Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDDS Killer found suspicious file and conduit will not uninstall


  • Please log in to reply
10 replies to this topic

#1 AwakenedRage

AwakenedRage

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 AM

Posted 18 June 2013 - 05:10 PM

Hi, I just recently had suspicions of my computer having malware. After Norton 360's Sonar went off. Norton then got rid of the file, I launched a scan with Norton 360 and Malware Antibytes and found nothing. I then thought I had a rootkit possibly and I launched TDSS Killer. To find that I did indeed have some files, from googling the file names I found a post that most likely it was a false alarm, and that if I deleted it I would most likely make Windows unable to boot. I exited out, not knowing it would apply it automaticly.  I then did a backup on a drive before rebooting. Do you know what the files  purpose is or do I have a virus? When I rebooted, Windows started with no problems. Its just that Conduit will not come off. 

 

The file paths were:

C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

and 

C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

 

Also some registry files were removed.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 AM

Posted 18 June 2013 - 08:10 PM

Could you post the complete TDSS log?

MREMP50.sys is the PCAUSA NDIS 5.0 MPR Protocol Driver from Printing Communications Assoc.

http://www.pcausa.com/

It is usually found in C:\Program Files\Common\Motive. This is part of Broadband managemant software from Motive Communications, now part of Alcatel-Lucent. This software is distributed by many ISPs to provide desktop diagnostics to their users.



Did you run TDSS like this
Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



For Conduit please do this....

Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 AwakenedRage

AwakenedRage
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 AM

Posted 18 June 2013 - 08:35 PM

As soon as I come back home, I'l run the scan. Here's the TDSS Logs

 

16:09:43.0184 13304  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:09:43.0676 13304  ============================================================
16:09:43.0676 13304  Current date / time: 2013/06/13 16:09:43.0676
16:09:43.0676 13304  SystemInfo:
16:09:43.0676 13304   
16:09:43.0676 13304  OS Version: 6.1.7601 ServicePack: 1.0
16:09:43.0676 13304  Product type: Workstation
16:09:43.0676 13304  ComputerName: MICHAEL-PC
16:09:43.0684 13304  UserName: Michael
16:09:43.0684 13304  Windows directory: C:\Windows
16:09:43.0684 13304  System windows directory: C:\Windows
16:09:43.0684 13304  Processor architecture: Intel x86
16:09:43.0684 13304  Number of processors: 2
16:09:43.0684 13304  Page size: 0x1000
16:09:43.0684 13304  Boot type: Normal boot
16:09:43.0684 13304  ============================================================
16:09:49.0104 13304  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:09:49.0110 13304  ============================================================
16:09:49.0110 13304  \Device\Harddisk0\DR0:
16:09:49.0110 13304  MBR partitions:
16:09:49.0110 13304  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x24C0E000
16:09:49.0110 13304  ============================================================
16:09:49.0140 13304  C: <-> \Device\Harddisk0\DR0\Partition1
16:09:49.0140 13304  ============================================================
16:09:49.0141 13304  Initialize success
16:09:49.0141 13304  ============================================================
16:10:17.0558 13488  ============================================================
16:10:17.0558 13488  Scan started
16:10:17.0558 13488  Mode: Manual; SigCheck; TDLFS;  
16:10:17.0558 13488  ============================================================
16:10:18.0344 13488  ================ Scan system memory ========================
16:10:18.0345 13488  System memory - ok
16:10:18.0351 13488  ================ Scan services =============================
16:10:18.0887 13488  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:10:19.0488 13488  1394ohci - ok
16:10:19.0929 13488  [ 769DB4F484957CC98153B3C1B5D1162F ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:10:20.0092 13488  ACDaemon - ok
16:10:20.0511 13488  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:10:20.0631 13488  ACPI - ok
16:10:21.0077 13488  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:10:21.0489 13488  AcpiPmi - ok
16:10:22.0219 13488  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:10:22.0265 13488  AdobeFlashPlayerUpdateSvc - ok
16:10:22.0567 13488  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:10:22.0628 13488  adp94xx - ok
16:10:22.0702 13488  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:10:22.0771 13488  adpahci - ok
16:10:22.0819 13488  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:10:22.0864 13488  adpu320 - ok
16:10:23.0043 13488  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:10:23.0375 13488  AeLookupSvc - ok
16:10:23.0821 13488  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
16:10:24.0241 13488  AFD - ok
16:10:24.0403 13488  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
16:10:24.0523 13488  agp440 - ok
16:10:24.0775 13488  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
16:10:24.0845 13488  aic78xx - ok
16:10:25.0199 13488  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
16:10:25.0674 13488  ALG - ok
16:10:25.0711 13488  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:10:25.0811 13488  aliide - ok
16:10:25.0893 13488  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:10:25.0993 13488  amdagp - ok
16:10:26.0063 13488  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:10:26.0153 13488  amdide - ok
16:10:26.0265 13488  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:10:26.0701 13488  AmdK8 - ok
16:10:26.0825 13488  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:10:27.0147 13488  AmdPPM - ok
16:10:27.0547 13488  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:10:27.0615 13488  amdsata - ok
16:10:27.0826 13488  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:10:27.0873 13488  amdsbs - ok
16:10:27.0909 13488  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:10:28.0030 13488  amdxata - ok
16:10:28.0571 13488  [ 2BFB30F04A8407B70AF6DF44767F27F7 ] AntiLog32       C:\Windows\system32\drivers\AntiLog32.sys
16:10:28.0601 13488  AntiLog32 - ok
16:10:28.0953 13488  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
16:10:29.0160 13488  AppID - ok
16:10:29.0372 13488  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:10:29.0765 13488  AppIDSvc - ok
16:10:30.0075 13488  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
16:10:30.0584 13488  Appinfo - ok
16:10:30.0851 13488  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:10:30.0893 13488  Apple Mobile Device - ok
16:10:31.0140 13488  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:10:31.0289 13488  arc - ok
16:10:31.0369 13488  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:10:31.0440 13488  arcsas - ok
16:10:32.0052 13488  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:10:32.0090 13488  aspnet_state - ok
16:10:32.0187 13488  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:10:33.0628 13488  AsyncMac - ok
16:10:33.0670 13488  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
16:10:33.0709 13488  atapi - ok
16:10:33.0838 13488  [ ECF01C1E13591A1350FCF91D4197D9E2 ] athr            C:\Windows\system32\DRIVERS\athr.sys
16:10:34.0103 13488  athr - ok
16:10:34.0193 13488  ATP - ok
16:10:34.0563 13488  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:10:34.0723 13488  AudioEndpointBuilder - ok
16:10:34.0763 13488  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:10:34.0853 13488  Audiosrv - ok
16:10:35.0486 13488  [ BA60FD7A64B9759A14C0FBA4A9ED4C7B ] AVGIDSAgent     C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
16:10:35.0791 13488  AVGIDSAgent - ok
16:10:35.0981 13488  [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd           C:\Program Files\AVG\AVG2012\avgwdsvc.exe
16:10:36.0101 13488  avgwd - ok
16:10:36.0271 13488  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:10:36.0833 13488  AxInstSV - ok
16:10:37.0255 13488  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
16:10:37.0495 13488  b06bdrv - ok
16:10:37.0829 13488  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
16:10:38.0002 13488  b57nd60x - ok
16:10:38.0261 13488  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:10:38.0591 13488  BDESVC - ok
16:10:38.0781 13488  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:10:39.0004 13488  Beep - ok
16:10:39.0315 13488  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
16:10:39.0514 13488  BFE - ok
16:10:40.0638 13488  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130531.001\BHDrvx86.sys
16:10:40.0709 13488  BHDrvx86 - ok
16:10:40.0793 13488  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
16:10:41.0013 13488  BITS - ok
16:10:41.0065 13488  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:10:41.0125 13488  blbdrive - ok
16:10:41.0228 13488  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:10:41.0273 13488  Bonjour Service - ok
16:10:41.0326 13488  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:10:41.0566 13488  bowser - ok
16:10:41.0617 13488  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:10:41.0944 13488  BrFiltLo - ok
16:10:41.0964 13488  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:10:42.0266 13488  BrFiltUp - ok
16:10:42.0316 13488  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
16:10:42.0376 13488  Browser - ok
16:10:42.0414 13488  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:10:42.0488 13488  Brserid - ok
16:10:42.0508 13488  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:10:42.0580 13488  BrSerWdm - ok
16:10:42.0624 13488  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:10:42.0745 13488  BrUsbMdm - ok
16:10:42.0766 13488  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:10:42.0876 13488  BrUsbSer - ok
16:10:42.0892 13488  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:10:42.0952 13488  BTHMODEM - ok
16:10:42.0992 13488  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
16:10:43.0082 13488  bthserv - ok
16:10:43.0182 13488  [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360      C:\Windows\system32\drivers\N360\1403010.016\ccSetx86.sys
16:10:43.0212 13488  ccSet_N360 - ok
16:10:43.0262 13488  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:10:43.0463 13488  cdfs - ok
16:10:43.0522 13488  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
16:10:43.0606 13488  cdrom - ok
16:10:43.0664 13488  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:10:43.0756 13488  CertPropSvc - ok
16:10:43.0800 13488  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:10:43.0847 13488  circlass - ok
16:10:43.0895 13488  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
16:10:43.0946 13488  CLFS - ok
16:10:44.0006 13488  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:10:44.0072 13488  clr_optimization_v2.0.50727_32 - ok
16:10:44.0127 13488  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:10:44.0158 13488  clr_optimization_v4.0.30319_32 - ok
16:10:44.0280 13488  [ 09D38AEC081F064FD67B8B9C49790020 ] CltMngSvc       C:\Program Files\SearchProtect\bin\CltMngSvc.exe
16:10:44.0310 13488  CltMngSvc - ok
16:10:44.0340 13488  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:10:44.0400 13488  CmBatt - ok
16:10:44.0410 13488  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:10:44.0460 13488  cmdide - ok
16:10:44.0502 13488  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
16:10:44.0572 13488  CNG - ok
16:10:44.0629 13488  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:10:44.0684 13488  Compbatt - ok
16:10:44.0720 13488  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:10:44.0809 13488  CompositeBus - ok
16:10:44.0834 13488  COMSysApp - ok
16:10:44.0874 13488  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:10:44.0916 13488  crcdisk - ok
16:10:44.0984 13488  [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:10:45.0068 13488  CryptSvc - ok
16:10:45.0125 13488  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:10:45.0238 13488  DcomLaunch - ok
16:10:45.0287 13488  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:10:45.0439 13488  defragsvc - ok
16:10:45.0474 13488  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:10:45.0554 13488  DfsC - ok
16:10:45.0616 13488  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:10:45.0716 13488  Dhcp - ok
16:10:45.0746 13488  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
16:10:45.0836 13488  discache - ok
16:10:45.0866 13488  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:10:45.0916 13488  Disk - ok
16:10:45.0956 13488  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:10:46.0016 13488  Dnscache - ok
16:10:46.0066 13488  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:10:46.0217 13488  dot3svc - ok
16:10:46.0254 13488  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
16:10:46.0402 13488  DPS - ok
16:10:46.0441 13488  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:10:46.0628 13488  drmkaud - ok
16:10:46.0679 13488  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:10:46.0747 13488  DXGKrnl - ok
16:10:46.0795 13488  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
16:10:46.0894 13488  EapHost - ok
16:10:47.0000 13488  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
16:10:47.0170 13488  ebdrv - ok
16:10:47.0230 13488  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:10:47.0280 13488  eeCtrl - ok
16:10:47.0332 13488  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
16:10:47.0494 13488  EFS - ok
16:10:47.0561 13488  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:10:47.0671 13488  ehRecvr - ok
16:10:47.0711 13488  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
16:10:47.0802 13488  ehSched - ok
16:10:47.0876 13488  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:10:47.0944 13488  elxstor - ok
16:10:47.0999 13488  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:10:48.0034 13488  EraserUtilRebootDrv - ok
16:10:48.0078 13488  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:10:48.0161 13488  ErrDev - ok
16:10:48.0215 13488  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
16:10:48.0305 13488  EventSystem - ok
16:10:48.0355 13488  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
16:10:48.0435 13488  exfat - ok
16:10:48.0475 13488  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:10:48.0565 13488  fastfat - ok
16:10:48.0643 13488  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
16:10:48.0747 13488  Fax - ok
16:10:48.0777 13488  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:10:48.0821 13488  fdc - ok
16:10:48.0859 13488  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
16:10:48.0965 13488  fdPHost - ok
16:10:48.0989 13488  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
16:10:49.0149 13488  FDResPub - ok
16:10:49.0189 13488  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:10:49.0232 13488  FileInfo - ok
16:10:49.0258 13488  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:10:49.0442 13488  Filetrace - ok
16:10:49.0471 13488  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:10:49.0536 13488  flpydisk - ok
16:10:49.0573 13488  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:10:49.0613 13488  FltMgr - ok
16:10:49.0713 13488  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
16:10:49.0823 13488  FontCache - ok
16:10:49.0897 13488  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:10:49.0931 13488  FontCache3.0.0.0 - ok
16:10:49.0957 13488  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:10:50.0020 13488  FsDepends - ok
16:10:50.0053 13488  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:10:50.0085 13488  Fs_Rec - ok
16:10:50.0155 13488  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:10:50.0215 13488  fvevol - ok
16:10:50.0275 13488  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:10:50.0315 13488  gagp30kx - ok
16:10:50.0375 13488  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:10:50.0438 13488  GEARAspiWDM - ok
16:10:50.0567 13488  gel90xne - ok
16:10:50.0617 13488  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:10:50.0750 13488  gpsvc - ok
16:10:50.0799 13488  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:10:50.0839 13488  gupdate - ok
16:10:50.0839 13488  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:10:50.0879 13488  gupdatem - ok
16:10:50.0939 13488  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:10:50.0979 13488  gusvc - ok
16:10:51.0019 13488  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
16:10:51.0049 13488  hamachi - ok
16:10:51.0172 13488  [ FAC31204987B0BC037938DCEBFAAAE6F ] Hamachi2Svc     C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
16:10:51.0258 13488  Hamachi2Svc - ok
16:10:51.0286 13488  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:10:51.0341 13488  hcw85cir - ok
16:10:51.0412 13488  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:10:51.0473 13488  HdAudAddService - ok
16:10:51.0509 13488  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:10:51.0579 13488  HDAudBus - ok
16:10:51.0612 13488  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:10:51.0659 13488  HidBatt - ok
16:10:51.0686 13488  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:10:51.0811 13488  HidBth - ok
16:10:51.0856 13488  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:10:51.0937 13488  HidIr - ok
16:10:51.0970 13488  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
16:10:52.0085 13488  hidserv - ok
16:10:52.0135 13488  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:10:52.0197 13488  HidUsb - ok
16:10:52.0247 13488  [ AFC2004D9BB385DCE713E5088A1ED554 ] hipeer20        C:\Windows\system32\DRIVERS\remobo32.sys
16:10:52.0297 13488  hipeer20 ( UnsignedFile.Multi.Generic ) - warning
16:10:52.0297 13488  hipeer20 - detected UnsignedFile.Multi.Generic (1)
16:10:52.0347 13488  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:10:52.0433 13488  hkmsvc - ok
16:10:52.0470 13488  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:10:52.0539 13488  HomeGroupListener - ok
16:10:52.0577 13488  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:10:52.0641 13488  HomeGroupProvider - ok
16:10:52.0681 13488  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:10:52.0721 13488  HpSAMD - ok
16:10:52.0781 13488  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:10:52.0874 13488  HTTP - ok
16:10:52.0904 13488  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:10:52.0945 13488  hwpolicy - ok
16:10:52.0993 13488  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:10:53.0095 13488  i8042prt - ok
16:10:53.0148 13488  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:10:53.0212 13488  iaStorV - ok
16:10:53.0288 13488  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:10:53.0367 13488  idsvc - ok
16:10:53.0779 13488  [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130613.001\IDSvix86.sys
16:10:53.0819 13488  IDSVix86 - ok
16:10:53.0909 13488  [ 2B62B135BC77B43112BFCC3E46B10850 ] IDVaultSvc      C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
16:10:53.0939 13488  IDVaultSvc - ok
16:10:54.0233 13488  [ DCE0B53570703CCE580D066F89EF58CD ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
16:10:54.0657 13488  igfx - ok
16:10:54.0747 13488  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:10:54.0787 13488  iirsp - ok
16:10:54.0849 13488  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:10:54.0970 13488  IKEEXT - ok
16:10:55.0001 13488  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:10:55.0041 13488  intelide - ok
16:10:55.0081 13488  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:10:55.0163 13488  intelppm - ok
16:10:55.0202 13488  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:10:55.0303 13488  IPBusEnum - ok
16:10:55.0333 13488  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:10:55.0441 13488  IpFilterDriver - ok
16:10:55.0506 13488  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:10:55.0577 13488  iphlpsvc - ok
16:10:55.0628 13488  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:10:55.0753 13488  IPMIDRV - ok
16:10:55.0782 13488  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:10:55.0918 13488  IPNAT - ok
16:10:56.0019 13488  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:10:56.0075 13488  iPod Service - ok
16:10:56.0111 13488  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:10:56.0191 13488  IRENUM - ok
16:10:56.0221 13488  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:10:56.0261 13488  isapnp - ok
16:10:56.0295 13488  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:10:56.0346 13488  iScsiPrt - ok
16:10:56.0383 13488  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
16:10:56.0423 13488  kbdclass - ok
16:10:56.0465 13488  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:10:56.0515 13488  kbdhid - ok
16:10:56.0575 13488  [ 548221EAB713064F5AB5F00B293141FA ] keycrypt        C:\Windows\system32\DRIVERS\KeyCrypt32.sys
16:10:56.0605 13488  keycrypt - ok
16:10:56.0643 13488  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
16:10:56.0691 13488  KeyIso - ok
16:10:56.0721 13488  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:10:56.0757 13488  KSecDD - ok
16:10:56.0777 13488  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:10:56.0817 13488  KSecPkg - ok
16:10:56.0859 13488  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:10:57.0011 13488  KtmRm - ok
16:10:57.0047 13488  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:10:57.0133 13488  LanmanServer - ok
16:10:57.0179 13488  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:10:57.0330 13488  LanmanWorkstation - ok
16:10:57.0396 13488  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:10:57.0481 13488  lltdio - ok
16:10:57.0522 13488  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:10:57.0629 13488  lltdsvc - ok
16:10:57.0651 13488  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:10:57.0715 13488  lmhosts - ok
16:10:57.0765 13488  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:10:57.0808 13488  LSI_FC - ok
16:10:57.0826 13488  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:10:57.0873 13488  LSI_SAS - ok
16:10:57.0895 13488  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:10:57.0937 13488  LSI_SAS2 - ok
16:10:57.0954 13488  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:10:58.0004 13488  LSI_SCSI - ok
16:10:58.0032 13488  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
16:10:58.0160 13488  luafv - ok
16:10:58.0245 13488  [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy   C:\Windows\system32\drivers\mbamswissarmy.sys
16:10:58.0294 13488  MBAMSwissArmy - ok
16:10:58.0639 13488  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:10:58.0699 13488  Mcx2Svc - ok
16:10:58.0731 13488  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:10:58.0771 13488  megasas - ok
16:10:58.0814 13488  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:10:58.0863 13488  MegaSR - ok
16:10:58.0963 13488  Microsoft SharePoint Workspace Audit Service - ok
16:10:58.0993 13488  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
16:10:59.0095 13488  MMCSS - ok
16:10:59.0124 13488  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
16:10:59.0197 13488  Modem - ok
16:10:59.0227 13488  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:10:59.0287 13488  monitor - ok
16:10:59.0327 13488  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:10:59.0367 13488  mouclass - ok
16:10:59.0387 13488  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:10:59.0589 13488  mouhid - ok
16:10:59.0624 13488  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:10:59.0915 13488  mountmgr - ok
16:10:59.0953 13488  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:11:00.0083 13488  mpio - ok
16:11:00.0113 13488  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:11:00.0216 13488  mpsdrv - ok
16:11:00.0260 13488  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:11:00.0397 13488  MpsSvc - ok
16:11:00.0479 13488  [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
16:11:00.0489 13488  MREMP50 ( UnsignedFile.Multi.Generic ) - warning
16:11:00.0489 13488  MREMP50 - detected UnsignedFile.Multi.Generic (1)
16:11:00.0509 13488  MREMPR5 - ok
16:11:00.0519 13488  MRENDIS5 - ok
16:11:00.0569 13488  [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
16:11:00.0609 13488  MRESP50 ( UnsignedFile.Multi.Generic ) - warning
16:11:00.0609 13488  MRESP50 - detected UnsignedFile.Multi.Generic (1)
16:11:00.0639 13488  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:11:00.0709 13488  MRxDAV - ok
16:11:00.0759 13488  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:11:00.0819 13488  mrxsmb - ok
16:11:00.0859 13488  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:11:00.0911 13488  mrxsmb10 - ok
16:11:00.0932 13488  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:11:01.0012 13488  mrxsmb20 - ok
16:11:01.0037 13488  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
16:11:01.0082 13488  msahci - ok
16:11:01.0105 13488  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:11:01.0150 13488  msdsm - ok
16:11:01.0174 13488  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
16:11:01.0270 13488  MSDTC - ok
16:11:01.0313 13488  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:11:01.0407 13488  Msfs - ok
16:11:01.0429 13488  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:11:01.0516 13488  mshidkmdf - ok
16:11:01.0562 13488  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:11:01.0602 13488  msisadrv - ok
16:11:01.0653 13488  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:11:01.0828 13488  MSiSCSI - ok
16:11:01.0838 13488  msiserver - ok
16:11:01.0871 13488  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:11:01.0941 13488  MSKSSRV - ok
16:11:01.0961 13488  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:11:02.0453 13488  MSPCLOCK - ok
16:11:02.0493 13488  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:11:02.0588 13488  MSPQM - ok
16:11:02.0613 13488  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:11:02.0659 13488  MsRPC - ok
16:11:02.0704 13488  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:11:02.0752 13488  mssmbios - ok
16:11:02.0782 13488  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:11:02.0865 13488  MSTEE - ok
16:11:02.0888 13488  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:11:02.0946 13488  MTConfig - ok
16:11:02.0972 13488  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:11:03.0023 13488  Mup - ok
16:11:03.0222 13488  [ 241BD3019FB31E812A51B31B06906335 ] N360            C:\Program Files\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe
16:11:03.0256 13488  N360 - ok
16:11:03.0296 13488  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
16:11:03.0396 13488  napagent - ok
16:11:03.0456 13488  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:11:03.0507 13488  NativeWifiP - ok
16:11:03.0639 13488  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130612.009\NAVENG.SYS
16:11:03.0669 13488  NAVENG - ok
16:11:03.0787 13488  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130612.009\NAVEX15.SYS
16:11:03.0889 13488  NAVEX15 - ok
16:11:03.0953 13488  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:11:04.0023 13488  NDIS - ok
16:11:04.0053 13488  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:11:04.0123 13488  NdisCap - ok
16:11:04.0163 13488  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:11:04.0318 13488  NdisTapi - ok
16:11:04.0371 13488  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:11:04.0539 13488  Ndisuio - ok
16:11:04.0566 13488  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:11:04.0663 13488  NdisWan - ok
16:11:04.0691 13488  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:11:04.0783 13488  NDProxy - ok
16:11:04.0834 13488  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:11:04.0985 13488  NetBIOS - ok
16:11:05.0019 13488  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:11:05.0110 13488  NetBT - ok
16:11:05.0120 13488  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
16:11:05.0170 13488  Netlogon - ok
16:11:05.0210 13488  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
16:11:05.0290 13488  Netman - ok
16:11:05.0340 13488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:11:05.0380 13488  NetMsmqActivator - ok
16:11:05.0400 13488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:11:05.0440 13488  NetPipeActivator - ok
16:11:05.0482 13488  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
16:11:05.0593 13488  netprofm - ok
16:11:05.0633 13488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:11:05.0670 13488  NetTcpActivator - ok
16:11:05.0691 13488  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:11:05.0730 13488  NetTcpPortSharing - ok
16:11:05.0770 13488  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:11:05.0812 13488  nfrd960 - ok
16:11:05.0866 13488  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:11:05.0947 13488  NlaSvc - ok
16:11:05.0971 13488  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:11:06.0058 13488  Npfs - ok
16:11:06.0115 13488  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
16:11:06.0248 13488  nsi - ok
16:11:06.0272 13488  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:11:06.0371 13488  nsiproxy - ok
16:11:06.0438 13488  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:11:06.0531 13488  Ntfs - ok
16:11:06.0560 13488  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
16:11:06.0640 13488  Null - ok
16:11:06.0682 13488  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:11:06.0722 13488  nvraid - ok
16:11:06.0761 13488  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:11:06.0807 13488  nvstor - ok
16:11:06.0819 13488  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:11:06.0864 13488  nv_agp - ok
16:11:06.0884 13488  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:11:06.0934 13488  ohci1394 - ok
16:11:06.0996 13488  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:11:07.0047 13488  ose - ok
16:11:07.0218 13488  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:11:07.0548 13488  osppsvc - ok
16:11:07.0668 13488  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:11:07.0732 13488  p2pimsvc - ok
16:11:07.0782 13488  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:11:07.0836 13488  p2psvc - ok
16:11:07.0878 13488  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:11:07.0941 13488  Parport - ok
16:11:08.0254 13488  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:11:08.0297 13488  partmgr - ok
16:11:08.0324 13488  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
16:11:08.0386 13488  Parvdm - ok
16:11:08.0426 13488  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:11:08.0510 13488  PcaSvc - ok
16:11:08.0593 13488  [ ACFF877F5C17B9360919919F10DD6072 ] pcCMService     C:\Program Files\Common Files\Motive\pcCMService.exe
16:11:08.0645 13488  pcCMService ( UnsignedFile.Multi.Generic ) - warning
16:11:08.0645 13488  pcCMService - detected UnsignedFile.Multi.Generic (1)
16:11:08.0679 13488  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
16:11:08.0745 13488  pci - ok
16:11:08.0779 13488  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
16:11:08.0820 13488  pciide - ok
16:11:08.0869 13488  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:11:08.0933 13488  pcmcia - ok
16:11:08.0957 13488  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
16:11:08.0998 13488  pcw - ok
16:11:09.0048 13488  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:11:09.0168 13488  PEAUTH - ok
16:11:09.0250 13488  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
16:11:09.0418 13488  pla - ok
16:11:09.0452 13488  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:11:09.0524 13488  PlugPlay - ok
16:11:09.0544 13488  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:11:09.0604 13488  PNRPAutoReg - ok
16:11:09.0634 13488  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:11:09.0694 13488  PNRPsvc - ok
16:11:09.0726 13488  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:11:09.0817 13488  PolicyAgent - ok
16:11:09.0858 13488  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
16:11:10.0004 13488  Power - ok
16:11:10.0056 13488  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:11:10.0156 13488  PptpMiniport - ok
16:11:10.0180 13488  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:11:10.0343 13488  Processor - ok
16:11:10.0378 13488  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
16:11:10.0450 13488  ProfSvc - ok
16:11:10.0493 13488  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:11:10.0546 13488  ProtectedStorage - ok
16:11:10.0587 13488  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:11:10.0677 13488  Psched - ok
16:11:10.0734 13488  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:11:10.0824 13488  ql2300 - ok
16:11:10.0854 13488  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:11:10.0905 13488  ql40xx - ok
16:11:10.0946 13488  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
16:11:11.0016 13488  QWAVE - ok
16:11:11.0033 13488  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:11:11.0084 13488  QWAVEdrv - ok
16:11:11.0112 13488  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:11:11.0228 13488  RasAcd - ok
16:11:11.0268 13488  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:11:11.0358 13488  RasAgileVpn - ok
16:11:11.0398 13488  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
16:11:11.0505 13488  RasAuto - ok
16:11:11.0549 13488  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:11:11.0648 13488  Rasl2tp - ok
16:11:11.0713 13488  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
16:11:11.0878 13488  RasMan - ok
16:11:11.0927 13488  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:11:12.0037 13488  RasPppoe - ok
16:11:12.0054 13488  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:11:12.0138 13488  RasSstp - ok
16:11:12.0189 13488  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:11:12.0564 13488  rdbss - ok
16:11:12.0594 13488  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:11:12.0644 13488  rdpbus - ok
16:11:12.0692 13488  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:11:12.0776 13488  RDPCDD - ok
16:11:12.0828 13488  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:11:12.0940 13488  RDPENCDD - ok
16:11:12.0989 13488  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:11:13.0083 13488  RDPREFMP - ok
16:11:13.0160 13488  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:11:13.0230 13488  RdpVideoMiniport - ok
16:11:13.0267 13488  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:11:13.0322 13488  RDPWD - ok
16:11:13.0385 13488  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:11:13.0432 13488  rdyboost - ok
16:11:13.0475 13488  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:11:13.0572 13488  RemoteAccess - ok
16:11:13.0596 13488  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:11:13.0686 13488  RemoteRegistry - ok
16:11:13.0706 13488  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:11:13.0796 13488  RpcEptMapper - ok
16:11:13.0826 13488  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
16:11:13.0866 13488  RpcLocator - ok
16:11:13.0896 13488  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
16:11:13.0993 13488  RpcSs - ok
16:11:14.0045 13488  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:11:14.0146 13488  rspndr - ok
16:11:14.0218 13488  [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
16:11:14.0266 13488  RTL8167 - ok
16:11:14.0548 13488  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
16:11:14.0610 13488  SamSs - ok
16:11:14.0651 13488  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:11:14.0688 13488  sbp2port - ok
16:11:14.0729 13488  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:11:14.0816 13488  SCardSvr - ok
16:11:14.0859 13488  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:11:14.0940 13488  scfilter - ok
16:11:14.0990 13488  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
16:11:15.0100 13488  Schedule - ok
16:11:15.0140 13488  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:11:15.0210 13488  SCPolicySvc - ok
16:11:15.0250 13488  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
16:11:15.0310 13488  sdbus - ok
16:11:15.0340 13488  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:11:15.0420 13488  SDRSVC - ok
16:11:15.0477 13488  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:11:15.0577 13488  secdrv - ok
16:11:15.0612 13488  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
16:11:15.0718 13488  seclogon - ok
16:11:15.0774 13488  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
16:11:15.0911 13488  SENS - ok
16:11:15.0940 13488  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:11:16.0060 13488  SensrSvc - ok
16:11:16.0085 13488  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:11:16.0142 13488  Serenum - ok
16:11:16.0204 13488  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:11:16.0276 13488  Serial - ok
16:11:16.0296 13488  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:11:16.0346 13488  sermouse - ok
16:11:16.0396 13488  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:11:16.0486 13488  SessionEnv - ok
16:11:16.0516 13488  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
16:11:16.0576 13488  sffdisk - ok
16:11:16.0615 13488  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:11:16.0668 13488  sffp_mmc - ok
16:11:16.0698 13488  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
16:11:16.0783 13488  sffp_sd - ok
16:11:16.0820 13488  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:11:16.0893 13488  sfloppy - ok
16:11:16.0942 13488  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:11:17.0042 13488  SharedAccess - ok
16:11:17.0081 13488  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:11:17.0182 13488  ShellHWDetection - ok
16:11:17.0213 13488  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:11:17.0256 13488  sisagp - ok
16:11:17.0307 13488  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:11:17.0364 13488  SiSRaid2 - ok
16:11:17.0394 13488  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:11:17.0437 13488  SiSRaid4 - ok
16:11:17.0508 13488  [ CA355B308AA537C6B9D67CD3A5485AF9 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
16:11:17.0549 13488  SkypeUpdate - ok
16:11:17.0601 13488  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:11:17.0684 13488  Smb - ok
16:11:17.0736 13488  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:11:17.0782 13488  SNMPTRAP - ok
16:11:17.0802 13488  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:11:17.0842 13488  spldr - ok
16:11:17.0912 13488  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
16:11:18.0002 13488  Spooler - ok
16:11:18.0134 13488  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
16:11:18.0575 13488  sppsvc - ok
16:11:18.0618 13488  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:11:18.0725 13488  sppuinotify - ok
16:11:18.0816 13488  [ 0A8F71E1DB5432A5B9285111421E77EC ] SRTSP           C:\Windows\System32\Drivers\N360\1403010.016\SRTSP.SYS
16:11:18.0878 13488  SRTSP - ok
16:11:18.0938 13488  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\Windows\system32\drivers\N360\1403010.016\SRTSPX.SYS
16:11:18.0976 13488  SRTSPX - ok
16:11:19.0013 13488  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:11:19.0091 13488  srv - ok
16:11:19.0123 13488  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:11:19.0189 13488  srv2 - ok
16:11:19.0238 13488  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:11:19.0300 13488  SrvHsfHDA - ok
16:11:19.0340 13488  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:11:19.0417 13488  SrvHsfV92 - ok
16:11:19.0460 13488  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
16:11:19.0537 13488  SrvHsfWinac - ok
16:11:19.0581 13488  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:11:19.0642 13488  srvnet - ok
16:11:19.0672 13488  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:11:19.0752 13488  SSDPSRV - ok
16:11:19.0772 13488  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:11:19.0852 13488  SstpSvc - ok
16:11:19.0882 13488  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:11:19.0922 13488  stexstor - ok
16:11:19.0982 13488  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
16:11:20.0081 13488  StiSvc - ok
16:11:20.0126 13488  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:11:20.0166 13488  swenum - ok
16:11:20.0219 13488  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
16:11:20.0344 13488  swprv - ok
16:11:20.0399 13488  [ 6EA77FF0CE4E839EA8B1CEA5F5B28C00 ] SymDS           C:\Windows\system32\drivers\N360\1403010.016\SYMDS.SYS
16:11:20.0456 13488  SymDS - ok
16:11:20.0534 13488  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\Windows\system32\drivers\N360\1403010.016\SYMEFA.SYS
16:11:20.0604 13488  SymEFA - ok
16:11:20.0666 13488  [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
16:11:20.0703 13488  SymEvent - ok
16:11:20.0766 13488  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\Windows\system32\drivers\N360\1403010.016\Ironx86.SYS
16:11:20.0834 13488  SymIRON - ok
16:11:20.0898 13488  [ 21698476A90ACAA056B8CFE09A82785F ] SymNetS         C:\Windows\System32\Drivers\N360\1403010.016\SYMNETS.SYS
16:11:20.0938 13488  SymNetS - ok
16:11:20.0998 13488  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
16:11:21.0088 13488  SysMain - ok
16:11:21.0128 13488  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:11:21.0208 13488  TabletInputService - ok
16:11:21.0276 13488  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:11:21.0403 13488  TapiSrv - ok
16:11:21.0436 13488  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
16:11:21.0560 13488  TBS - ok
16:11:21.0660 13488  [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:11:21.0766 13488  Tcpip - ok
16:11:21.0852 13488  [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:11:21.0932 13488  TCPIP6 - ok
16:11:22.0004 13488  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:11:22.0109 13488  tcpipreg - ok
16:11:22.0174 13488  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:11:22.0226 13488  TDPIPE - ok
16:11:22.0246 13488  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:11:22.0316 13488  TDTCP - ok
16:11:22.0356 13488  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:11:22.0446 13488  tdx - ok
16:11:22.0707 13488  [ 879F46329B7DC4D109345AA96F1AB47F ] TeamViewer8     C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
16:11:22.0938 13488  TeamViewer8 - ok
16:11:22.0999 13488  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:11:23.0039 13488  TermDD - ok
16:11:23.0101 13488  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
16:11:23.0207 13488  TermService - ok
16:11:23.0251 13488  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
16:11:23.0315 13488  Themes - ok
16:11:23.0350 13488  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
16:11:23.0445 13488  THREADORDER - ok
16:11:23.0469 13488  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
16:11:23.0863 13488  TrkWks - ok
16:11:23.0935 13488  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:11:24.0025 13488  TrustedInstaller - ok
16:11:24.0055 13488  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:11:24.0133 13488  tssecsrv - ok
16:11:24.0174 13488  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:11:24.0300 13488  TsUsbFlt - ok
16:11:24.0332 13488  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:11:24.0434 13488  tunnel - ok
16:11:24.0471 13488  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:11:24.0513 13488  uagp35 - ok
16:11:24.0555 13488  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:11:24.0657 13488  udfs - ok
16:11:24.0716 13488  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:11:24.0769 13488  UI0Detect - ok
16:11:24.0811 13488  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:11:24.0862 13488  uliagpkx - ok
16:11:24.0911 13488  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:11:24.0963 13488  umbus - ok
16:11:24.0993 13488  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:11:25.0053 13488  UmPass - ok
16:11:25.0095 13488  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
16:11:25.0187 13488  upnphost - ok
16:11:25.0247 13488  [ 62E22A4FA518BAFEF35BDC17BC5B2819 ] USB28xxBGA      C:\Windows\system32\DRIVERS\emBDA.sys
16:11:25.0327 13488  USB28xxBGA - ok
16:11:25.0357 13488  [ 9D055ED70E584DF1563B745A7B86DE59 ] USB28xxOEM      C:\Windows\system32\DRIVERS\emOEM.sys
16:11:25.0449 13488  USB28xxOEM - ok
16:11:25.0491 13488  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
16:11:25.0622 13488  USBAAPL - ok
16:11:25.0703 13488  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:11:25.0788 13488  usbaudio - ok
16:11:25.0836 13488  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:11:25.0914 13488  usbccgp - ok
16:11:25.0963 13488  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:11:26.0019 13488  usbcir - ok
16:11:26.0048 13488  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:11:26.0095 13488  usbehci - ok
16:11:26.0154 13488  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:11:26.0227 13488  usbhub - ok
16:11:26.0511 13488  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:11:26.0561 13488  usbohci - ok
16:11:26.0611 13488  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:11:26.0661 13488  usbprint - ok
16:11:26.0717 13488  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:11:26.0789 13488  usbscan - ok
16:11:26.0826 13488  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:11:26.0911 13488  USBSTOR - ok
16:11:26.0958 13488  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:11:27.0010 13488  usbuhci - ok
16:11:27.0046 13488  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:11:27.0109 13488  usbvideo - ok
16:11:27.0151 13488  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
16:11:27.0256 13488  UxSms - ok
16:11:27.0279 13488  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
16:11:27.0330 13488  VaultSvc - ok
16:11:27.0382 13488  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:11:27.0423 13488  vdrvroot - ok
16:11:27.0480 13488  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
16:11:27.0594 13488  vds - ok
16:11:27.0625 13488  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:11:27.0687 13488  vga - ok
16:11:27.0707 13488  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:11:27.0787 13488  VgaSave - ok
16:11:27.0817 13488  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:11:27.0867 13488  vhdmp - ok
16:11:27.0910 13488  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:11:27.0960 13488  viaagp - ok
16:11:27.0994 13488  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
16:11:28.0056 13488  ViaC7 - ok
16:11:28.0086 13488  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
16:11:28.0127 13488  viaide - ok
16:11:28.0153 13488  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:11:28.0198 13488  volmgr - ok
16:11:28.0254 13488  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:11:28.0306 13488  volmgrx - ok
16:11:28.0338 13488  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:11:28.0389 13488  volsnap - ok
16:11:28.0452 13488  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:11:28.0498 13488  vsmraid - ok
16:11:28.0551 13488  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
16:11:28.0731 13488  VSS - ok
16:11:28.0993 13488  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:11:29.0063 13488  vwifibus - ok
16:11:29.0107 13488  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:11:29.0155 13488  vwififlt - ok
16:11:29.0203 13488  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
16:11:29.0297 13488  W32Time - ok
16:11:29.0337 13488  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:11:29.0377 13488  WacomPen - ok
16:11:29.0437 13488  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:11:29.0537 13488  WANARP - ok
16:11:29.0549 13488  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:11:29.0651 13488  Wanarpv6 - ok
16:11:29.0739 13488  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:11:29.0831 13488  WatAdminSvc - ok
16:11:29.0891 13488  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
16:11:30.0156 13488  wbengine - ok
16:11:30.0209 13488  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:11:30.0306 13488  WbioSrvc - ok
16:11:30.0349 13488  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:11:30.0403 13488  wcncsvc - ok
16:11:30.0453 13488  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:11:30.0523 13488  WcsPlugInService - ok
16:11:30.0565 13488  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:11:30.0620 13488  Wd - ok
16:11:30.0657 13488  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:11:30.0735 13488  Wdf01000 - ok
16:11:30.0777 13488  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:11:30.0879 13488  WdiServiceHost - ok
16:11:30.0904 13488  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:11:30.0966 13488  WdiSystemHost - ok
16:11:30.0991 13488  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
16:11:31.0061 13488  WebClient - ok
16:11:31.0101 13488  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:11:31.0190 13488  Wecsvc - ok
16:11:31.0216 13488  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:11:31.0316 13488  wercplsupport - ok
16:11:31.0380 13488  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:11:31.0487 13488  WerSvc - ok
16:11:31.0540 13488  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:11:31.0644 13488  WfpLwf - ok
16:11:31.0667 13488  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:11:31.0709 13488  WIMMount - ok
16:11:31.0773 13488  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:11:31.0854 13488  WinDefend - ok
16:11:31.0913 13488  WinHttpAutoProxySvc - ok
16:11:31.0996 13488  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:11:32.0088 13488  Winmgmt - ok
16:11:32.0148 13488  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
16:11:32.0278 13488  WinRM - ok
16:11:32.0338 13488  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:11:32.0398 13488  WinUsb - ok
16:11:32.0460 13488  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:11:32.0547 13488  Wlansvc - ok
16:11:32.0582 13488  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:11:32.0632 13488  WmiAcpi - ok
16:11:32.0688 13488  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:11:32.0785 13488  wmiApSrv - ok
16:11:32.0880 13488  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:11:33.0043 13488  WMPNetworkSvc - ok
16:11:33.0081 13488  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:11:33.0191 13488  WPCSvc - ok
16:11:33.0225 13488  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:11:33.0290 13488  WPDBusEnum - ok
16:11:33.0330 13488  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:11:33.0424 13488  ws2ifsl - ok
16:11:33.0454 13488  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
16:11:33.0504 13488  wscsvc - ok
16:11:33.0554 13488  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
16:11:33.0640 13488  WSDPrintDevice - ok
16:11:33.0683 13488  [ 7DC0270CFD4A05B4112E3EBBF083B595 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
16:11:33.0726 13488  WSDScan - ok
16:11:33.0736 13488  WSearch - ok
16:11:33.0828 13488  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
16:11:33.0947 13488  wuauserv - ok
16:11:33.0984 13488  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:11:34.0030 13488  WudfPf - ok
16:11:34.0080 13488  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:11:34.0130 13488  WUDFRd - ok
16:11:34.0158 13488  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:11:34.0266 13488  wudfsvc - ok
16:11:34.0311 13488  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:11:34.0405 13488  WwanSvc - ok
16:11:34.0479 13488  [ 716B62030A01DD78A5E0CE3B693ECCCA ] XET1001Sp50     C:\Windows\system32\Drivers\XET1001Sp50.sys
16:11:34.0523 13488  XET1001Sp50 - ok
16:11:34.0588 13488  ================ Scan global ===============================
16:11:34.0622 13488  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:11:34.0667 13488  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:11:34.0684 13488  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:11:34.0714 13488  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:11:34.0774 13488  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:11:34.0784 13488  [Global] - ok
16:11:34.0784 13488  ================ Scan MBR ==================================
16:11:34.0794 13488  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:11:35.0842 13488  \Device\Harddisk0\DR0 - ok
16:11:35.0842 13488  ================ Scan VBR ==================================
16:11:35.0872 13488  [ 202CF5F3FFF532669A6E69FF28FA19A5 ] \Device\Harddisk0\DR0\Partition1
16:11:35.0872 13488  \Device\Harddisk0\DR0\Partition1 - ok
16:11:35.0882 13488  ============================================================
16:11:35.0882 13488  Scan finished
16:11:35.0882 13488  ============================================================
16:11:35.0912 13480  Detected object count: 4
16:11:35.0912 13480  Actual detected object count: 4
16:35:39.0613 13480  C:\Windows\system32\DRIVERS\remobo32.sys - copied to quarantine
16:35:39.0630 13480  HKLM\SYSTEM\ControlSet001\services\hipeer20 - will be deleted on reboot
16:35:39.0648 13480  HKLM\SYSTEM\ControlSet002\services\hipeer20 - will be deleted on reboot
16:35:39.0910 13480  C:\Windows\system32\DRIVERS\remobo32.sys - will be deleted on reboot
16:35:39.0910 13480  hipeer20 ( UnsignedFile.Multi.Generic ) - User select action: Delete  
16:35:39.0953 13480  C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS - copied to quarantine
16:35:39.0954 13480  HKLM\SYSTEM\ControlSet001\services\MREMP50 - will be deleted on reboot
16:35:39.0955 13480  HKLM\SYSTEM\ControlSet002\services\MREMP50 - will be deleted on reboot
16:35:39.0965 13480  C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS - will be deleted on reboot
16:35:39.0965 13480  MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Delete  
16:35:39.0995 13480  C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS - copied to quarantine
16:35:39.0996 13480  HKLM\SYSTEM\ControlSet001\services\MRESP50 - will be deleted on reboot
16:35:40.0013 13480  HKLM\SYSTEM\ControlSet002\services\MRESP50 - will be deleted on reboot
16:35:40.0035 13480  C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS - will be deleted on reboot
16:35:40.0036 13480  MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Delete  
16:35:40.0089 13480  C:\Program Files\Common Files\Motive\pcCMService.exe - copied to quarantine
16:35:40.0091 13480  HKLM\SYSTEM\ControlSet001\services\pcCMService - will be deleted on reboot
16:35:40.0092 13480  HKLM\SYSTEM\ControlSet002\services\pcCMService - will be deleted on reboot
16:35:40.0101 13480  C:\Program Files\Common Files\Motive\pcCMService.exe - will be deleted on reboot
16:35:40.0102 13480  pcCMService ( UnsignedFile.Multi.Generic ) - User select action: Delete



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 AM

Posted 18 June 2013 - 08:50 PM

Ok, these should not be removed
Multi.Generic
MREMP50
hipeer20

You may want to also run this ...this is a Trojan dropper..... pcCMService.exe


run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 AwakenedRage

AwakenedRage
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 AM

Posted 18 June 2013 - 09:44 PM

When I tried to post it on my immune Linux laptop, it wouldnt find the log copied to the sd card  does it have hidden attributes? Whatever he is the log

I'l post ESET after, 

 

# AdwCleaner v2.303 - Logfile created 06/18/2013 at 21:31:53
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Michael - MICHAEL-PC
# Boot Mode : Normal
# Running from : C:\Users\Michael\Contacts\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Deleted on reboot : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\xfin_portal
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Folder Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Folder Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Michael\AppData\Local\PackageAware
Folder Deleted : C:\Users\Michael\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Michael\AppData\LocalLow\xfin_portal
Folder Deleted : C:\Users\Mike2\AppData\Local\Conduit
Folder Deleted : C:\Users\Mike2\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Mike2\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Mike2\AppData\LocalLow\xfin_portal
Folder Deleted : C:\Users\Mike2\AppData\Roaming\SearchProtect
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xfin_portal
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16611
 
[OK] Registry is clean.
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.2317] : homepage = "hxxp://search.conduit.com/?CUI=UN81538270313566702&ctid=CT3225826&SearchSource=48",
Deleted [l.2635] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?CUI=UN81538270313566702&ctid=CT322[...]
 
File : C:\Users\Mike2\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
-\\ Chromium v29.0.1536.0
 
File : C:\Users\Michael\AppData\Local\Chromium\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [7047 octets] - [18/06/2013 21:31:53]
 
########## EOF - C:\AdwCleaner[S1].txt - [7107 octets] ##########


#6 AwakenedRage

AwakenedRage
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 AM

Posted 18 June 2013 - 10:03 PM

Nvm worked


Edited by AwakenedRage, 18 June 2013 - 10:19 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 AM

Posted 18 June 2013 - 10:26 PM

Can you run ESET online scanner from safemode with networking


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 AwakenedRage

AwakenedRage
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 AM

Posted 18 June 2013 - 10:38 PM

I got it, it worked in normal. 

C:\$Recycle.Bin\S-1-5-21-1390893546-3016001496-41442253-1000\$R4BAZKG.exe a variant of Win32/InstallCore.BT application
C:\$Recycle.Bin\S-1-5-21-1390893546-3016001496-41442253-1000\$RARSIQ8.exe probably a variant of Win32/1AntiVirus application
C:\$Recycle.Bin\S-1-5-21-1390893546-3016001496-41442253-1000\$RDDA88H.exe probably a variant of Win32/1AntiVirus application
C:\$Recycle.Bin\S-1-5-21-1390893546-3016001496-41442253-1000\$RHLNJLE.exe a variant of Win32/YourFileDownloader.A application


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 AM

Posted 19 June 2013 - 08:18 PM

Looks like we got it, how is it running?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 AwakenedRage

AwakenedRage
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 AM

Posted 19 June 2013 - 08:41 PM

Its running fine other then Chrome not being able to find its preferances. What did TDSS Killer delete? Also, what did the Trojan dropper do specificly? Steal Passwords?



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 AM

Posted 19 June 2013 - 10:22 PM

Hello, pccmService.exe is known as a virus dropper. It is used to install other viruses on the computer. Perhaps the others found and removed. Of what is listed there are spy and adware but no info stealers.

Reinstall Chrome.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users