DD}.job
2017-06-12 21:10 - 2015-06-28 23:10 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {AE34496F-B44A-4185-B8D5-50E10CBCC974}.job
2017-06-12 21:10 - 2015-06-28 23:10 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {A48556EA-9F4D-4B2B-98A2-A3FB9CDD4CD3}.job
2017-06-12 21:10 - 2009-07-14 10:34 - 00000536 _____ C:\Windows\win.ini
2017-06-12 21:09 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-12 21:08 - 2015-06-28 23:08 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B1AAC273-D154-44DA-9B42-2D15F93345B2}.job
2017-06-12 21:07 - 2016-12-22 23:07 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {CF4E2A81-9D5B-46C1-B8A5-70EF2EBF5A50}.job
2017-06-12 21:07 - 2016-12-22 23:07 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {6F039DAF-E0B3-42B7-8155-B0EADC22A04E}.job
2017-06-12 21:07 - 2016-12-22 23:07 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {2BE6D8CC-8824-4B65-A9D6-6592C173E459}.job
2017-06-12 21:07 - 2016-12-22 23:07 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {0BF93418-26CA-4F27-9A2F-501FD903A3C1}.job
2017-06-12 21:07 - 2016-12-22 23:07 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {0BDBF4B0-4FC9-4F88-974D-5789913713DA}.job
2017-06-12 21:07 - 2016-12-22 23:07 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {6F039DAF-E0B3-42B7-8155-B0EADC22A04E}.job
2017-06-12 21:07 - 2016-12-22 23:07 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {0BF93418-26CA-4F27-9A2F-501FD903A3C1}.job
2017-06-12 21:07 - 2016-12-22 23:07 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {0BDBF4B0-4FC9-4F88-974D-5789913713DA}.job
2017-06-12 21:06 - 2017-02-15 22:06 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {3A681557-0836-4965-ACF0-7A30FE165336}.job
2017-06-12 21:06 - 2017-02-15 22:06 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {0AD12039-7391-4DED-A80E-FAD6984E689E}.job
2017-06-12 21:06 - 2017-02-15 22:06 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {3A681557-0836-4965-ACF0-7A30FE165336}.job
2017-06-12 21:06 - 2017-02-15 22:06 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {0AD12039-7391-4DED-A80E-FAD6984E689E}.job
2017-06-12 21:05 - 2017-02-15 22:05 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {19B8EBBA-4B36-4774-85CA-FD1A4E09813C}.job
2017-06-12 21:05 - 2017-02-15 22:05 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {19B8EBBA-4B36-4774-85CA-FD1A4E09813C}.job
2017-06-12 21:04 - 2017-02-15 22:04 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {9CDEF2B2-84AA-4AD7-A1DE-433930B86742}.job
2017-06-12 21:04 - 2017-02-15 22:04 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {9CDEF2B2-84AA-4AD7-A1DE-433930B86742}.job
2017-06-12 21:03 - 2016-12-23 00:03 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {F5460C35-0E03-461A-B0DE-4D1359CCBFD2}.job
2017-06-12 21:03 - 2016-12-23 00:03 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {923064F6-2F85-4B9D-9EC5-8BFCD1C80CD7}.job
2017-06-12 21:03 - 2016-12-23 00:03 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {53172728-7115-45BB-B69F-8828E80C13AB}.job
2017-06-12 21:03 - 2016-12-23 00:03 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {F5460C35-0E03-461A-B0DE-4D1359CCBFD2}.job
2017-06-12 21:03 - 2016-12-23 00:03 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {923064F6-2F85-4B9D-9EC5-8BFCD1C80CD7}.job
2017-06-12 21:01 - 2016-12-22 23:01 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B64D9D5F-DD9C-44B0-BFC8-7D2F7D188098}.job
2017-06-12 21:01 - 2016-12-22 23:01 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {94B53A77-9820-4451-9F5B-7485EE2D9D7F}.job
2017-06-12 21:01 - 2016-12-22 23:01 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {11B9866D-5B65-4BE0-BEB3-D0F62D702A60}.job
2017-06-12 21:01 - 2016-12-22 23:01 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {B64D9D5F-DD9C-44B0-BFC8-7D2F7D188098}.job
2017-06-12 21:01 - 2016-12-22 23:01 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {B28DF978-B386-4FE7-911E-99851FC5C648}.job
2017-06-12 21:01 - 2016-12-22 23:01 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {11B9866D-5B65-4BE0-BEB3-D0F62D702A60}.job
2017-06-12 21:00 - 2016-12-23 15:00 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B9D96DB1-36F7-4394-BB8C-9A90E3619F04}.job
2017-06-12 21:00 - 2016-12-23 15:00 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {B9D96DB1-36F7-4394-BB8C-9A90E3619F04}.job
2017-06-12 21:00 - 2016-12-22 23:00 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {D45F3058-3DF0-4964-894F-E073F581E275}.job
2017-06-12 21:00 - 2016-12-22 23:00 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {C0F30001-0D4D-47EC-95D6-E13E4B6097DA}.job
2017-06-12 21:00 - 2016-12-22 23:00 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B28DF978-B386-4FE7-911E-99851FC5C648}.job
2017-06-12 21:00 - 2016-12-22 23:00 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {8522B4B3-7D55-420C-8E9B-0546C4BAFA6B}.job
2017-06-12 21:00 - 2016-12-22 23:00 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {D45F3058-3DF0-4964-894F-E073F581E275}.job
2017-06-12 21:00 - 2016-12-22 23:00 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {8522B4B3-7D55-420C-8E9B-0546C4BAFA6B}.job
2017-06-12 21:00 - 2015-02-18 14:00 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {AD0FC2D9-1F83-4CA9-AF0F-EE2E52749B6F}.job
2017-06-12 20:59 - 2017-02-15 21:59 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {8AE44409-A357-42F1-B398-AA3BD399E9A4}.job
2017-06-12 20:59 - 2017-02-15 21:59 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {40C8B056-B78C-4BD3-9622-EF622881CAA0}.job
2017-06-12 20:59 - 2017-02-15 21:59 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {8AE44409-A357-42F1-B398-AA3BD399E9A4}.job
2017-06-12 20:59 - 2017-02-15 21:59 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {40C8B056-B78C-4BD3-9622-EF622881CAA0}.job
2017-06-12 20:59 - 2016-12-22 23:59 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {D92F9557-E430-4C85-8B0C-2F0DCC699C39}.job
2017-06-12 20:59 - 2016-12-22 23:59 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {2BF93C09-96CE-41AF-A012-B42E3DE7C801}.job
2017-06-12 20:59 - 2016-12-22 23:59 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {D92F9557-E430-4C85-8B0C-2F0DCC699C39}.job
2017-06-12 20:58 - 2017-02-15 21:58 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {BE544974-A9B8-4DA2-A37C-374A789E4D68}.job
2017-06-12 20:56 - 2016-06-12 18:56 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {F7A8B03A-B082-4CF4-8301-3B3C77AD96B0}.job
2017-06-12 20:53 - 2017-01-17 23:53 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {2F5F175A-750E-43F4-9C23-222B14C10C82}.job
2017-06-12 20:53 - 2017-01-17 23:53 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {2F5F175A-750E-43F4-9C23-222B14C10C82}.job
2017-06-12 20:52 - 2017-01-17 23:52 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {BF955A87-0327-41DB-8231-02AC5044195C}.job
2017-06-12 20:52 - 2017-01-17 23:52 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {BACB613B-EF71-4CB0-A5CC-31C08BA7FC55}.job
2017-06-12 20:52 - 2017-01-17 23:52 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {A7625A93-8A7F-4192-92FC-6B0AFE2AF7CD}.job
2017-06-12 20:52 - 2017-01-17 23:52 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {9C806EEB-788D-4487-B321-39765C91F135}.job
2017-06-12 20:52 - 2017-01-17 23:52 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {63C01B13-AA77-4EC6-8E4A-29E1B2A36B22}.job
2017-06-12 20:52 - 2017-01-17 23:52 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {61591865-3D3E-4446-B5DE-0A9D1211653D}.job
2017-06-12 20:52 - 2017-01-17 23:52 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {56EDD362-4067-47F0-930E-E1D492511C8A}.job
2017-06-12 20:52 - 2017-01-17 23:52 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {54606F8C-AB81-4DCC-9F82-B5F60D5AEA0C}.job
2017-06-12 20:52 - 2017-01-17 23:52 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {4817A041-7C9E-4AFE-AE35-E7185E870C85}.job
2017-06-12 20:52 - 2017-01-17 23:52 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {BF955A87-0327-41DB-8231-02AC5044195C}.job
2017-06-12 20:52 - 2017-01-17 23:52 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {63C01B13-AA77-4EC6-8E4A-29E1B2A36B22}.job
2017-06-12 20:52 - 2017-01-17 23:52 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {61591865-3D3E-4446-B5DE-0A9D1211653D}.job
2017-06-12 20:52 - 2017-01-17 23:52 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {56EDD362-4067-47F0-930E-E1D492511C8A}.job
2017-06-12 20:52 - 2017-01-17 23:52 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {54606F8C-AB81-4DCC-9F82-B5F60D5AEA0C}.job
2017-06-12 20:52 - 2017-01-17 23:52 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {4817A041-7C9E-4AFE-AE35-E7185E870C85}.job
2017-06-12 20:51 - 2017-01-17 23:51 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {E39912A1-92B2-4BF6-A98F-0A73B1BE9E3B}.job
2017-06-12 20:51 - 2017-01-17 23:51 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {673CB302-A1A2-4EBA-8D7C-FF5DFC0C6A17}.job
2017-06-12 20:51 - 2017-01-17 23:51 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {4F7E19BB-AA13-4B05-830A-FC37ED3690D9}.job
2017-06-12 20:51 - 2017-01-17 23:51 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {0945E20C-A0CE-4B53-8A19-52CC11AD80B2}.job
2017-06-12 20:51 - 2017-01-17 23:51 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {E39912A1-92B2-4BF6-A98F-0A73B1BE9E3B}.job
2017-06-12 20:51 - 2017-01-17 23:51 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {673CB302-A1A2-4EBA-8D7C-FF5DFC0C6A17}.job
2017-06-12 20:51 - 2017-01-17 23:51 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {4F7E19BB-AA13-4B05-830A-FC37ED3690D9}.job
2017-06-12 20:51 - 2017-01-17 23:51 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {0945E20C-A0CE-4B53-8A19-52CC11AD80B2}.job
2017-06-12 20:50 - 2016-12-23 00:50 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {77C84F48-F83A-43CD-A616-AC31F124BA81}.job
2017-06-12 20:50 - 2016-12-23 00:50 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {361C43AD-365F-4C27-9452-37F9A86A7D7E}.job
2017-06-12 20:50 - 2016-12-23 00:50 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {361C43AD-365F-4C27-9452-37F9A86A7D7E}.job
2017-06-12 20:50 - 2016-12-22 23:50 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {E0BF518E-74AE-4895-9063-4E33E48F0B60}.job
2017-06-12 20:50 - 2016-12-22 23:50 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {C0E1C497-8C54-4136-94A6-B04DE1E1DF92}.job
2017-06-12 20:50 - 2016-12-22 23:50 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {96D4458C-3B72-46F1-98EE-7CE06220E0B7}.job
2017-06-12 20:50 - 2016-12-22 23:50 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {E0BF518E-74AE-4895-9063-4E33E48F0B60}.job
2017-06-12 20:50 - 2016-12-22 23:50 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {96D4458C-3B72-46F1-98EE-7CE06220E0B7}.job
2017-06-12 20:49 - 2016-12-22 23:49 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {BCABEFED-8F5F-4BE2-AA5C-23AD22B3E5DC}.job
2017-06-12 20:49 - 2016-12-22 23:49 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B0FA0769-EEEE-4765-9A1F-C055FA84060E}.job
2017-06-12 20:49 - 2016-12-22 23:49 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {95BF96CC-7F12-43AB-9F7A-EA88F6B2A8AE}.job
2017-06-12 20:49 - 2016-12-22 23:49 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {9041F106-8392-4D17-95EB-2BE2119462F5}.job
2017-06-12 20:49 - 2016-12-22 23:49 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {59E03C22-C419-4437-8868-2BC51E7F6B39}.job
2017-06-12 20:49 - 2016-12-22 23:49 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {429FF793-A1F8-481A-97B0-C22DF8F417C7}.job
2017-06-12 20:49 - 2016-12-22 23:49 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {BCABEFED-8F5F-4BE2-AA5C-23AD22B3E5DC}.job
2017-06-12 20:49 - 2016-12-22 23:49 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {B0FA0769-EEEE-4765-9A1F-C055FA84060E}.job
2017-06-12 20:49 - 2016-12-22 23:49 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {9041F106-8392-4D17-95EB-2BE2119462F5}.job
2017-06-12 20:49 - 2016-12-22 23:49 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {59E03C22-C419-4437-8868-2BC51E7F6B39}.job
2017-06-12 20:48 - 2017-02-15 22:48 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B0CB9B3F-86CF-4C38-A53B-316AFC7E939A}.job
2017-06-12 20:48 - 2017-02-15 22:48 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {B0CB9B3F-86CF-4C38-A53B-316AFC7E939A}.job
2017-06-12 20:43 - 2016-08-13 13:43 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {F1D839EB-DAF5-4D96-B0B2-D85F1C4EF012}.job
2017-06-12 20:43 - 2016-08-13 13:43 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {C4764ACA-96DB-4717-8571-A8DB09DB510C}.job
2017-06-12 20:43 - 2016-08-13 13:43 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {991BDDD4-478F-4E03-A726-836246A153D2}.job
2017-06-12 20:43 - 2016-08-13 13:43 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {5C719241-5084-453D-8A62-01B45913CA22}.job
2017-06-12 20:43 - 2016-08-13 13:43 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {52303A7F-CE52-4D2C-B47E-729650A2FA6B}.job
2017-06-12 20:43 - 2016-08-13 13:43 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {C4764ACA-96DB-4717-8571-A8DB09DB510C}.job
2017-06-12 20:42 - 2016-12-22 23:42 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {15B0FE6C-321B-4443-B289-F073D2EE240E}.job
2017-06-12 20:42 - 2016-12-22 23:42 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {076607A0-06B0-443C-9F34-D551B9FB37E9}.job
2017-06-12 20:42 - 2016-12-22 23:42 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {15B0FE6C-321B-4443-B289-F073D2EE240E}.job
2017-06-12 20:42 - 2016-12-22 23:42 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {076607A0-06B0-443C-9F34-D551B9FB37E9}.job
2017-06-12 20:41 - 2017-02-15 22:41 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {FD45EB76-BC51-4960-B039-0F2B0DFE7359}.job
2017-06-12 20:41 - 2017-02-15 22:41 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {FD45EB76-BC51-4960-B039-0F2B0DFE7359}.job
2017-06-12 20:40 - 2016-12-23 00:40 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {AC942F54-EC7B-4170-B734-4F9A2D937F48}.job
2017-06-12 20:40 - 2016-12-23 00:40 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {0FEA2E08-71EE-424C-B547-B2A11A47135A}.job
2017-06-12 20:40 - 2016-12-23 00:40 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {AC942F54-EC7B-4170-B734-4F9A2D937F48}.job
2017-06-12 20:39 - 2017-02-15 22:39 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {C6206D3A-F894-447C-8AE5-6EC8C7C09597}.job
2017-06-12 20:39 - 2017-02-15 22:39 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {C6206D3A-F894-447C-8AE5-6EC8C7C09597}.job
2017-06-12 20:39 - 2015-06-28 23:39 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {F432CF11-98F4-4C6D-A154-D6877A88F236}.job
2017-06-12 20:39 - 2015-06-28 23:39 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {CA4F91A2-7469-4F2C-BFEF-CE7958852192}.job
2017-06-12 20:39 - 2015-06-28 23:39 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {C29C5699-3F62-4A9C-8C38-7BA39870D2C7}.job
2017-06-12 20:38 - 2016-08-13 13:38 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {8B7EE502-C0B8-45A2-9052-52EAC2AC2554}.job
2017-06-12 20:38 - 2016-08-13 13:38 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {8B7EE502-C0B8-45A2-9052-52EAC2AC2554}.job
2017-06-12 20:38 - 2015-06-28 23:38 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {C8C9C360-AD66-4FF4-8DFB-91D96A681643}.job
2017-06-12 20:38 - 2015-06-28 23:38 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B2DB7838-52D3-4AA1-B2DB-2F30072B44F2}.job
2017-06-12 20:37 - 2016-12-23 00:37 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {4BDEE119-B717-402A-A620-FA197FB852AF}.job
2017-06-12 20:37 - 2016-12-23 00:37 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {4BDEE119-B717-402A-A620-FA197FB852AF}.job
2017-06-12 20:35 - 2016-08-13 13:35 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {7767468D-9230-422D-96CB-AEAAE8B9197B}.job
2017-06-12 20:35 - 2016-08-13 13:35 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {7767468D-9230-422D-96CB-AEAAE8B9197B}.job
2017-06-12 20:34 - 2016-12-22 23:34 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {A78B13F3-59AE-4D21-B8F6-7A597745C359}.job
2017-06-12 20:34 - 2016-12-22 23:34 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {59BA4BD5-B408-46E9-AF21-E697D56DE272}.job
2017-06-12 20:34 - 2016-12-22 23:34 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {3178E5BD-7B60-4991-AAE2-97389A8EBF05}.job
2017-06-12 20:34 - 2016-12-22 23:34 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {2080B9DB-8458-4485-89C1-39A42A81B12D}.job
2017-06-12 20:34 - 2016-12-22 23:34 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {15D4DEEF-E7F3-48F4-8456-480110D65669}.job
2017-06-12 20:34 - 2016-12-22 23:34 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {0990E0C4-B9E2-40E8-BB24-0F586A3355BE}.job
2017-06-12 20:34 - 2016-12-22 23:34 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {A78B13F3-59AE-4D21-B8F6-7A597745C359}.job
2017-06-12 20:34 - 2016-12-22 23:34 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {59BA4BD5-B408-46E9-AF21-E697D56DE272}.job
2017-06-12 20:34 - 2016-12-22 23:34 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {3178E5BD-7B60-4991-AAE2-97389A8EBF05}.job
2017-06-12 20:34 - 2016-12-22 23:34 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {2080B9DB-8458-4485-89C1-39A42A81B12D}.job
2017-06-12 20:34 - 2016-12-22 23:34 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {15D4DEEF-E7F3-48F4-8456-480110D65669}.job
2017-06-12 20:33 - 2015-06-28 23:33 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {AA6C45F5-96EB-47F4-BE74-AD2CAAB777B1}.job
2017-06-12 20:33 - 2015-06-28 23:33 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {A1B17B6C-736C-4FD2-AC8E-93641464F116}.job
2017-06-12 20:31 - 2016-12-23 00:31 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {49472541-BCFC-4E02-9159-415E6D179F10}.job
2017-06-12 20:31 - 2016-12-23 00:31 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {49472541-BCFC-4E02-9159-415E6D179F10}.job
2017-06-12 20:30 - 2016-12-22 23:30 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {ED69AB80-85D2-4428-AA08-310AA38B22E1}.job
2017-06-12 20:30 - 2016-12-22 23:30 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {5AFFB5D6-485A-4390-9FDA-DD9BCCA2B610}.job
2017-06-12 20:30 - 2016-12-22 23:30 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {ED69AB80-85D2-4428-AA08-310AA38B22E1}.job
2017-06-12 20:30 - 2016-12-22 23:30 - 00000725 _____ C:\Windows\Tasks\EPSON L120 Series Invitation {5AFFB5D6-485A-4390-9FDA-DD9BCCA2B610}.job
2017-06-12 20:23 - 2014-05-19 16:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-12 20:17 - 2009-07-14 13:13 - 00779966 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-12 20:17 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2017-06-12 20:16 - 2016-06-22 15:50 - 00000000 _RSHD C:\ProgramData\309974
2017-06-12 16:09 - 2015-06-28 23:09 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {EC468A96-A70C-4C74-B92C-A86F1C0EB4D8}.job
2017-06-12 16:09 - 2015-06-28 23:09 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {EAF25931-0271-4BCB-A4BF-A2D9F0B97242}.job
2017-06-12 16:09 - 2015-06-28 23:09 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {CACA3BCE-4F80-4645-BBC9-39D20D52AF7A}.job
2017-06-12 16:09 - 2015-06-28 23:09 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {AD3AC5D3-FD6A-4763-86E4-BA24B12A35C8}.job
2017-06-11 21:09 - 2014-09-10 23:16 - 00000000 ___RD C:\Users\axcel\Documents\Chief Architect Premier X6 Data
2017-06-11 21:09 - 2014-09-10 23:15 - 00000000 ____D C:\Users\axcel\AppData\Local\Chief Architect Premier X6
2017-06-11 18:17 - 2014-07-04 17:04 - 00000000 ____D C:\Users\axcel\AppData\Local\CrashDumps
2017-06-10 22:46 - 2014-05-19 13:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-08 16:25 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2017-06-04 01:45 - 2014-05-19 11:49 - 00000000 ____D C:\Program Files\Intel
2017-06-04 01:44 - 2014-05-19 13:12 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-04 01:44 - 2014-05-19 13:12 - 00000000 ____D C:\ProgramData\Intel
2017-06-04 00:10 - 2014-07-07 17:28 - 00000000 ____D C:\Users\axcel\AppData\Roaming\Google
2017-06-03 12:11 - 2009-07-14 13:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-30 11:58 - 2014-05-23 16:09 - 00000000 ____D C:\Windows\Minidump
2017-05-30 11:57 - 2014-05-23 16:09 - 407134646 _____ C:\Windows\MEMORY.DMP
2017-05-14 23:28 - 2014-05-19 11:44 - 00000000 ____D C:\Users\axcel
2017-05-14 23:27 - 2014-05-19 16:35 - 00000000 ____D C:\ProgramData\Skype
2017-05-14 23:19 - 2014-05-19 16:34 - 00362029 _____ C:\Users\axcel\Downloads\sqlite3.dll
 
==================== Files in the root of some directories =======
 
2017-06-12 20:26 - 2016-05-17 15:18 - 0401408 _____ () C:\Users\axcel\AppData\Roaming\clientmon.exe
2017-06-06 22:40 - 2017-06-06 22:40 - 0178530 __RSH () C:\Users\axcel\AppData\Roaming\csrss.exe
2017-06-06 22:40 - 2017-06-06 22:42 - 0000000 _____ () C:\Users\axcel\AppData\Roaming\rundll3.exe
2017-06-06 22:40 - 2017-06-06 22:42 - 0000000 _____ () C:\Users\axcel\AppData\Roaming\rundll32.exe
2017-06-06 22:40 - 2017-06-06 22:42 - 0000000 _____ () C:\Users\axcel\AppData\Roaming\svchost.exe
2016-12-15 08:16 - 2016-12-15 08:16 - 0000000 _____ () C:\Users\axcel\AppData\Local\{F085810B-B9D1-43FA-AB27-86284F388F7D}
2016-06-22 15:50 - 2016-06-22 15:50 - 0000006 ____S () C:\ProgramData\b1de13cbd281fdcffe1e3a19b1127b4a8455757e
2014-05-19 13:29 - 2014-05-19 13:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2009-07-14 07:31 - 2009-07-14 09:14 - 89416064 ___SH () C:\ProgramData\msqcovm.exe
2016-06-22 15:50 - 2017-06-12 21:10 - 0001586 _____ () C:\ProgramData\XML
 
Files to move or delete:
====================
C:\ProgramData\msqcovm.exe
 
 
Some files in TEMP:
====================
2014-05-20 08:43 - 2011-12-14 14:34 - 0039336 _____ (Autodesk, Inc.) C:\Users\axcel\AppData\Local\Temp\AcDeltree.exe
2017-03-13 07:46 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo1005241127.dll
2017-03-21 20:19 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo1046007412.dll
2017-03-23 12:07 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo1050341406.dll
2017-03-06 13:58 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo1066446995.dll
2017-03-09 20:29 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo1074114058.dll
2017-05-08 22:01 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo1079817774.dll
2017-05-01 22:38 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo110928978.dll
2017-05-21 22:41 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo1235219685.dll
2017-02-05 18:19 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo1308674120.dll
2017-04-03 19:45 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo1413413252.dll
2017-03-27 10:42 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo145473348.dll
2017-05-22 21:04 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo150521089.dll
2017-05-22 21:06 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo1560229144.dll
2017-05-29 21:31 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo1771882105.dll
2017-05-08 12:02 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo1784289995.dll
2017-03-09 20:29 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo1824747398.dll
2017-04-07 22:07 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo1882384209.dll
2017-02-06 12:41 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo1958320296.dll
2017-05-19 15:34 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo197278159.dll
2017-05-18 08:11 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo1991780290.dll
2017-03-06 13:58 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo1994421805.dll
2017-05-24 17:05 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2050023539.dll
2017-04-25 11:06 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2051511785.dll
2017-05-09 21:52 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2053213313.dll
2017-05-18 20:14 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo207765082.dll
2017-03-27 10:42 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2199421043.dll
2017-04-25 11:13 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2210078446.dll
2017-05-30 07:41 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2221901122.dll
2017-02-16 21:15 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2243270484.dll
2017-05-01 22:32 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2246581139.dll
2017-05-01 10:46 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2328768989.dll
2017-01-10 10:41 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2365546578.dll
2017-01-10 10:41 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2471897016.dll
2017-05-19 15:53 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2494125588.dll
2017-06-02 21:24 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo255227626.dll
2017-02-15 12:55 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2574695972.dll
2017-01-07 11:31 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2597531543.dll
2017-02-27 10:29 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2623687034.dll
2017-06-01 20:11 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2653398026.dll
2017-04-18 20:12 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2698313445.dll
2017-04-14 10:15 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2714767272.dll
2017-06-12 15:19 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2806211765.dll
2017-05-11 19:04 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2819885192.dll
2017-03-21 20:19 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2852537575.dll
2017-05-01 10:42 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2873206399.dll
2017-03-23 12:07 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2935976654.dll
2017-02-15 12:55 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo2987195227.dll
2017-02-27 10:29 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo3062624176.dll
2017-03-16 11:42 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo3216234141.dll
2017-03-02 12:48 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo3238304075.dll
2017-03-13 07:46 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo3334721305.dll
2017-02-16 21:15 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo3424550242.dll
2017-03-16 11:42 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo3611471864.dll
2017-05-04 18:40 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo3834871217.dll
2017-05-10 20:53 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo3957922174.dll
2017-03-02 12:48 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo4073421417.dll
2017-02-21 19:57 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo4086846547.dll
2017-04-05 19:07 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo4144200092.dll
2017-05-04 17:21 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo4160521776.dll
2017-04-14 10:19 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo4171154915.dll
2017-02-21 19:57 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo449342281.dll
2016-12-12 21:26 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo467942176.dll
2017-04-18 21:49 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo481149798.dll
2017-04-14 10:17 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo590301654.dll
2017-06-12 20:11 - 2009-07-14 09:15 - 0805376 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\cdo901713144.dll
2017-06-06 22:40 - 2017-06-06 22:42 - 0000000 _____ () C:\Users\axcel\AppData\Local\Temp\KB07191053.exe
2010-03-12 11:13 - 2010-03-12 11:13 - 0149352 ____R (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\ose00000.exe
2017-05-14 23:26 - 2017-05-14 23:26 - 14456872 _____ (Microsoft Corporation) C:\Users\axcel\AppData\Local\Temp\vc_redist.x86.exe
2016-03-17 09:56 - 2016-03-17 10:08 - 0000000 _____ () C:\Users\axcel\AppData\Local\Temp\{DC1B2DD8-5BE1-4A30-831C-1FE961D68B32}-49.0.2623.87_48.0.2564.116_chrome_updater.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys
[2009-07-14 07:20] - [2009-07-14 09:45] - 0294992 _____ () D41D8CD98F00B204E9800998ECF8427E
 
C:\Windows\system32\Drivers\volsnap.sys => no Company Name <===== ATTENTION
 
 
 
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION
 
LastRegBack: 2016-05-31 09:34
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 AM

Posted 12 June 2017 - 08:55 AM

Hi XeLiOs :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Please give me a few hours to review your logs and get back at you.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 AM

Posted 12 June 2017 - 09:04 AM

IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker. Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities. You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity. If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:

  • Reimaging the system
  • Restoring the entire system using a full system backup from before the backdoor infection
  • Reformatting and reinstalling the system
Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. Thats right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


So you have two options here: either we go ahead with the clean-up (though I cannot guarantee that the system still won't be infected after it), or we can do a nuke and pave (format and reinstall). I'm available to assist you with both options.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 XeLiOs

XeLiOs
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 12 June 2017 - 09:15 AM

Hello Aura!

 

Thank you so much for the response. This is worrysome, but lets do the clean-up for now since I do not have much time to do a complete reformat.



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 AM

Posted 12 June 2017 - 09:16 AM

Alright, let's get started then.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 XeLiOs

XeLiOs
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 12 June 2017 - 09:34 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-06-2017
Ran by axcel (12-06-2017 22:23:39) Run:1
Running from C:\Users\axcel\Desktop
Loaded Profiles: axcel &  (Available Profiles: axcel)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
 
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [syshost32] => C:\Windows\Installer\{B6BBF663-4571-1ED1-1E90-09ACFD4AD36D}\syshost.exe [205666 2017-04-05] ()
HKU\S-1-5-21-1753474392-3383805119-188504131-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-1753474392-3383805119-188504131-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcovm.exe <===== ATTENTION
HKU\S-1-5-21-1753474392-3383805119-188504131-1000\...\Winlogon: [Shell] explorer.exe,"C:\Users\axcel\AppData\Roaming\clientmon.exe" <==== ATTENTION
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211134973\...\Policies\Explorer: [] 
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211134973\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcovm.exe <===== ATTENTION
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211134973\...\Winlogon: [Shell] explorer.exe,"C:\Users\axcel\AppData\Roaming\clientmon.exe" <==== ATTENTION
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211154962\...\Policies\Explorer: [] 
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211154962\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcovm.exe <===== ATTENTION
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211154962\...\Winlogon: [Shell] explorer.exe,"C:\Users\axcel\AppData\Roaming\clientmon.exe" <==== ATTENTION
 
"e837be2242989542" => service could not be unlocked. <===== ATTENTION
U5 e837be2242989542; C:\Windows\System32\Drivers\e837be2242989542.sys [76248 2017-04-05] () <===== ATTENTION Necurs Rootkit?
U5 e837be2242989542;  <===== ATTENTION: Locked Service
 
Task: C:\Windows\Tasks\ Invitation {0990E0C4-B9E2-40E8-BB24-0F586A3355BE}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {0B4EEFA0-2594-4904-B8A3-B1E5F213B35B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {0F559F96-FB77-4E62-88DF-833183CD56EF}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {0FEA2E08-71EE-424C-B547-B2A11A47135A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {183F9C3B-E604-4505-8C20-98304835C421}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {1B1BA525-8D26-47D4-9C81-9265F9E46A9C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {2BE6D8CC-8824-4B65-A9D6-6592C173E459}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {2BF93C09-96CE-41AF-A012-B42E3DE7C801}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {423CCF81-54FF-4298-B4F6-50B8F8EAC898}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {429FF793-A1F8-481A-97B0-C22DF8F417C7}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {42FC6CF6-9ED3-48CD-A95B-AB6EFFCDC433}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {440CCD90-32B0-4E82-A758-C4124847BC86}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {44C25B5B-A928-42CA-B5CD-BCF498009EA4}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {4C74FB7B-5578-485D-949D-B0668069A108}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {4EF9B7C4-33A3-41DE-9EA3-E1A7EB74842E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {52303A7F-CE52-4D2C-B47E-729650A2FA6B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {53172728-7115-45BB-B69F-8828E80C13AB}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {55B0585F-6B00-4614-B681-1E85D6827930}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {57DFA46F-C11E-49AA-A809-DCF342B7CC3C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {5C719241-5084-453D-8A62-01B45913CA22}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {5CC1239C-CA91-49E8-B1A0-A1D92D295657}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {607D29BE-A79C-4C69-8FBE-0E3F851A8B19}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {62DE6C02-4972-4523-B36B-84E37E8A251E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {639AF556-B2E0-4150-8C96-E1003CC1CB56}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {767F6155-2FBD-4FF8-BD3B-811BA10C859F}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {77058D4B-90F5-4422-9600-7C1A23622B4F}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {77C84F48-F83A-43CD-A616-AC31F124BA81}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {7EE9FC5F-2C23-470B-8B04-F9BD7F14C4D1}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {87141DF5-1AAD-4630-B36C-7CA7B0A34CC8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {8A59FA87-E54B-45ED-A3F5-2C2F5EBDCFD0}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {94B53A77-9820-4451-9F5B-7485EE2D9D7F}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {9536C899-BE3B-486E-82DA-556356551BDE}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {95BF96CC-7F12-43AB-9F7A-EA88F6B2A8AE}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {991BDDD4-478F-4E03-A726-836246A153D2}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {9B139B28-B93D-467C-BCA5-C38D5286ABAD}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {9C806EEB-788D-4487-B321-39765C91F135}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {9D305F75-A5AE-405D-A888-4D9D3C1FC0B6}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {A1AC75D8-5C5A-4E2A-8F17-5E9DA01A2D49}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {A1B17B6C-736C-4FD2-AC8E-93641464F116}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {A48556EA-9F4D-4B2B-98A2-A3FB9CDD4CD3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {A7625A93-8A7F-4192-92FC-6B0AFE2AF7CD}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {AD3AC5D3-FD6A-4763-86E4-BA24B12A35C8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {AE34496F-B44A-4185-B8D5-50E10CBCC974}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {B1AAC273-D154-44DA-9B42-2D15F93345B2}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {B2DB7838-52D3-4AA1-B2DB-2F30072B44F2}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {B6C1B646-0BEA-438F-B7E4-B775FB74E09B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {B8E7F1D8-186A-467E-BAE2-7E5B9ECC56A3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {BACB613B-EF71-4CB0-A5CC-31C08BA7FC55}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {BE544974-A9B8-4DA2-A37C-374A789E4D68}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {C0E1C497-8C54-4136-94A6-B04DE1E1DF92}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {C0F30001-0D4D-47EC-95D6-E13E4B6097DA}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {C29C5699-3F62-4A9C-8C38-7BA39870D2C7}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {C8C9C360-AD66-4FF4-8DFB-91D96A681643}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {CA4F91A2-7469-4F2C-BFEF-CE7958852192}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {CACA3BCE-4F80-4645-BBC9-39D20D52AF7A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {CF4E2A81-9D5B-46C1-B8A5-70EF2EBF5A50}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {D7EA2013-C310-40D4-BDCD-2DAE785B38DD}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {DCF90CA5-5BA3-472F-8A95-58B8107B7E8B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {EC468A96-A70C-4C74-B92C-A86F1C0EB4D8}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {F1D839EB-DAF5-4D96-B0B2-D85F1C4EF012}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Invitation {F432CF11-98F4-4C6D-A154-D6877A88F236}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\ Update {4C74FB7B-5578-485D-949D-B0668069A108}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {0517B812-8C6B-430F-8A77-589A57347ABE}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {076607A0-06B0-443C-9F34-D551B9FB37E9}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {0945E20C-A0CE-4B53-8A19-52CC11AD80B2}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {0AD12039-7391-4DED-A80E-FAD6984E689E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {0BDBF4B0-4FC9-4F88-974D-5789913713DA}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {0BF93418-26CA-4F27-9A2F-501FD903A3C1}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {0CC11548-410E-4C8F-8E5A-C15452C0A899}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {11453CD6-D461-40CA-B339-C668E40A786D}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {11B9866D-5B65-4BE0-BEB3-D0F62D702A60}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {145256CE-C5E3-4574-B831-B74C6535FC8E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {15B0FE6C-321B-4443-B289-F073D2EE240E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {15D4DEEF-E7F3-48F4-8456-480110D65669}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {19B8EBBA-4B36-4774-85CA-FD1A4E09813C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {2080B9DB-8458-4485-89C1-39A42A81B12D}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {2516637E-2C2D-47BB-94A6-836BB9A0C19F}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {2F5F175A-750E-43F4-9C23-222B14C10C82}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {31112A45-7E26-47BE-B657-D9C405C4B212}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {3178E5BD-7B60-4991-AAE2-97389A8EBF05}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {358D033B-EBD2-4D16-96E2-9BA1682DC620}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {361C43AD-365F-4C27-9452-37F9A86A7D7E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {3A681557-0836-4965-ACF0-7A30FE165336}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {40C8B056-B78C-4BD3-9622-EF622881CAA0}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {47CF474E-FF0D-4FA4-85E8-8A6958711741}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {4817A041-7C9E-4AFE-AE35-E7185E870C85}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {49472541-BCFC-4E02-9159-415E6D179F10}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {4BDEE119-B717-402A-A620-FA197FB852AF}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {4F7E19BB-AA13-4B05-830A-FC37ED3690D9}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {54606F8C-AB81-4DCC-9F82-B5F60D5AEA0C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {56EDD362-4067-47F0-930E-E1D492511C8A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {575026A6-4F7F-47DE-9ECE-4DCC620A284F}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {59BA4BD5-B408-46E9-AF21-E697D56DE272}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {59E03C22-C419-4437-8868-2BC51E7F6B39}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {5AFFB5D6-485A-4390-9FDA-DD9BCCA2B610}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {60583F15-6B33-411B-9B02-CCE10C79ACDB}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {61591865-3D3E-4446-B5DE-0A9D1211653D}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {61B8713F-1D54-4F96-911F-8CC0434C0289}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {63C01B13-AA77-4EC6-8E4A-29E1B2A36B22}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {673CB302-A1A2-4EBA-8D7C-FF5DFC0C6A17}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {6B25CB13-7D7B-4794-9EA0-8322CE0EF909}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {6F039DAF-E0B3-42B7-8155-B0EADC22A04E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {7767468D-9230-422D-96CB-AEAAE8B9197B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {7ECD5781-5D80-4BBD-933A-50B62ECB468B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {8095E00A-CF7B-45BB-B5FD-28C78A6B2780}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {8173010E-6B21-4E91-8A3E-03DDD5E16F25}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {8522B4B3-7D55-420C-8E9B-0546C4BAFA6B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {8AE44409-A357-42F1-B398-AA3BD399E9A4}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {8B7EE502-C0B8-45A2-9052-52EAC2AC2554}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {9041F106-8392-4D17-95EB-2BE2119462F5}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {923064F6-2F85-4B9D-9EC5-8BFCD1C80CD7}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {94720362-C5C8-48D4-9016-E75551A6DD81}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {96D4458C-3B72-46F1-98EE-7CE06220E0B7}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {9CDEF2B2-84AA-4AD7-A1DE-433930B86742}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {A78B13F3-59AE-4D21-B8F6-7A597745C359}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {AA6C45F5-96EB-47F4-BE74-AD2CAAB777B1}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {AB511A25-4A30-4CB1-96C6-8825595B6317}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {AC942F54-EC7B-4170-B734-4F9A2D937F48}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {AD0FC2D9-1F83-4CA9-AF0F-EE2E52749B6F}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {B0CB9B3F-86CF-4C38-A53B-316AFC7E939A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {B0FA0769-EEEE-4765-9A1F-C055FA84060E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {B28DF978-B386-4FE7-911E-99851FC5C648}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {B3B82D78-9BCE-4596-BB08-E5B77ABD953E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {B64D9D5F-DD9C-44B0-BFC8-7D2F7D188098}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {B9D96DB1-36F7-4394-BB8C-9A90E3619F04}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {BCABEFED-8F5F-4BE2-AA5C-23AD22B3E5DC}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {BF955A87-0327-41DB-8231-02AC5044195C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {C4764ACA-96DB-4717-8571-A8DB09DB510C}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {C6206D3A-F894-447C-8AE5-6EC8C7C09597}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {C80DA302-F99C-4203-9BC5-A7CA7B2474D7}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {D45F3058-3DF0-4964-894F-E073F581E275}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {D92F9557-E430-4C85-8B0C-2F0DCC699C39}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {E0BF518E-74AE-4895-9063-4E33E48F0B60}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {E39912A1-92B2-4BF6-A98F-0A73B1BE9E3B}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {EAF25931-0271-4BCB-A4BF-A2D9F0B97242}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {ED69AB80-85D2-4428-AA08-310AA38B22E1}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {EDEB0373-E70B-4BDA-8130-6B6A81E1E630}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {F19EFECB-7579-4C75-8B69-65B54DC0CB50}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {F5460C35-0E03-461A-B0DE-4D1359CCBFD2}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {F7A8B03A-B082-4CF4-8301-3B3C77AD96B0}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
Task: C:\Windows\Tasks\EPSON L120 Series Invitation {FD45EB76-BC51-4960-B039-0F2B0DFE7359}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSLUE.EXE
 
AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939 [116]
 
C:\ProgramData\309974
C:\ProgramData\b1de13cbd281fdcffe1e3a19b1127b4a8455757e
C:\ProgramData\msqcovm.exe
C:\Users\axcel\AppData\Roaming\clientmon.exe
C:\Users\axcel\AppData\Roaming\svchost.exe
C:\Users\axcel\AppData\Roaming\rundll32.exe
C:\Users\axcel\AppData\Roaming\rundll3.exe
C:\Users\axcel\AppData\Roaming\csrss.exe
C:\Windows\Installer\{B6BBF663-4571-1ED1-1E90-09ACFD4AD36D}
C:\Windows\System32\Drivers\e837be2242989542.sys
C:\Windows\System32\Tasks\LuminosityLink
 
EmptyTemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\syshost32 => value removed successfully
HKU\S-1-5-21-1753474392-3383805119-188504131-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
HKU\S-1-5-21-1753474392-3383805119-188504131-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => value removed successfully
HKU\S-1-5-21-1753474392-3383805119-188504131-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211134973\...\Policies\Explorer: [] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211134973\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcovm.exe <===== ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211134973\...\Winlogon: [Shell] explorer.exe,"C:\Users\axcel\AppData\Roaming\clientmon.exe" <==== ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211154962\...\Policies\Explorer: [] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211154962\...\CurrentVersion\Windows: [Load] C:\ProgramData\msqcovm.exe <===== ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-21-1753474392-3383805119-188504131-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06122017211154962\...\Winlogon: [Shell] explorer.exe,"C:\Users\axcel\AppData\Roaming\clientmon.exe" <==== ATTENTION => Error: No automatic fix found for this entry.
"e837be2242989542" => service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\e837be2242989542 => key could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\e837be2242989542 => key could not remove. Access Denied.
C:\Windows\Tasks\ Invitation {0990E0C4-B9E2-40E8-BB24-0F586A3355BE}.job => moved successfully
C:\Windows\Tasks\ Invitation {0B4EEFA0-2594-4904-B8A3-B1E5F213B35B}.job => moved successfully
C:\Windows\Tasks\ Invitation {0F559F96-FB77-4E62-88DF-833183CD56EF}.job => moved successfully
C:\Windows\Tasks\ Invitation {0FEA2E08-71EE-424C-B547-B2A11A47135A}.job => moved successfully
C:\Windows\Tasks\ Invitation {183F9C3B-E604-4505-8C20-98304835C421}.job => moved successfully
C:\Windows\Tasks\ Invitation {1B1BA525-8D26-47D4-9C81-9265F9E46A9C}.job => moved successfully
C:\Windows\Tasks\ Invitation {2BE6D8CC-8824-4B65-A9D6-6592C173E459}.job => moved successfully
C:\Windows\Tasks\ Invitation {2BF93C09-96CE-41AF-A012-B42E3DE7C801}.job => moved successfully
C:\Windows\Tasks\ Invitation {423CCF81-54FF-4298-B4F6-50B8F8EAC898}.job => moved successfully
C:\Windows\Tasks\ Invitation {429FF793-A1F8-481A-97B0-C22DF8F417C7}.job => moved successfully
C:\Windows\Tasks\ Invitation {42FC6CF6-9ED3-48CD-A95B-AB6EFFCDC433}.job => moved successfully
C:\Windows\Tasks\ Invitation {440CCD90-32B0-4E82-A758-C4124847BC86}.job => moved successfully
C:\Windows\Tasks\ Invitation {44C25B5B-A928-42CA-B5CD-BCF498009EA4}.job => moved successfully
C:\Windows\Tasks\ Invitation {4C74FB7B-5578-485D-949D-B0668069A108}.job => moved successfully
C:\Windows\Tasks\ Invitation {4EF9B7C4-33A3-41DE-9EA3-E1A7EB74842E}.job => moved successfully
C:\Windows\Tasks\ Invitation {52303A7F-CE52-4D2C-B47E-729650A2FA6B}.job => moved successfully
C:\Windows\Tasks\ Invitation {53172728-7115-45BB-B69F-8828E80C13AB}.job => moved successfully
C:\Windows\Tasks\ Invitation {55B0585F-6B00-4614-B681-1E85D6827930}.job => moved successfully
C:\Windows\Tasks\ Invitation {57DFA46F-C11E-49AA-A809-DCF342B7CC3C}.job => moved successfully
C:\Windows\Tasks\ Invitation {5C719241-5084-453D-8A62-01B45913CA22}.job => moved successfully
C:\Windows\Tasks\ Invitation {5CC1239C-CA91-49E8-B1A0-A1D92D295657}.job => moved successfully
C:\Windows\Tasks\ Invitation {607D29BE-A79C-4C69-8FBE-0E3F851A8B19}.job => moved successfully
C:\Windows\Tasks\ Invitation {62DE6C02-4972-4523-B36B-84E37E8A251E}.job => moved successfully
C:\Windows\Tasks\ Invitation {639AF556-B2E0-4150-8C96-E1003CC1CB56}.job => moved successfully
C:\Windows\Tasks\ Invitation {767F6155-2FBD-4FF8-BD3B-811BA10C859F}.job => moved successfully
C:\Windows\Tasks\ Invitation {77058D4B-90F5-4422-9600-7C1A23622B4F}.job => moved successfully
C:\Windows\Tasks\ Invitation {77C84F48-F83A-43CD-A616-AC31F124BA81}.job => moved successfully
C:\Windows\Tasks\ Invitation {7EE9FC5F-2C23-470B-8B04-F9BD7F14C4D1}.job => moved successfully
C:\Windows\Tasks\ Invitation {87141DF5-1AAD-4630-B36C-7CA7B0A34CC8}.job => moved successfully
C:\Windows\Tasks\ Invitation {8A59FA87-E54B-45ED-A3F5-2C2F5EBDCFD0}.job => moved successfully
C:\Windows\Tasks\ Invitation {94B53A77-9820-4451-9F5B-7485EE2D9D7F}.job => moved successfully
C:\Windows\Tasks\ Invitation {9536C899-BE3B-486E-82DA-556356551BDE}.job => moved successfully
C:\Windows\Tasks\ Invitation {95BF96CC-7F12-43AB-9F7A-EA88F6B2A8AE}.job => moved successfully
C:\Windows\Tasks\ Invitation {991BDDD4-478F-4E03-A726-836246A153D2}.job => moved successfully
C:\Windows\Tasks\ Invitation {9B139B28-B93D-467C-BCA5-C38D5286ABAD}.job => moved successfully
C:\Windows\Tasks\ Invitation {9C806EEB-788D-4487-B321-39765C91F135}.job => moved successfully
C:\Windows\Tasks\ Invitation {9D305F75-A5AE-405D-A888-4D9D3C1FC0B6}.job => moved successfully
C:\Windows\Tasks\ Invitation {A1AC75D8-5C5A-4E2A-8F17-5E9DA01A2D49}.job => moved successfully
C:\Windows\Tasks\ Invitation {A1B17B6C-736C-4FD2-AC8E-93641464F116}.job => moved successfully
C:\Windows\Tasks\ Invitation {A48556EA-9F4D-4B2B-98A2-A3FB9CDD4CD3}.job => moved successfully
C:\Windows\Tasks\ Invitation {A7625A93-8A7F-4192-92FC-6B0AFE2AF7CD}.job => moved successfully
C:\Windows\Tasks\ Invitation {AD3AC5D3-FD6A-4763-86E4-BA24B12A35C8}.job => moved successfully
C:\Windows\Tasks\ Invitation {AE34496F-B44A-4185-B8D5-50E10CBCC974}.job => moved successfully
C:\Windows\Tasks\ Invitation {B1AAC273-D154-44DA-9B42-2D15F93345B2}.job => moved successfully
C:\Windows\Tasks\ Invitation {B2DB7838-52D3-4AA1-B2DB-2F30072B44F2}.job => moved successfully
C:\Windows\Tasks\ Invitation {B6C1B646-0BEA-438F-B7E4-B775FB74E09B}.job => moved successfully
C:\Windows\Tasks\ Invitation {B8E7F1D8-186A-467E-BAE2-7E5B9ECC56A3}.job => moved successfully
C:\Windows\Tasks\ Invitation {BACB613B-EF71-4CB0-A5CC-31C08BA7FC55}.job => moved successfully
C:\Windows\Tasks\ Invitation {BE544974-A9B8-4DA2-A37C-374A789E4D68}.job => moved successfully
C:\Windows\Tasks\ Invitation {C0E1C497-8C54-4136-94A6-B04DE1E1DF92}.job => moved successfully
C:\Windows\Tasks\ Invitation {C0F30001-0D4D-47EC-95D6-E13E4B6097DA}.job => moved successfully
C:\Windows\Tasks\ Invitation {C29C5699-3F62-4A9C-8C38-7BA39870D2C7}.job => moved successfully
C:\Windows\Tasks\ Invitation {C8C9C360-AD66-4FF4-8DFB-91D96A681643}.job => moved successfully
C:\Windows\Tasks\ Invitation {CA4F91A2-7469-4F2C-BFEF-CE7958852192}.job => moved successfully
C:\Windows\Tasks\ Invitation {CACA3BCE-4F80-4645-BBC9-39D20D52AF7A}.job => moved successfully
C:\Windows\Tasks\ Invitation {CF4E2A81-9D5B-46C1-B8A5-70EF2EBF5A50}.job => moved successfully
C:\Windows\Tasks\ Invitation {D7EA2013-C310-40D4-BDCD-2DAE785B38DD}.job => moved successfully
C:\Windows\Tasks\ Invitation {DCF90CA5-5BA3-472F-8A95-58B8107B7E8B}.job => moved successfully
C:\Windows\Tasks\ Invitation {EC468A96-A70C-4C74-B92C-A86F1C0EB4D8}.job => moved successfully
C:\Windows\Tasks\ Invitation {F1D839EB-DAF5-4D96-B0B2-D85F1C4EF012}.job => moved successfully
C:\Windows\Tasks\ Invitation {F432CF11-98F4-4C6D-A154-D6877A88F236}.job => moved successfully
C:\Windows\Tasks\ Update {4C74FB7B-5578-485D-949D-B0668069A108}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {0517B812-8C6B-430F-8A77-589A57347ABE}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {076607A0-06B0-443C-9F34-D551B9FB37E9}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {0945E20C-A0CE-4B53-8A19-52CC11AD80B2}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {0AD12039-7391-4DED-A80E-FAD6984E689E}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {0BDBF4B0-4FC9-4F88-974D-5789913713DA}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {0BF93418-26CA-4F27-9A2F-501FD903A3C1}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {0CC11548-410E-4C8F-8E5A-C15452C0A899}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {11453CD6-D461-40CA-B339-C668E40A786D}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {11B9866D-5B65-4BE0-BEB3-D0F62D702A60}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {145256CE-C5E3-4574-B831-B74C6535FC8E}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {15B0FE6C-321B-4443-B289-F073D2EE240E}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {15D4DEEF-E7F3-48F4-8456-480110D65669}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {19B8EBBA-4B36-4774-85CA-FD1A4E09813C}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {2080B9DB-8458-4485-89C1-39A42A81B12D}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {2516637E-2C2D-47BB-94A6-836BB9A0C19F}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {2F5F175A-750E-43F4-9C23-222B14C10C82}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {31112A45-7E26-47BE-B657-D9C405C4B212}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {3178E5BD-7B60-4991-AAE2-97389A8EBF05}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {358D033B-EBD2-4D16-96E2-9BA1682DC620}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {361C43AD-365F-4C27-9452-37F9A86A7D7E}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {3A681557-0836-4965-ACF0-7A30FE165336}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {40C8B056-B78C-4BD3-9622-EF622881CAA0}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {47CF474E-FF0D-4FA4-85E8-8A6958711741}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {4817A041-7C9E-4AFE-AE35-E7185E870C85}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {49472541-BCFC-4E02-9159-415E6D179F10}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {4BDEE119-B717-402A-A620-FA197FB852AF}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {4F7E19BB-AA13-4B05-830A-FC37ED3690D9}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {54606F8C-AB81-4DCC-9F82-B5F60D5AEA0C}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {56EDD362-4067-47F0-930E-E1D492511C8A}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {575026A6-4F7F-47DE-9ECE-4DCC620A284F}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {59BA4BD5-B408-46E9-AF21-E697D56DE272}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {59E03C22-C419-4437-8868-2BC51E7F6B39}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {5AFFB5D6-485A-4390-9FDA-DD9BCCA2B610}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {60583F15-6B33-411B-9B02-CCE10C79ACDB}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {61591865-3D3E-4446-B5DE-0A9D1211653D}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {61B8713F-1D54-4F96-911F-8CC0434C0289}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {63C01B13-AA77-4EC6-8E4A-29E1B2A36B22}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {673CB302-A1A2-4EBA-8D7C-FF5DFC0C6A17}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {6B25CB13-7D7B-4794-9EA0-8322CE0EF909}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {6F039DAF-E0B3-42B7-8155-B0EADC22A04E}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {7767468D-9230-422D-96CB-AEAAE8B9197B}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {7ECD5781-5D80-4BBD-933A-50B62ECB468B}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {8095E00A-CF7B-45BB-B5FD-28C78A6B2780}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {8173010E-6B21-4E91-8A3E-03DDD5E16F25}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {8522B4B3-7D55-420C-8E9B-0546C4BAFA6B}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {8AE44409-A357-42F1-B398-AA3BD399E9A4}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {8B7EE502-C0B8-45A2-9052-52EAC2AC2554}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {9041F106-8392-4D17-95EB-2BE2119462F5}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {923064F6-2F85-4B9D-9EC5-8BFCD1C80CD7}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {94720362-C5C8-48D4-9016-E75551A6DD81}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {96D4458C-3B72-46F1-98EE-7CE06220E0B7}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {9CDEF2B2-84AA-4AD7-A1DE-433930B86742}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {A78B13F3-59AE-4D21-B8F6-7A597745C359}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {AA6C45F5-96EB-47F4-BE74-AD2CAAB777B1}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {AB511A25-4A30-4CB1-96C6-8825595B6317}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {AC942F54-EC7B-4170-B734-4F9A2D937F48}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {AD0FC2D9-1F83-4CA9-AF0F-EE2E52749B6F}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {B0CB9B3F-86CF-4C38-A53B-316AFC7E939A}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {B0FA0769-EEEE-4765-9A1F-C055FA84060E}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {B28DF978-B386-4FE7-911E-99851FC5C648}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {B3B82D78-9BCE-4596-BB08-E5B77ABD953E}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {B64D9D5F-DD9C-44B0-BFC8-7D2F7D188098}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {B9D96DB1-36F7-4394-BB8C-9A90E3619F04}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {BCABEFED-8F5F-4BE2-AA5C-23AD22B3E5DC}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {BF955A87-0327-41DB-8231-02AC5044195C}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {C4764ACA-96DB-4717-8571-A8DB09DB510C}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {C6206D3A-F894-447C-8AE5-6EC8C7C09597}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {C80DA302-F99C-4203-9BC5-A7CA7B2474D7}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {D45F3058-3DF0-4964-894F-E073F581E275}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {D92F9557-E430-4C85-8B0C-2F0DCC699C39}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {E0BF518E-74AE-4895-9063-4E33E48F0B60}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {E39912A1-92B2-4BF6-A98F-0A73B1BE9E3B}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {EAF25931-0271-4BCB-A4BF-A2D9F0B97242}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {ED69AB80-85D2-4428-AA08-310AA38B22E1}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {EDEB0373-E70B-4BDA-8130-6B6A81E1E630}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {F19EFECB-7579-4C75-8B69-65B54DC0CB50}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {F5460C35-0E03-461A-B0DE-4D1359CCBFD2}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {F7A8B03A-B082-4CF4-8301-3B3C77AD96B0}.job => moved successfully
C:\Windows\Tasks\EPSON L120 Series Invitation {FD45EB76-BC51-4960-B039-0F2B0DFE7359}.job => moved successfully
C:\ProgramData\TEMP => ":A1EDB939" ADS removed successfully.
C:\ProgramData\309974 => moved successfully
C:\ProgramData\b1de13cbd281fdcffe1e3a19b1127b4a8455757e => moved successfully
C:\ProgramData\msqcovm.exe => moved successfully
C:\Users\axcel\AppData\Roaming\clientmon.exe => moved successfully
C:\Users\axcel\AppData\Roaming\svchost.exe => moved successfully
C:\Users\axcel\AppData\Roaming\rundll32.exe => moved successfully
C:\Users\axcel\AppData\Roaming\rundll3.exe => moved successfully
C:\Users\axcel\AppData\Roaming\csrss.exe => moved successfully
C:\Windows\Installer\{B6BBF663-4571-1ED1-1E90-09ACFD4AD36D} => moved successfully
Could not move "C:\Windows\System32\Drivers\e837be2242989542.sys" => Scheduled to move on reboot.
C:\Windows\System32\Tasks\LuminosityLink => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 156403108 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 88289758 B
Edge => 0 B
Chrome => 834574792 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 18915327 B
systemprofile32 => 8527164 B
LocalService => 66708 B
NetworkService => 3186 B
axcel => 2321245778 B
 
RecycleBin => 7117684973 B
EmptyTemp: => 9.8 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-06-2017 22:31:20)
 
"C:\Windows\System32\Drivers\e837be2242989542.sys" => Could not move
 
Result of scheduled keys to remove after reboot:
 
HKLM\System\CurrentControlSet\Services\e837be2242989542 => key could not remove. Access Denied.
HKLM\System\CurrentControlSet\Services\e837be2242989542 => key could not remove. Access Denied.
 
==== End of Fixlog 22:31:20 ====


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 AM

Posted 12 June 2017 - 09:41 AM

Alright, follow the instructions in the thread below to run a scan with MBAR. Once it is done scanning and your system will have rebooted, provide me the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 XeLiOs

XeLiOs
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 12 June 2017 - 09:56 AM

I am not able to proceed with the scan. It says "DDA driver is not active. Scan can't continue"



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 AM

Posted 12 June 2017 - 10:03 AM

Alright, please run a new scan with FRST, and provide me the FRST.txt and Addition.txt logs.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 XeLiOs

XeLiOs
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 12 June 2017 - 10:10 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-06-2017
Ran by axcel (administrator) on AXCEL-PC (12-06-2017 23:05:08)
Running from C:\Users\axcel\Desktop
Loaded Profiles: axcel (Available Profiles: axcel)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(CANON INC.) C:\Windows\System32\CNAB4RPD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Windows\System32\atwtusb.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Windows\System32\atwtusb.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\STCServ\STCServ.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(WALTOP International Corp.) C:\Windows\SysWOW64\tblmouse.exe
() C:\Program Files (x86)\Hostless Modem\SMART BRO\CheckNDISPort_df.exe
() C:\Program Files (x86)\Hostless Modem\SMART BRO\CancelAutoPlay_df.exe
(Intel® Corporation) C:\Program Files\Intel\ConnectCenter\bin\CCFManager.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel® Corporation)
HKLM\...\Run: [TblMouse] => C:\WINDOWS\SysWOW64\TblMouse.exe [65184 2007-10-09] (WALTOP International Corp.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [CheckNDISPort51ac05] => C:\Program Files (x86)\Hostless Modem\SMART BRO\CheckNDISPort_df.exe [468736 2014-11-03] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Hostless Modem\SMART BRO\CancelAutoPlay_df.exe [447744 2014-11-03] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-1753474392-3383805119-188504131-1000\...\MountPoints2: {b0cbd2bb-0ade-11e6-93dd-fae955779297} - F:\AutoRun.exe
HKU\S-1-5-21-1753474392-3383805119-188504131-1000\...\MountPoints2: {e5ff8356-9c18-11e5-972d-d1789349f4ef} - F:\AutoRun.exe
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-06] (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{40BDD41C-6357-4BB1-A713-544F120FD22B}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{5E6F35CA-E26D-4615-9553-94DBCDB56746}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{A192F5CD-219D-4439-8EB3-3A75417140EA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A2B3B1B7-B514-455E-A795-673814B0865D}: [NameServer] 203.115.130.8,203.115.130.10
Tcpip\..\Interfaces\{A2B3B1B7-B514-455E-A795-673814B0865D}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{D1BCA943-E6FC-441C-A958-3D22521C9E45}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1753474392-3383805119-188504131-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2013-11-21] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2013-11-21] (SAP, Walldorf)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-15] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-15] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\AXEL\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://121.97.115.17/","hxxp://192.168.1.254/"
CHR Profile: C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default [2017-06-12]
CHR Extension: (Google Slides) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-18]
CHR Extension: (Google Docs) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-18]
CHR Extension: (Google Drive) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Sheets) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Planner 5D) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc [2015-08-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Gmail) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
CHR Extension: (Chrome Media Router) - C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-14]
CHR Profile: C:\Users\axcel\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-06-12]
CHR Profile: C:\Users\axcel\AppData\Local\Google\Chrome\User Data\System Profile [2017-06-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"e837be2242989542" => service could not be unlocked. <===== ATTENTION
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations) [File not signed]
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18720 2012-02-09] (Autodesk, Inc.)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2015-09-23] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [3337728 2015-10-30] (Microsoft Corporation) [File not signed]
R2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
R2 WTService; C:\Windows\System32\atwtusb.exe [662248 2009-07-30] () [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-24] (Atheros) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
U4 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 aiptektp; C:\Windows\System32\DRIVERS\aiptektp.sys [29696 2007-07-27] (WALTOP International Corp.)
S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [194128 2009-07-14] () [File not signed]
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-07-14] () [File not signed]
R3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [163808 2013-02-13] () [File not signed]
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [163808 2013-02-13] () [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2009-07-14] () [File not signed]
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [87632 2009-07-14] () [File not signed]
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [97856 2009-07-14] () [File not signed]
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] () [File not signed]
R0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [24128 2009-07-14] () [File not signed]
R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [89168 2013-01-24] () [File not signed]
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3884032 2013-03-25] () [File not signed]
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-11] () [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-11] () [File not signed]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] () [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] () [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-14] () [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2009-07-14] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-11] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-11] () [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] () [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-11] () [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-11] () [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-11] () [File not signed]
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [346192 2013-01-24] () [File not signed]
R3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [115280 2013-01-24] () [File not signed]
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [34384 2013-01-24] () [File not signed]
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [179432 2013-01-24] () [File not signed]
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] () [File not signed]
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [136424 2013-01-24] () [File not signed]
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [581200 2013-01-24] () [File not signed]
R3 BthEnum; C:\Windows\System32\DRIVERS\BthEnum.sys [41984 2009-07-14] () [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-14] () [File not signed]
R3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [118784 2009-07-14] () [File not signed]
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [551936 2009-07-14] () [File not signed]
R3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [79360 2009-07-14] () [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2009-07-14] () [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] () [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-14] () [File not signed]
S3 cmdide; C:\Windows\system32\DRIVERS\cmdide.sys [17488 2009-07-14] () [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [460504 2009-07-14] () [File not signed]
R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDRT64.sys [1680992 2013-03-05] () [File not signed]
R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-14] () [File not signed]
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2009-07-14] () [File not signed]
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-14] () [File not signed]
R1 CSC; C:\Windows\System32\drivers\csc.sys [514048 2009-07-14] () [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2009-07-14] () [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] () [File not signed]
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-14] () [File not signed]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-14] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [974848 2009-07-14] () [File not signed]
U5 e837be2242989542; C:\Windows\System32\Drivers\e837be2242989542.sys [76248 2017-04-05] () <===== ATTENTION Necurs Rootkit?
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] () [File not signed]
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-14] () [File not signed]
S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [9728 2009-07-14] () [File not signed]
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [355664 2013-02-27] () [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] () [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] () [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] () [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [290368 2009-07-14] () [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] () [File not signed]
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23104 2009-07-14] () [File not signed]
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223448 2009-07-14] () [File not signed]
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] () [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-11] () [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2009-07-14] () [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2009-07-14] () [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] () [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] () [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] () [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2009-07-14] () [File not signed]
S3 HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [77888 2009-07-14] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [751616 2009-07-14] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14416 2009-07-14] () [File not signed]
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-14] () [File not signed]
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [652784 2013-01-31] () [File not signed]
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] () [File not signed]
S3 iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [410688 2009-07-14] () [File not signed]
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [4431840 2013-05-08] () [File not signed]
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] () [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [442368 2013-05-08] () [File not signed]
S3 intelide; C:\Windows\system32\DRIVERS\intelide.sys [16960 2009-07-14] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2009-07-14] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [78848 2009-07-14] () [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] () [File not signed]
S3 isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [20544 2009-07-14] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\DRIVERS\msiscsi.sys [224832 2009-07-14] () [File not signed]
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [20464 2013-12-20] () [File not signed]
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [369648 2013-12-20] () [File not signed]
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [790512 2013-12-20] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] () [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2009-07-14] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95312 2009-07-14] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [153152 2009-07-14] () [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] () [File not signed]
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-06-20] () [File not signed]
R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX64.sys [39008 2014-05-19] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] () [File not signed]
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] () [File not signed]
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-06-12] (Malwarebytes)
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] () [File not signed]
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] () [File not signed]
R3 MEIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [64624 2013-05-15] () [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94784 2009-07-14] () [File not signed]
S3 mpio; C:\Windows\system32\DRIVERS\mpio.sys [155216 2009-07-14] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2009-07-14] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [157184 2009-07-14] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [285696 2009-07-14] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [125952 2009-07-14] () [File not signed]
R0 msahci; C:\Windows\System32\DRIVERS\msahci.sys [30272 2009-07-14] () [File not signed]
S3 msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [140352 2009-07-14] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [367168 2009-07-14] () [File not signed]
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [947776 2009-07-14] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56320 2009-07-14] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2009-07-14] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2009-07-14] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [259072 2009-07-14] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659984 2009-07-14] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed]
S3 nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [149056 2009-07-14] () [File not signed]
S3 nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [167488 2009-07-14] () [File not signed]
S3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75840 2009-07-14] () [File not signed]
R0 pci; C:\Windows\System32\DRIVERS\pci.sys [183872 2009-07-14] () [File not signed]
S3 pciide; C:\Windows\system32\DRIVERS\pciide.sys [12352 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111616 2009-07-14] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2009-07-14] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [130048 2009-07-14] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2009-07-14] () [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165376 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [204800 2009-07-14] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [214096 2009-07-14] () [File not signed]
R3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-14] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [327752 2013-04-23] () [File not signed]
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8243144 2013-04-24] () [File not signed]
S3 s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [6656 2009-07-14] () [File not signed]
S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [104016 2009-07-14] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2009-07-14] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-11] () [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [14336 2009-07-14] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [465408 2009-07-14] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [407040 2009-07-14] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [162816 2009-07-14] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [File not signed]
R0 storflt; C:\Windows\System32\DRIVERS\vmstorfl.sys [46672 2009-07-14] () [File not signed]
S3 storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [34896 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1898576 2009-07-14] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1898576 2009-07-14] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [44544 2009-07-14] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-14] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [99840 2009-07-14] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [62544 2009-07-14] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [38400 2009-07-14] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2009-07-14] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [327168 2009-07-14] () [File not signed]
S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2009-07-14] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2009-07-14] () [File not signed]
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [100352 2009-07-14] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [51200 2009-07-14] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2009-07-14] () [File not signed]
S3 usbohci; C:\Windows\system32\DRIVERS\usbohci.sys [25600 2009-07-14] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [89600 2009-07-14] () [File not signed]
S3 usbuhci; C:\Windows\system32\DRIVERS\usbuhci.sys [30720 2009-07-14] () [File not signed]
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [184576 2009-07-14] () [File not signed]
S3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [19968 2009-07-14] () [File not signed]
R0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [217680 2009-07-14] () [File not signed]
S3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7808 2009-04-17] (Windows ® Codename Longhorn DDK provider)
S3 viaide; C:\Windows\system32\DRIVERS\viaide.sys [17488 2009-07-14] () [File not signed]
S3 vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [200272 2009-07-14] () [File not signed]
S3 VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [21760 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [71760 2009-07-14] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363584 2009-07-14] () [File not signed]
R0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [294992 2009-07-14] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-14] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785512 2014-05-19] () [File not signed]
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-03-10] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [40448 2009-07-14] () [File not signed]
S3 WmiAcpi; C:\Windows\system32\DRIVERS\wmiacpi.sys [14336 2009-07-14] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2009-07-14] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2009-07-14] () [File not signed]
U5 e837be2242989542;  <===== ATTENTION: Locked Service
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-12 23:01 - 2017-06-12 23:01 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\784820C8.sys
2017-06-12 23:01 - 2017-06-12 23:01 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\743320DB.sys
2017-06-12 22:59 - 2017-06-12 23:01 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\75FF1F39.sys
2017-06-12 22:52 - 2017-06-12 22:52 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\481619B0.sys
2017-06-12 22:48 - 2017-06-12 22:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-06-12 22:46 - 2017-06-12 22:46 - 00000000 ____D C:\Users\axcel\Desktop\mbar
2017-06-12 22:44 - 2017-06-12 22:45 - 16564750 _____ (Malwarebytes Corp.) C:\Users\axcel\Downloads\mbar-1.09.4.1001.exe
2017-06-12 22:30 - 2017-06-12 22:52 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\62390935.sys
2017-06-12 22:30 - 2017-06-12 22:46 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\5E240949.sys
2017-06-12 22:30 - 2017-06-12 22:30 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\0E41092F.sys
2017-06-12 22:23 - 2017-06-12 22:31 - 00042111 _____ C:\Users\axcel\Desktop\Fixlog.txt
2017-06-12 22:23 - 2017-06-12 22:23 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\582D03CC.sys
2017-06-12 22:23 - 2017-06-12 22:23 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\022A03D0.sys
2017-06-12 22:23 - 2017-06-12 22:23 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\520D03EA.sys
2017-06-12 21:28 - 2017-06-12 21:26 - 00109912 _____ C:\Users\axcel\Desktop\Addition.txt
2017-06-12 21:27 - 2017-06-12 23:05 - 00037268 _____ C:\Users\axcel\Desktop\FRST.txt
2017-06-12 21:27 - 2017-06-12 21:23 - 02438656 _____ (Farbar) C:\Users\axcel\Desktop\FRST64.exe
2017-06-12 21:25 - 2017-06-12 21:26 - 00109912 _____ C:\Users\axcel\Downloads\Addition.txt
2017-06-12 21:24 - 2017-06-12 21:26 - 00092323 _____ C:\Users\axcel\Downloads\FRST.txt
2017-06-12 21:23 - 2017-06-12 23:05 - 00000000 ____D C:\FRST
2017-06-12 21:22 - 2017-06-12 21:23 - 02438656 _____ (Farbar) C:\Users\axcel\Downloads\FRST64.exe
2017-06-12 21:21 - 2017-06-12 21:21 - 05659512 _____ (Swearware) C:\Users\axcel\Downloads\ComboFix.exe
2017-06-12 21:10 - 2017-06-12 21:10 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\660E4B92.sys
2017-06-12 21:10 - 2017-06-12 21:10 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\0BF54BA9.sys
2017-06-12 20:25 - 2017-06-12 20:25 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\6E0E290A.sys
2017-06-12 20:25 - 2017-06-12 20:25 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\44112907.sys
2017-06-12 20:25 - 2017-06-12 20:25 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\69F8291D.sys
2017-06-12 20:24 - 2017-06-12 23:01 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-12 20:24 - 2017-06-12 20:25 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-06-12 20:24 - 2017-06-12 20:24 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\3AC12867.sys
2017-06-12 20:23 - 2017-06-12 20:23 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\534327F1.sys
2017-06-12 20:23 - 2017-06-12 20:23 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\273C27F8.sys
2017-06-12 20:23 - 2017-06-12 20:23 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-12 20:23 - 2017-06-12 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-12 20:23 - 2017-06-12 20:23 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-12 20:23 - 2017-05-25 11:58 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-12 20:22 - 2017-06-12 20:22 - 00001365 _____ C:\Users\axcel\Downloads\Windefend.zip
2017-06-12 20:16 - 2017-06-12 20:21 - 64232976 _____ (Malwarebytes ) C:\Users\axcel\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-10 22:45 - 2017-06-10 22:45 - 00000000 ____D C:\Windows\udtablet
2017-06-10 22:45 - 2017-06-10 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MacroKey Manager
2017-06-10 22:45 - 2009-08-04 11:51 - 00007582 _____ C:\Windows\aiptbl.ini
2017-06-10 22:38 - 2017-06-10 22:38 - 00003220 _____ C:\Windows\System32\Tasks\{48A571C6-7EBF-4DC6-A1A1-E93FC0AA2C85}
2017-06-10 22:25 - 2017-06-10 22:45 - 00000000 ____D C:\Windows\calib_da
2017-06-10 22:25 - 2009-04-17 03:18 - 00007808 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Drivers\walvhid.sys
2017-06-10 22:00 - 2017-06-10 22:00 - 00003018 _____ C:\Windows\System32\Tasks\{6189AE25-FBDC-4D3A-9F37-C6EC7AC5AF6A}
2017-06-04 01:48 - 2017-06-04 01:48 - 01005568 _____ (Microsoft Corporation) C:\Users\axcel\Downloads\dotNetFx45_Full_setup.exe
2017-06-04 01:45 - 2017-06-04 01:45 - 00003298 _____ C:\Windows\System32\Tasks\IntelBootstrapCCDashExe
2017-06-04 01:44 - 2017-06-04 01:44 - 00000000 ____D C:\Users\axcel\AppData\Local\Share Link
2017-06-04 01:44 - 2017-06-04 01:44 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-06-04 01:42 - 2017-06-04 01:44 - 24885896 _____ (ASUSTEK ) C:\Users\axcel\Downloads\ShareLinkSetup.exe
2017-06-02 23:49 - 2017-06-02 23:49 - 00123298 _____ C:\Users\axcel\Downloads\M Tirol Kitchen june01 2017.pdf
2017-06-02 23:47 - 2017-06-02 23:47 - 00135001 _____ C:\Users\axcel\Downloads\M Tirol FLOOR PLAN  june01  2017.pdf
2017-06-02 23:45 - 2017-06-02 23:45 - 00113296 _____ C:\Users\axcel\Downloads\M Tirol BEDROOM 01  june01  2017.pdf
2017-06-02 23:42 - 2017-06-02 23:42 - 00191557 _____ C:\Users\axcel\Downloads\M Tirol MASTER'S BEDROOM   june01  2017.pdf
2017-06-02 23:40 - 2017-06-02 23:40 - 00114913 _____ C:\Users\axcel\Downloads\Avida Living -Dining  elevations (1).pdf
2017-06-02 23:40 - 2017-06-02 23:40 - 00110865 _____ C:\Users\axcel\Downloads\Avida Kitchen Plans (1).pdf
2017-06-02 23:39 - 2017-06-02 23:39 - 00124016 _____ C:\Users\axcel\Downloads\Avida Floor Plan (1).pdf
2017-06-02 23:39 - 2017-06-02 23:39 - 00114393 _____ C:\Users\axcel\Downloads\Avida Kitchen Elevations (1).pdf
2017-06-02 23:39 - 2017-06-02 23:39 - 00109453 _____ C:\Users\axcel\Downloads\Avida Bedroom Cabinets (1).pdf
2017-06-02 23:38 - 2017-06-02 23:38 - 00207415 _____ C:\Users\axcel\Downloads\Avida Bedroom & TnB   Elevations (2).pdf
2017-06-02 23:38 - 2017-06-02 23:38 - 00114566 _____ C:\Users\axcel\Downloads\Avida  T&B  Cabinet &  underCounter (2).pdf
2017-06-02 23:32 - 2017-06-02 23:32 - 00207415 _____ C:\Users\axcel\Downloads\Avida Bedroom & TnB   Elevations (1).pdf
2017-06-02 23:31 - 2017-06-02 23:31 - 00114566 _____ C:\Users\axcel\Downloads\Avida  T&B  Cabinet &  underCounter (1).pdf
2017-06-02 23:22 - 2017-06-02 23:22 - 00207415 _____ C:\Users\axcel\Downloads\Avida Bedroom & TnB   Elevations.pdf
2017-06-02 23:22 - 2017-06-02 23:22 - 00124016 _____ C:\Users\axcel\Downloads\Avida Floor Plan.pdf
2017-06-02 23:22 - 2017-06-02 23:22 - 00114913 _____ C:\Users\axcel\Downloads\Avida Living -Dining  elevations.pdf
2017-06-02 23:22 - 2017-06-02 23:22 - 00114566 _____ C:\Users\axcel\Downloads\Avida  T&B  Cabinet &  underCounter.pdf
2017-06-02 23:22 - 2017-06-02 23:22 - 00114393 _____ C:\Users\axcel\Downloads\Avida Kitchen Elevations.pdf
2017-06-02 23:22 - 2017-06-02 23:22 - 00110865 _____ C:\Users\axcel\Downloads\Avida Kitchen Plans.pdf
2017-06-02 23:22 - 2017-06-02 23:22 - 00109453 _____ C:\Users\axcel\Downloads\Avida Bedroom Cabinets.pdf
2017-05-30 11:58 - 2017-05-30 11:58 - 00878648 _____ C:\Windows\Minidump\053017-16801-01.dmp
2017-05-28 19:20 - 2017-05-28 19:20 - 00172349 _____ C:\Users\axcel\Downloads\Lavatory UnderCounter & Ledge above  TV.pdf
2017-05-25 22:18 - 2017-05-25 22:18 - 00010562 _____ C:\Users\axcel\Downloads\Book1.xlsx
2017-05-25 22:16 - 2017-05-25 22:16 - 00000000 _____ C:\Users\axcel\Downloads\noname (8)
2017-05-25 22:16 - 2017-05-25 22:16 - 00000000 _____ C:\Users\axcel\Downloads\noname (7)
2017-05-19 16:58 - 2017-05-19 16:58 - 00878336 _____ C:\Windows\Minidump\051917-16255-01.dmp
2017-05-19 16:07 - 2017-05-19 16:07 - 00878336 _____ C:\Windows\Minidump\051917-16348-01.dmp
2017-05-19 15:51 - 2017-05-19 15:51 - 00871304 _____ C:\Windows\Minidump\051917-15943-01.dmp
2017-05-18 23:02 - 2017-05-19 16:47 - 00503296 _____ C:\Users\axcel\Desktop\Final_AXEL Assembly May 2017.ppt
2017-05-18 22:55 - 2017-05-18 22:58 - 00111104 _____ C:\Users\axcel\Desktop\taste-and-see.ppt
2017-05-18 22:50 - 2017-05-18 22:55 - 00108544 _____ C:\Users\axcel\Downloads\taste-and-see.ppt
2017-05-18 21:08 - 2017-05-18 21:41 - 00101888 _____ C:\Users\axcel\Desktop\you-are-my-hiding-place.ppt
2017-05-18 21:07 - 2017-05-18 21:07 - 00101888 _____ C:\Users\axcel\Downloads\you-are-my-hiding-place.ppt
2017-05-17 22:25 - 2017-05-17 22:25 - 00021092 _____ C:\Users\axcel\Downloads\Copy of Breakfast Participants 2017 (1)-1.xlsx
2017-05-17 13:54 - 2017-06-10 22:46 - 00000000 ____D C:\Windows\vhid
2017-05-15 02:14 - 2017-05-15 02:14 - 00000000 ____D C:\Users\axcel\AppData\Roaming\SYSTEMAX Software Development
2017-05-15 02:14 - 2017-05-15 02:14 - 00000000 ____D C:\ProgramData\SYSTEMAX Software Development
2017-05-15 01:45 - 2017-05-15 01:47 - 48631643 _____ C:\Users\axcel\Downloads\Paint Tool SAI Anglicised with Custom Brushes and Transparency Mod.zip
2017-05-14 23:28 - 2017-06-10 21:35 - 00000000 ____D C:\Users\axcel\AppData\Local\Spotify
2017-05-14 23:28 - 2017-05-14 23:28 - 00001805 _____ C:\Users\axcel\Desktop\Spotify.lnk
2017-05-14 23:28 - 2017-05-14 23:28 - 00001791 _____ C:\Users\axcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-05-14 23:28 - 2017-05-14 23:28 - 00000000 ____D C:\Users\axcel\Tracing
2017-05-14 23:27 - 2017-06-11 01:37 - 00000000 ____D C:\Users\axcel\AppData\Roaming\Skype
2017-05-14 23:27 - 2017-05-14 23:27 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-14 23:27 - 2017-05-14 23:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-14 23:27 - 2017-05-14 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-05-14 23:22 - 2017-06-10 20:52 - 00000000 ____D C:\Users\axcel\AppData\Roaming\Spotify
2017-05-14 23:21 - 2017-05-14 23:25 - 58128344 _____ (Skype Technologies S.A.) C:\Users\axcel\Downloads\SkypeSetupFull.exe
2017-05-14 23:21 - 2017-05-14 23:21 - 00003160 _____ C:\Windows\System32\Tasks\{6980CB4E-74E2-42CF-84E2-0426912B9077}
2017-05-14 23:20 - 2017-05-14 23:20 - 00668880 _____ (Spotify Ltd) C:\Users\axcel\Downloads\SpotifySetup.exe
2017-05-14 21:57 - 2017-05-14 21:57 - 00000000 ____D C:\Users\axcel\AppData\Local\FireAlpaca
2017-05-14 21:46 - 2017-06-10 22:45 - 00000000 ____D C:\ProgramData\Tablet
2017-05-14 21:46 - 2011-10-05 16:49 - 00011563 _____ C:\Windows\system32\aiptbl.ini
2017-05-14 21:32 - 2017-05-14 21:38 - 14835668 _____ C:\Users\axcel\Downloads\G-Pen 560 V4.13.rar
2017-05-14 21:32 - 2017-05-14 21:32 - 00001190 _____ C:\Users\Public\Desktop\FireAlpaca.lnk
2017-05-14 21:32 - 2017-05-14 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FireAlpaca
2017-05-14 21:32 - 2017-05-14 21:32 - 00000000 ____D C:\Program Files (x86)\FireAlpaca
2017-05-14 21:32 - 2016-08-19 17:51 - 00689664 _____ C:\Windows\system32\MdpThumb64.dll
2017-05-14 21:28 - 2017-05-14 21:30 - 27787848 _____ (firealpaca.com ) C:\Users\axcel\Downloads\FireAlpaca_setup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-12 23:06 - 2017-02-15 22:06 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {3A681557-0836-4965-ACF0-7A30FE165336}.job
2017-06-12 23:06 - 2017-02-15 22:06 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {0AD12039-7391-4DED-A80E-FAD6984E689E}.job
2017-06-12 23:05 - 2017-02-15 22:05 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {19B8EBBA-4B36-4774-85CA-FD1A4E09813C}.job
2017-06-12 23:04 - 2017-02-15 22:04 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {9CDEF2B2-84AA-4AD7-A1DE-433930B86742}.job
2017-06-12 23:04 - 2009-07-14 10:34 - 00000536 _____ C:\Windows\win.ini
2017-06-12 23:03 - 2016-12-23 00:03 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {F5460C35-0E03-461A-B0DE-4D1359CCBFD2}.job
2017-06-12 23:03 - 2016-12-23 00:03 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {923064F6-2F85-4B9D-9EC5-8BFCD1C80CD7}.job
2017-06-12 23:03 - 2016-12-23 00:03 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {53172728-7115-45BB-B69F-8828E80C13AB}.job
2017-06-12 23:01 - 2016-12-22 23:01 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B64D9D5F-DD9C-44B0-BFC8-7D2F7D188098}.job
2017-06-12 23:01 - 2016-12-22 23:01 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {94B53A77-9820-4451-9F5B-7485EE2D9D7F}.job
2017-06-12 23:01 - 2016-12-22 23:01 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {11B9866D-5B65-4BE0-BEB3-D0F62D702A60}.job
2017-06-12 23:00 - 2016-12-23 15:00 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B9D96DB1-36F7-4394-BB8C-9A90E3619F04}.job
2017-06-12 23:00 - 2016-12-22 23:00 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {D45F3058-3DF0-4964-894F-E073F581E275}.job
2017-06-12 23:00 - 2016-12-22 23:00 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {C0F30001-0D4D-47EC-95D6-E13E4B6097DA}.job
2017-06-12 23:00 - 2016-12-22 23:00 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B28DF978-B386-4FE7-911E-99851FC5C648}.job
2017-06-12 23:00 - 2016-12-22 23:00 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {8522B4B3-7D55-420C-8E9B-0546C4BAFA6B}.job
2017-06-12 23:00 - 2015-02-18 14:00 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {AD0FC2D9-1F83-4CA9-AF0F-EE2E52749B6F}.job
2017-06-12 23:00 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-12 22:59 - 2017-02-15 21:59 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {8AE44409-A357-42F1-B398-AA3BD399E9A4}.job
2017-06-12 22:59 - 2017-02-15 21:59 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {40C8B056-B78C-4BD3-9622-EF622881CAA0}.job
2017-06-12 22:59 - 2016-12-22 23:59 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {D92F9557-E430-4C85-8B0C-2F0DCC699C39}.job
2017-06-12 22:59 - 2016-12-22 23:59 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {2BF93C09-96CE-41AF-A012-B42E3DE7C801}.job
2017-06-12 22:58 - 2017-02-15 21:58 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {BE544974-A9B8-4DA2-A37C-374A789E4D68}.job
2017-06-12 22:57 - 2009-07-14 13:13 - 00779966 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-12 22:57 - 2009-07-14 12:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-12 22:57 - 2009-07-14 12:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-12 22:57 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2017-06-12 22:56 - 2016-06-12 18:56 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {F7A8B03A-B082-4CF4-8301-3B3C77AD96B0}.job
2017-06-12 22:53 - 2017-01-17 23:53 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {2F5F175A-750E-43F4-9C23-222B14C10C82}.job
2017-06-12 22:52 - 2017-01-17 23:52 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {BF955A87-0327-41DB-8231-02AC5044195C}.job
2017-06-12 22:52 - 2017-01-17 23:52 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {BACB613B-EF71-4CB0-A5CC-31C08BA7FC55}.job
2017-06-12 22:52 - 2017-01-17 23:52 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {A7625A93-8A7F-4192-92FC-6B0AFE2AF7CD}.job
2017-06-12 22:52 - 2017-01-17 23:52 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {9C806EEB-788D-4487-B321-39765C91F135}.job
2017-06-12 22:52 - 2017-01-17 23:52 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {63C01B13-AA77-4EC6-8E4A-29E1B2A36B22}.job
2017-06-12 22:52 - 2017-01-17 23:52 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {61591865-3D3E-4446-B5DE-0A9D1211653D}.job
2017-06-12 22:52 - 2017-01-17 23:52 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {56EDD362-4067-47F0-930E-E1D492511C8A}.job
2017-06-12 22:52 - 2017-01-17 23:52 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {54606F8C-AB81-4DCC-9F82-B5F60D5AEA0C}.job
2017-06-12 22:52 - 2017-01-17 23:52 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {4817A041-7C9E-4AFE-AE35-E7185E870C85}.job
2017-06-12 22:49 - 2016-12-22 23:49 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {BCABEFED-8F5F-4BE2-AA5C-23AD22B3E5DC}.job
2017-06-12 22:49 - 2016-12-22 23:49 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B0FA0769-EEEE-4765-9A1F-C055FA84060E}.job
2017-06-12 22:49 - 2016-12-22 23:49 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {95BF96CC-7F12-43AB-9F7A-EA88F6B2A8AE}.job
2017-06-12 22:49 - 2016-12-22 23:49 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {9041F106-8392-4D17-95EB-2BE2119462F5}.job
2017-06-12 22:49 - 2016-12-22 23:49 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {59E03C22-C419-4437-8868-2BC51E7F6B39}.job
2017-06-12 22:49 - 2016-12-22 23:49 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {429FF793-A1F8-481A-97B0-C22DF8F417C7}.job
2017-06-12 22:48 - 2017-02-15 22:48 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B0CB9B3F-86CF-4C38-A53B-316AFC7E939A}.job
2017-06-12 22:43 - 2016-08-13 13:43 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {F1D839EB-DAF5-4D96-B0B2-D85F1C4EF012}.job
2017-06-12 22:43 - 2016-08-13 13:43 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {C4764ACA-96DB-4717-8571-A8DB09DB510C}.job
2017-06-12 22:43 - 2016-08-13 13:43 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {991BDDD4-478F-4E03-A726-836246A153D2}.job
2017-06-12 22:43 - 2016-08-13 13:43 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {5C719241-5084-453D-8A62-01B45913CA22}.job
2017-06-12 22:43 - 2016-08-13 13:43 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {52303A7F-CE52-4D2C-B47E-729650A2FA6B}.job
2017-06-12 22:42 - 2016-12-22 23:42 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {15B0FE6C-321B-4443-B289-F073D2EE240E}.job
2017-06-12 22:42 - 2016-12-22 23:42 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {076607A0-06B0-443C-9F34-D551B9FB37E9}.job
2017-06-12 22:41 - 2017-02-15 22:41 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {FD45EB76-BC51-4960-B039-0F2B0DFE7359}.job
2017-06-12 22:40 - 2016-12-23 00:40 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {AC942F54-EC7B-4170-B734-4F9A2D937F48}.job
2017-06-12 22:40 - 2016-12-23 00:40 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {0FEA2E08-71EE-424C-B547-B2A11A47135A}.job
2017-06-12 22:39 - 2017-02-15 22:39 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {C6206D3A-F894-447C-8AE5-6EC8C7C09597}.job
2017-06-12 22:39 - 2015-06-28 23:39 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {F432CF11-98F4-4C6D-A154-D6877A88F236}.job
2017-06-12 22:39 - 2015-06-28 23:39 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {CA4F91A2-7469-4F2C-BFEF-CE7958852192}.job
2017-06-12 22:39 - 2015-06-28 23:39 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {C29C5699-3F62-4A9C-8C38-7BA39870D2C7}.job
2017-06-12 22:38 - 2016-08-13 13:38 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {8B7EE502-C0B8-45A2-9052-52EAC2AC2554}.job
2017-06-12 22:38 - 2015-06-28 23:38 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {C8C9C360-AD66-4FF4-8DFB-91D96A681643}.job
2017-06-12 22:38 - 2015-06-28 23:38 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B2DB7838-52D3-4AA1-B2DB-2F30072B44F2}.job
2017-06-12 22:37 - 2016-12-23 00:37 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {4BDEE119-B717-402A-A620-FA197FB852AF}.job
2017-06-12 22:35 - 2016-08-13 13:35 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {7767468D-9230-422D-96CB-AEAAE8B9197B}.job
2017-06-12 22:34 - 2016-12-22 23:34 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {A78B13F3-59AE-4D21-B8F6-7A597745C359}.job
2017-06-12 22:34 - 2016-12-22 23:34 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {59BA4BD5-B408-46E9-AF21-E697D56DE272}.job
2017-06-12 22:34 - 2016-12-22 23:34 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {3178E5BD-7B60-4991-AAE2-97389A8EBF05}.job
2017-06-12 22:34 - 2016-12-22 23:34 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {2080B9DB-8458-4485-89C1-39A42A81B12D}.job
2017-06-12 22:34 - 2016-12-22 23:34 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {15D4DEEF-E7F3-48F4-8456-480110D65669}.job
2017-06-12 22:34 - 2016-12-22 23:34 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {0990E0C4-B9E2-40E8-BB24-0F586A3355BE}.job
2017-06-12 22:33 - 2015-06-28 23:33 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {AA6C45F5-96EB-47F4-BE74-AD2CAAB777B1}.job
2017-06-12 22:33 - 2015-06-28 23:33 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {A1B17B6C-736C-4FD2-AC8E-93641464F116}.job
2017-06-12 22:31 - 2016-12-23 00:31 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {49472541-BCFC-4E02-9159-415E6D179F10}.job
2017-06-12 22:30 - 2016-12-22 23:30 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {ED69AB80-85D2-4428-AA08-310AA38B22E1}.job
2017-06-12 22:30 - 2016-12-22 23:30 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {5AFFB5D6-485A-4390-9FDA-DD9BCCA2B610}.job
2017-06-12 22:25 - 2016-12-23 00:25 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {6B25CB13-7D7B-4794-9EA0-8322CE0EF909}.job
2017-06-12 22:25 - 2016-12-23 00:25 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {0517B812-8C6B-430F-8A77-589A57347ABE}.job
2017-06-12 22:25 - 2015-06-28 23:25 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B3B82D78-9BCE-4596-BB08-E5B77ABD953E}.job
2017-06-12 22:24 - 2016-12-23 00:24 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B6C1B646-0BEA-438F-B7E4-B775FB74E09B}.job
2017-06-12 22:24 - 2016-12-23 00:24 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {47CF474E-FF0D-4FA4-85E8-8A6958711741}.job
2017-06-12 22:24 - 2016-12-23 00:24 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {1B1BA525-8D26-47D4-9C81-9265F9E46A9C}.job
2017-06-12 22:24 - 2015-10-25 22:12 - 00000000 ____D C:\Users\axcel\AppData\LocalLow\Temp
2017-06-12 22:22 - 2015-06-28 23:22 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {C80DA302-F99C-4203-9BC5-A7CA7B2474D7}.job
2017-06-12 22:22 - 2015-06-28 23:22 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {A1AC75D8-5C5A-4E2A-8F17-5E9DA01A2D49}.job
2017-06-12 22:21 - 2016-12-22 23:21 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {EDEB0373-E70B-4BDA-8130-6B6A81E1E630}.job
2017-06-12 22:21 - 2016-12-22 23:21 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {423CCF81-54FF-4298-B4F6-50B8F8EAC898}.job
2017-06-12 22:21 - 2016-12-22 23:21 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {145256CE-C5E3-4574-B831-B74C6535FC8E}.job
2017-06-12 22:20 - 2016-12-23 00:20 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {8095E00A-CF7B-45BB-B5FD-28C78A6B2780}.job
2017-06-12 22:18 - 2016-12-23 00:18 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {F19EFECB-7579-4C75-8B69-65B54DC0CB50}.job
2017-06-12 22:18 - 2016-12-23 00:18 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {94720362-C5C8-48D4-9016-E75551A6DD81}.job
2017-06-12 22:18 - 2016-12-23 00:18 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {57DFA46F-C11E-49AA-A809-DCF342B7CC3C}.job
2017-06-12 22:18 - 2016-12-23 00:18 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {0F559F96-FB77-4E62-88DF-833183CD56EF}.job
2017-06-12 22:18 - 2016-12-23 00:18 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {0CC11548-410E-4C8F-8E5A-C15452C0A899}.job
2017-06-12 22:15 - 2016-08-13 12:15 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {7ECD5781-5D80-4BBD-933A-50B62ECB468B}.job
2017-06-12 22:15 - 2016-08-13 12:15 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {767F6155-2FBD-4FF8-BD3B-811BA10C859F}.job
2017-06-12 22:14 - 2015-06-28 23:14 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B8E7F1D8-186A-467E-BAE2-7E5B9ECC56A3}.job
2017-06-12 22:14 - 2015-06-28 23:14 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {AB511A25-4A30-4CB1-96C6-8825595B6317}.job
2017-06-12 22:13 - 2016-12-23 00:13 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {31112A45-7E26-47BE-B657-D9C405C4B212}.job
2017-06-12 22:11 - 2016-12-23 00:11 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {DCF90CA5-5BA3-472F-8A95-58B8107B7E8B}.job
2017-06-12 22:11 - 2016-12-23 00:11 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {8173010E-6B21-4E91-8A3E-03DDD5E16F25}.job
2017-06-12 22:11 - 2016-12-23 00:11 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {575026A6-4F7F-47DE-9ECE-4DCC620A284F}.job
2017-06-12 22:10 - 2015-06-28 23:10 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {D7EA2013-C310-40D4-BDCD-2DAE785B38DD}.job
2017-06-12 22:10 - 2015-06-28 23:10 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {AE34496F-B44A-4185-B8D5-50E10CBCC974}.job
2017-06-12 22:10 - 2015-06-28 23:10 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {A48556EA-9F4D-4B2B-98A2-A3FB9CDD4CD3}.job
2017-06-12 22:09 - 2015-06-28 23:09 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {EC468A96-A70C-4C74-B92C-A86F1C0EB4D8}.job
2017-06-12 22:09 - 2015-06-28 23:09 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {EAF25931-0271-4BCB-A4BF-A2D9F0B97242}.job
2017-06-12 22:09 - 2015-06-28 23:09 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {CACA3BCE-4F80-4645-BBC9-39D20D52AF7A}.job
2017-06-12 22:09 - 2015-06-28 23:09 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {AD3AC5D3-FD6A-4763-86E4-BA24B12A35C8}.job
2017-06-12 22:08 - 2015-06-28 23:08 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {B1AAC273-D154-44DA-9B42-2D15F93345B2}.job
2017-06-12 22:07 - 2016-12-22 23:07 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {CF4E2A81-9D5B-46C1-B8A5-70EF2EBF5A50}.job
2017-06-12 22:07 - 2016-12-22 23:07 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {6F039DAF-E0B3-42B7-8155-B0EADC22A04E}.job
2017-06-12 22:07 - 2016-12-22 23:07 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {2BE6D8CC-8824-4B65-A9D6-6592C173E459}.job
2017-06-12 22:07 - 2016-12-22 23:07 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {0BF93418-26CA-4F27-9A2F-501FD903A3C1}.job
2017-06-12 22:07 - 2016-12-22 23:07 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {0BDBF4B0-4FC9-4F88-974D-5789913713DA}.job
2017-06-12 21:51 - 2017-01-17 23:51 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {E39912A1-92B2-4BF6-A98F-0A73B1BE9E3B}.job
2017-06-12 21:51 - 2017-01-17 23:51 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {673CB302-A1A2-4EBA-8D7C-FF5DFC0C6A17}.job
2017-06-12 21:51 - 2017-01-17 23:51 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {4F7E19BB-AA13-4B05-830A-FC37ED3690D9}.job
2017-06-12 21:51 - 2017-01-17 23:51 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {0945E20C-A0CE-4B53-8A19-52CC11AD80B2}.job
2017-06-12 21:50 - 2016-12-23 00:50 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {77C84F48-F83A-43CD-A616-AC31F124BA81}.job
2017-06-12 21:50 - 2016-12-23 00:50 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {361C43AD-365F-4C27-9452-37F9A86A7D7E}.job
2017-06-12 21:50 - 2016-12-22 23:50 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {E0BF518E-74AE-4895-9063-4E33E48F0B60}.job
2017-06-12 21:50 - 2016-12-22 23:50 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {C0E1C497-8C54-4136-94A6-B04DE1E1DF92}.job
2017-06-12 21:50 - 2016-12-22 23:50 - 00000911 _____ C:\Windows\Tasks\EPSON L120 Series Update {96D4458C-3B72-46F1-98EE-7CE06220E0B7}.job
2017-06-12 21:10 - 2016-06-22 15:50 - 00001586 _____ C:\ProgramData\XML
2017-06-12 20:23 - 2014-05-19 16:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-11 21:09 - 2014-09-10 23:16 - 00000000 ___RD C:\Users\axcel\Documents\Chief Architect Premier X6 Data
2017-06-11 21:09 - 2014-09-10 23:15 - 00000000 ____D C:\Users\axcel\AppData\Local\Chief Architect Premier X6
2017-06-11 18:17 - 2014-07-04 17:04 - 00000000 ____D C:\Users\axcel\AppData\Local\CrashDumps
2017-06-10 22:46 - 2014-05-19 13:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-08 16:25 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2017-06-04 01:45 - 2014-05-19 11:49 - 00000000 ____D C:\Program Files\Intel
2017-06-04 01:44 - 2014-05-19 13:12 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-04 01:44 - 2014-05-19 13:12 - 00000000 ____D C:\ProgramData\Intel
2017-06-04 00:10 - 2014-07-07 17:28 - 00000000 ____D C:\Users\axcel\AppData\Roaming\Google
2017-06-03 12:11 - 2009-07-14 13:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-30 11:58 - 2014-05-23 16:09 - 00000000 ____D C:\Windows\Minidump
2017-05-30 11:57 - 2014-05-23 16:09 - 407134646 _____ C:\Windows\MEMORY.DMP
2017-05-14 23:28 - 2014-05-19 11:44 - 00000000 ____D C:\Users\axcel
2017-05-14 23:27 - 2014-05-19 16:35 - 00000000 ____D C:\ProgramData\Skype
2017-05-14 23:19 - 2014-05-19 16:34 - 00362029 _____ C:\Users\axcel\Downloads\sqlite3.dll
 
==================== Files in the root of some directories =======
 
2016-12-15 08:16 - 2016-12-15 08:16 - 0000000 _____ () C:\Users\axcel\AppData\Local\{F085810B-B9D1-43FA-AB27-86284F388F7D}
2014-05-19 13:29 - 2014-05-19 13:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-06-22 15:50 - 2017-06-12 21:10 - 0001586 _____ () C:\ProgramData\XML
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys
[2009-07-14 07:20] - [2009-07-14 09:45] - 0294992 _____ () D41D8CD98F00B204E9800998ECF8427E
 
C:\Windows\system32\Drivers\volsnap.sys => no Company Name <===== ATTENTION
 
 
 
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION
 
LastRegBack: 2016-05-31 09:34
 
==================== End of FRST.txt ============================

Attached Files



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 AM

Posted 12 June 2017 - 10:16 AM

Alright, let's just remove the duplicate tasks and disable testsigning, then we'll address that last rootkit.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

Attached Files


unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 XeLiOs

XeLiOs
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 12 June 2017 - 10:24 AM

This might take awhile. It asked for a restart, then it lead me to startup repair, saying that its repairing disk errors.



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 AM

Posted 12 June 2017 - 10:26 AM

Alright. This is probably because I disabled testsiging. Let me know if you get stuck there or if the repair fails.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 XeLiOs

XeLiOs
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 12 June 2017 - 10:31 AM

It says successful repair but its been repeating for the 3rd time now.



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 AM

Posted 12 June 2017 - 10:33 AM

Alright. Restart your computer and right after the BIOS splash screen (where you see the computer manufacturer logo being displayed), press on F8 rapidly. This should bring you in the Advanced Boot Options. Select "Last known good configuration" and press on Enter. This should allow your system to boot properly.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users