Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do I detect a keylogger?


  • Please log in to reply
17 replies to this topic

#1 Blixx

Blixx

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 18 September 2012 - 09:29 AM

Three issues:

1) Is there any program I can use to scan for keyloggers?

Will my Avast Free Antivirus prevent these? I have it set to the highest sensitivity standard on all its Shields, and also have all set to scan for PUPs.

I have funds on the internet and do day trading and such and my biggest fear is a Trojan sending my info - passwords, etc. - out of my computer to a criminal, and also that a Keylogger gets installed on the computer which I'm not aware of.

2) I saw an article stating that most problems of this nature could be prevented by running my computer as someone without administrative privileges - that this would prevent most programs from being able to take control, even if I unknowingly clicked on a downloader for a trojan/keylogger.

Does that sound accurate?
The article had some reader comments where they had problems making the changes the article suggested, and then had problems changing back to how it was previously, so I'm reluctant to try this without guidance in case of problems.

3) I've also had some trojans my antivirus has found recently and removed. It's coming up clean now, but would like to make sure my system is clean and that it's not missing anything.



Please help.

Edited by Blixx, 18 September 2012 - 09:33 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:30 AM

Posted 18 September 2012 - 10:16 AM

Hello. well we need to know your operating system. This is true about the other accounts,especially in XP.

You should also run these. I would buy MBAM if i do financials as it will compliment Avast.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#3 Blixx

Blixx
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 02 October 2012 - 04:39 PM

Right after I posted here, I coincidentally installed MBAM to my computer.

Is it ok if I perform the scan using that, or do you need me to uninstall it and download it to my desktop.


"When the installation begins, follow the prompts and do not make any changes to default settings."

It's possible I've changed some default settings, so if you prefer, I can uninstall and then download it to my desktop.


Also - You never responded to my questions #1 and #2.


Finally - I've recently picked up a redirect when I use Firefox, so would appreciate it if you could help me get rid of that most annoying trojan/virus.

Edited by Blixx, 02 October 2012 - 04:41 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:30 AM

Posted 02 October 2012 - 05:24 PM

May as well Un and reinstall so we know all settings are good.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 Blixx

Blixx
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 03 October 2012 - 03:20 AM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.03.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rick :: RICK-VAIO [administrator]

10/3/2012 1:15:18 AM
mbam-log-2012-10-03 (01-15-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 227035
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 Blixx

Blixx
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 03 October 2012 - 03:25 AM

NOTE: Did NOT Reboot.
_____________________________________________






01:23:01.0119 5800 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
01:23:01.0712 5800 ============================================================
01:23:01.0712 5800 Current date / time: 2012/10/03 01:23:01.0712
01:23:01.0712 5800 SystemInfo:
01:23:01.0712 5800
01:23:01.0712 5800 OS Version: 6.1.7601 ServicePack: 1.0
01:23:01.0712 5800 Product type: Workstation
01:23:01.0712 5800 ComputerName: RICK-VAIO
01:23:01.0712 5800 UserName: Rick
01:23:01.0712 5800 Windows directory: C:\Windows
01:23:01.0712 5800 System windows directory: C:\Windows
01:23:01.0712 5800 Running under WOW64
01:23:01.0712 5800 Processor architecture: Intel x64
01:23:01.0712 5800 Number of processors: 4
01:23:01.0712 5800 Page size: 0x1000
01:23:01.0712 5800 Boot type: Normal boot
01:23:01.0712 5800 ============================================================
01:23:02.0149 5800 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:23:02.0149 5800 ============================================================
01:23:02.0149 5800 \Device\Harddisk0\DR0:
01:23:02.0149 5800 MBR partitions:
01:23:02.0149 5800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1894000, BlocksNum 0x32000
01:23:02.0149 5800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x18C6000, BlocksNum 0x48F91AB0
01:23:02.0149 5800 ============================================================
01:23:02.0273 5800 C: <-> \Device\Harddisk0\DR0\Partition2
01:23:02.0273 5800 ============================================================
01:23:02.0273 5800 Initialize success
01:23:02.0273 5800 ============================================================
01:23:42.0350 5896 ============================================================
01:23:42.0350 5896 Scan started
01:23:42.0350 5896 Mode: Manual; TDLFS;
01:23:42.0350 5896 ============================================================
01:23:42.0537 5896 ================ Scan system memory ========================
01:23:42.0537 5896 System memory - ok
01:23:42.0537 5896 ================ Scan services =============================
01:23:42.0646 5896 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
01:23:42.0646 5896 !SASCORE - ok
01:23:42.0849 5896 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:23:42.0849 5896 1394ohci - ok
01:23:42.0958 5896 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
01:23:42.0958 5896 ACDaemon - ok
01:23:43.0021 5896 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:23:43.0021 5896 ACPI - ok
01:23:43.0052 5896 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:23:43.0052 5896 AcpiPmi - ok
01:23:43.0130 5896 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:23:43.0130 5896 adp94xx - ok
01:23:43.0177 5896 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:23:43.0192 5896 adpahci - ok
01:23:43.0208 5896 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:23:43.0208 5896 adpu320 - ok
01:23:43.0239 5896 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:23:43.0239 5896 AeLookupSvc - ok
01:23:43.0301 5896 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:23:43.0317 5896 AFD - ok
01:23:43.0364 5896 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:23:43.0364 5896 agp440 - ok
01:23:43.0379 5896 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:23:43.0379 5896 ALG - ok
01:23:43.0411 5896 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:23:43.0426 5896 aliide - ok
01:23:43.0457 5896 [ 6F7DCC837AF60FEFC235877A7D312077 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
01:23:43.0457 5896 AMD External Events Utility - ok
01:23:43.0504 5896 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:23:43.0504 5896 amdide - ok
01:23:43.0535 5896 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
01:23:43.0535 5896 AmdK8 - ok
01:23:43.0769 5896 [ 0D28CD1E31B59D73F10BD8144C0762B3 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
01:23:43.0957 5896 amdkmdag - ok
01:23:44.0003 5896 [ 66D5254B0DA7400CC7E26DC9BBD8E90E ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
01:23:44.0003 5896 amdkmdap - ok
01:23:44.0050 5896 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
01:23:44.0050 5896 AmdPPM - ok
01:23:44.0081 5896 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:23:44.0081 5896 amdsata - ok
01:23:44.0128 5896 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
01:23:44.0128 5896 amdsbs - ok
01:23:44.0144 5896 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:23:44.0144 5896 amdxata - ok
01:23:44.0191 5896 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
01:23:44.0191 5896 AMPPAL - ok
01:23:44.0206 5896 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
01:23:44.0206 5896 AMPPALP - ok
01:23:44.0362 5896 [ 83A0E7BA4AE616D3654E700D9C5FF9DB ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
01:23:44.0362 5896 AMPPALR3 - ok
01:23:44.0409 5896 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:23:44.0409 5896 AppID - ok
01:23:44.0440 5896 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:23:44.0440 5896 AppIDSvc - ok
01:23:44.0471 5896 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:23:44.0471 5896 Appinfo - ok
01:23:44.0503 5896 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
01:23:44.0503 5896 arc - ok
01:23:44.0534 5896 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:23:44.0534 5896 arcsas - ok
01:23:44.0549 5896 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
01:23:44.0549 5896 ArcSoftKsUFilter - ok
01:23:44.0643 5896 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:23:44.0643 5896 aspnet_state - ok
01:23:44.0690 5896 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
01:23:44.0705 5896 aswFsBlk - ok
01:23:44.0768 5896 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
01:23:44.0768 5896 aswMonFlt - ok
01:23:44.0815 5896 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
01:23:44.0815 5896 aswRdr - ok
01:23:44.0861 5896 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
01:23:44.0861 5896 aswSnx - ok
01:23:44.0893 5896 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
01:23:44.0908 5896 aswSP - ok
01:23:44.0955 5896 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
01:23:44.0955 5896 aswTdi - ok
01:23:44.0986 5896 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:23:44.0986 5896 AsyncMac - ok
01:23:45.0033 5896 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:23:45.0033 5896 atapi - ok
01:23:45.0080 5896 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
01:23:45.0111 5896 athr - ok
01:23:45.0189 5896 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:23:45.0189 5896 AudioEndpointBuilder - ok
01:23:45.0205 5896 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:23:45.0205 5896 AudioSrv - ok
01:23:45.0283 5896 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
01:23:45.0283 5896 avast! Antivirus - ok
01:23:45.0329 5896 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:23:45.0329 5896 AxInstSV - ok
01:23:45.0376 5896 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
01:23:45.0376 5896 b06bdrv - ok
01:23:45.0407 5896 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:23:45.0423 5896 b57nd60a - ok
01:23:45.0485 5896 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
01:23:45.0485 5896 BBSvc - ok
01:23:45.0517 5896 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:23:45.0517 5896 BDESVC - ok
01:23:45.0563 5896 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:23:45.0563 5896 Beep - ok
01:23:45.0610 5896 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
01:23:45.0610 5896 BFE - ok
01:23:45.0641 5896 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
01:23:45.0704 5896 BITS - ok
01:23:45.0766 5896 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
01:23:45.0766 5896 blbdrive - ok
01:23:45.0891 5896 [ E52221FF68AABB5BEE32A7DEE69E7EAB ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
01:23:45.0891 5896 Bluetooth Device Monitor - ok
01:23:45.0938 5896 [ 5CFA8896A5E10B226B0606B4C84D97AE ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
01:23:45.0938 5896 Bluetooth Media Service - ok
01:23:46.0000 5896 [ 03FE8826F70FC84401B554C4004C4593 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
01:23:46.0016 5896 Bluetooth OBEX Service - ok
01:23:46.0031 5896 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:23:46.0031 5896 bowser - ok
01:23:46.0063 5896 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
01:23:46.0063 5896 BrFiltLo - ok
01:23:46.0078 5896 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
01:23:46.0078 5896 BrFiltUp - ok
01:23:46.0125 5896 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
01:23:46.0125 5896 Browser - ok
01:23:46.0156 5896 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:23:46.0156 5896 Brserid - ok
01:23:46.0187 5896 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:23:46.0187 5896 BrSerWdm - ok
01:23:46.0219 5896 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:23:46.0219 5896 BrUsbMdm - ok
01:23:46.0250 5896 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:23:46.0250 5896 BrUsbSer - ok
01:23:46.0312 5896 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
01:23:46.0312 5896 BthEnum - ok
01:23:46.0343 5896 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
01:23:46.0343 5896 BTHMODEM - ok
01:23:46.0375 5896 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
01:23:46.0375 5896 BthPan - ok
01:23:46.0437 5896 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
01:23:46.0453 5896 BTHPORT - ok
01:23:46.0484 5896 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:23:46.0499 5896 bthserv - ok
01:23:46.0499 5896 [ A5B3E8B2B78C7B3DA56A0DE490E6718C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
01:23:46.0515 5896 BTHSSecurityMgr - ok
01:23:46.0531 5896 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
01:23:46.0531 5896 BTHUSB - ok
01:23:46.0562 5896 [ A0CA8F0493D26E67436929856E32F585 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
01:23:46.0562 5896 btmaux - ok
01:23:46.0593 5896 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
01:23:46.0593 5896 btmhsf - ok
01:23:46.0609 5896 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:23:46.0609 5896 cdfs - ok
01:23:46.0655 5896 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
01:23:46.0655 5896 cdrom - ok
01:23:46.0687 5896 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:23:46.0687 5896 CertPropSvc - ok
01:23:46.0718 5896 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
01:23:46.0718 5896 circlass - ok
01:23:46.0749 5896 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:23:46.0749 5896 CLFS - ok
01:23:46.0811 5896 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:23:46.0811 5896 clr_optimization_v2.0.50727_32 - ok
01:23:46.0827 5896 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:23:46.0827 5896 clr_optimization_v2.0.50727_64 - ok
01:23:46.0874 5896 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:23:46.0889 5896 clr_optimization_v4.0.30319_32 - ok
01:23:46.0921 5896 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:23:46.0936 5896 clr_optimization_v4.0.30319_64 - ok
01:23:46.0967 5896 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
01:23:46.0967 5896 CmBatt - ok
01:23:46.0999 5896 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:23:46.0999 5896 cmdide - ok
01:23:47.0045 5896 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
01:23:47.0045 5896 CNG - ok
01:23:47.0092 5896 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
01:23:47.0092 5896 Compbatt - ok
01:23:47.0139 5896 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
01:23:47.0139 5896 CompositeBus - ok
01:23:47.0155 5896 COMSysApp - ok
01:23:47.0170 5896 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:23:47.0186 5896 crcdisk - ok
01:23:47.0342 5896 [ 63A7739AC9C1E38589B3EDB1DAEB9DF5 ] CronService C:\Prey\platform\windows\cronsvc.exe
01:23:47.0342 5896 CronService - ok
01:23:47.0420 5896 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:23:47.0420 5896 CryptSvc - ok
01:23:47.0467 5896 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:23:47.0482 5896 DcomLaunch - ok
01:23:47.0513 5896 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:23:47.0513 5896 defragsvc - ok
01:23:47.0560 5896 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:23:47.0560 5896 DfsC - ok
01:23:47.0591 5896 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:23:47.0591 5896 Dhcp - ok
01:23:47.0607 5896 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:23:47.0607 5896 discache - ok
01:23:47.0669 5896 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
01:23:47.0669 5896 Disk - ok
01:23:47.0685 5896 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:23:47.0685 5896 Dnscache - ok
01:23:47.0716 5896 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:23:47.0716 5896 dot3svc - ok
01:23:47.0732 5896 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:23:47.0732 5896 DPS - ok
01:23:47.0763 5896 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:23:47.0779 5896 drmkaud - ok
01:23:47.0841 5896 [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
01:23:47.0841 5896 dsNcAdpt - ok
01:23:47.0903 5896 [ 3C2971DEE117DA4D4C147B6737B3463E ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
01:23:47.0903 5896 dsNcService - ok
01:23:47.0950 5896 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:23:47.0950 5896 DXGKrnl - ok
01:23:48.0028 5896 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
01:23:48.0028 5896 e1yexpress - ok
01:23:48.0044 5896 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:23:48.0044 5896 EapHost - ok
01:23:48.0215 5896 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
01:23:48.0262 5896 ebdrv - ok
01:23:48.0325 5896 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:23:48.0325 5896 EFS - ok
01:23:48.0387 5896 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:23:48.0387 5896 ehRecvr - ok
01:23:48.0403 5896 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:23:48.0403 5896 ehSched - ok
01:23:48.0449 5896 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:23:48.0449 5896 elxstor - ok
01:23:48.0481 5896 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:23:48.0481 5896 ErrDev - ok
01:23:48.0527 5896 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:23:48.0527 5896 EventSystem - ok
01:23:48.0637 5896 [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
01:23:48.0652 5896 EvtEng - ok
01:23:48.0668 5896 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:23:48.0683 5896 exfat - ok
01:23:48.0683 5896 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:23:48.0683 5896 fastfat - ok
01:23:48.0730 5896 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:23:48.0746 5896 Fax - ok
01:23:48.0761 5896 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
01:23:48.0761 5896 fdc - ok
01:23:48.0793 5896 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:23:48.0793 5896 fdPHost - ok
01:23:48.0793 5896 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:23:48.0808 5896 FDResPub - ok
01:23:48.0839 5896 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:23:48.0839 5896 FileInfo - ok
01:23:48.0855 5896 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:23:48.0855 5896 Filetrace - ok
01:23:48.0871 5896 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
01:23:48.0871 5896 flpydisk - ok
01:23:48.0902 5896 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:23:48.0902 5896 FltMgr - ok
01:23:48.0964 5896 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
01:23:48.0964 5896 FontCache - ok
01:23:49.0011 5896 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:23:49.0011 5896 FontCache3.0.0.0 - ok
01:23:49.0027 5896 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:23:49.0027 5896 FsDepends - ok
01:23:49.0105 5896 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:23:49.0105 5896 Fs_Rec - ok
01:23:49.0120 5896 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:23:49.0136 5896 fvevol - ok
01:23:49.0151 5896 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:23:49.0167 5896 gagp30kx - ok
01:23:49.0214 5896 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:23:49.0214 5896 gpsvc - ok
01:23:49.0245 5896 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:23:49.0245 5896 hcw85cir - ok
01:23:49.0323 5896 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:23:49.0323 5896 HdAudAddService - ok
01:23:49.0339 5896 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
01:23:49.0339 5896 HDAudBus - ok
01:23:49.0354 5896 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
01:23:49.0354 5896 HidBatt - ok
01:23:49.0370 5896 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
01:23:49.0385 5896 HidBth - ok
01:23:49.0604 5896 [ E2466C30994D7BF8AE01E4019C677670 ] HideMyIpSRV C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe
01:23:49.0682 5896 HideMyIpSRV - ok
01:23:49.0744 5896 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
01:23:49.0744 5896 HidIr - ok
01:23:49.0775 5896 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
01:23:49.0775 5896 hidserv - ok
01:23:49.0822 5896 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:23:49.0822 5896 HidUsb - ok
01:23:49.0853 5896 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:23:49.0853 5896 hkmsvc - ok
01:23:49.0900 5896 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:23:49.0900 5896 HomeGroupListener - ok
01:23:49.0931 5896 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:23:49.0931 5896 HomeGroupProvider - ok
01:23:49.0963 5896 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:23:49.0963 5896 HpSAMD - ok
01:23:50.0009 5896 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:23:50.0025 5896 HTTP - ok
01:23:50.0041 5896 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:23:50.0041 5896 hwpolicy - ok
01:23:50.0072 5896 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:23:50.0072 5896 i8042prt - ok
01:23:50.0087 5896 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\drivers\iaStor.sys
01:23:50.0087 5896 iaStor - ok
01:23:50.0134 5896 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
01:23:50.0134 5896 IAStorDataMgrSvc - ok
01:23:50.0181 5896 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:23:50.0181 5896 iaStorV - ok
01:23:50.0212 5896 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
01:23:50.0228 5896 iBtFltCoex - ok
01:23:50.0321 5896 [ 3A0FF117B4ADC5ABE4D968E26A337158 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
01:23:50.0337 5896 IconMan_R - ok
01:23:50.0384 5896 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:23:50.0384 5896 idsvc - ok
01:23:50.0415 5896 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:23:50.0415 5896 iirsp - ok
01:23:50.0446 5896 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:23:50.0462 5896 IKEEXT - ok
01:23:50.0524 5896 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
01:23:50.0524 5896 intaud_WaveExtensible - ok
01:23:50.0649 5896 [ 245F0288792486CC37924908AF19A553 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:23:50.0711 5896 IntcAzAudAddService - ok
01:23:50.0758 5896 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
01:23:50.0758 5896 IntcDAud - ok
01:23:50.0789 5896 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:23:50.0789 5896 intelide - ok
01:23:51.0273 5896 [ 9937600A1584FF00565D5379EB4C9EDB ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
01:23:51.0523 5896 intelkmd - ok
01:23:51.0554 5896 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
01:23:51.0554 5896 intelppm - ok
01:23:51.0585 5896 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:23:51.0585 5896 IPBusEnum - ok
01:23:51.0616 5896 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:23:51.0616 5896 IpFilterDriver - ok
01:23:51.0648 5896 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:23:51.0648 5896 iphlpsvc - ok
01:23:51.0694 5896 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:23:51.0694 5896 IPMIDRV - ok
01:23:51.0710 5896 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:23:51.0726 5896 IPNAT - ok
01:23:51.0757 5896 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:23:51.0757 5896 IRENUM - ok
01:23:51.0772 5896 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:23:51.0772 5896 isapnp - ok
01:23:51.0804 5896 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:23:51.0804 5896 iScsiPrt - ok
01:23:51.0850 5896 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\drivers\iwdbus.sys
01:23:51.0850 5896 iwdbus - ok
01:23:51.0897 5896 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
01:23:51.0913 5896 jhi_service - ok
01:23:51.0928 5896 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:23:51.0928 5896 kbdclass - ok
01:23:51.0975 5896 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:23:51.0975 5896 kbdhid - ok
01:23:51.0991 5896 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:23:51.0991 5896 KeyIso - ok
01:23:52.0038 5896 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:23:52.0038 5896 KSecDD - ok
01:23:52.0038 5896 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:23:52.0053 5896 KSecPkg - ok
01:23:52.0069 5896 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:23:52.0069 5896 ksthunk - ok
01:23:52.0116 5896 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:23:52.0116 5896 KtmRm - ok
01:23:52.0162 5896 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:23:52.0162 5896 LanmanServer - ok
01:23:52.0178 5896 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:23:52.0194 5896 LanmanWorkstation - ok
01:23:52.0225 5896 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:23:52.0225 5896 lltdio - ok
01:23:52.0240 5896 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:23:52.0240 5896 lltdsvc - ok
01:23:52.0318 5896 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:23:52.0334 5896 lmhosts - ok
01:23:52.0396 5896 [ F4A17DCAB576267C85663E64F3ACE5A4 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
01:23:52.0412 5896 LMS - ok
01:23:52.0459 5896 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:23:52.0459 5896 LSI_FC - ok
01:23:52.0474 5896 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:23:52.0474 5896 LSI_SAS - ok
01:23:52.0490 5896 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
01:23:52.0490 5896 LSI_SAS2 - ok
01:23:52.0506 5896 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:23:52.0506 5896 LSI_SCSI - ok
01:23:52.0537 5896 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:23:52.0537 5896 luafv - ok
01:23:52.0552 5896 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:23:52.0552 5896 Mcx2Svc - ok
01:23:52.0584 5896 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
01:23:52.0584 5896 megasas - ok
01:23:52.0630 5896 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
01:23:52.0646 5896 MegaSR - ok
01:23:52.0662 5896 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
01:23:52.0662 5896 MEIx64 - ok
01:23:52.0693 5896 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:23:52.0693 5896 MMCSS - ok
01:23:52.0708 5896 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:23:52.0708 5896 Modem - ok
01:23:52.0740 5896 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:23:52.0740 5896 monitor - ok
01:23:52.0786 5896 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:23:52.0786 5896 mouclass - ok
01:23:52.0818 5896 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:23:52.0818 5896 mouhid - ok
01:23:52.0833 5896 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:23:52.0833 5896 mountmgr - ok
01:23:52.0927 5896 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:23:52.0927 5896 MozillaMaintenance - ok
01:23:52.0958 5896 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:23:52.0974 5896 mpio - ok
01:23:52.0989 5896 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:23:52.0989 5896 mpsdrv - ok
01:23:53.0036 5896 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:23:53.0036 5896 MpsSvc - ok
01:23:53.0067 5896 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:23:53.0067 5896 MRxDAV - ok
01:23:53.0114 5896 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:23:53.0114 5896 mrxsmb - ok
01:23:53.0145 5896 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:23:53.0145 5896 mrxsmb10 - ok
01:23:53.0161 5896 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:23:53.0161 5896 mrxsmb20 - ok
01:23:53.0176 5896 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:23:53.0176 5896 msahci - ok
01:23:53.0208 5896 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:23:53.0208 5896 msdsm - ok
01:23:53.0223 5896 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:23:53.0223 5896 MSDTC - ok
01:23:53.0239 5896 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:23:53.0239 5896 Msfs - ok
01:23:53.0270 5896 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:23:53.0270 5896 mshidkmdf - ok
01:23:53.0286 5896 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:23:53.0286 5896 msisadrv - ok
01:23:53.0301 5896 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:23:53.0317 5896 MSiSCSI - ok
01:23:53.0317 5896 msiserver - ok
01:23:53.0332 5896 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:23:53.0332 5896 MSKSSRV - ok
01:23:53.0348 5896 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:23:53.0364 5896 MSPCLOCK - ok
01:23:53.0364 5896 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:23:53.0364 5896 MSPQM - ok
01:23:53.0395 5896 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:23:53.0395 5896 MsRPC - ok
01:23:53.0426 5896 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
01:23:53.0426 5896 mssmbios - ok
01:23:53.0457 5896 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:23:53.0457 5896 MSTEE - ok
01:23:53.0473 5896 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
01:23:53.0473 5896 MTConfig - ok
01:23:53.0488 5896 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:23:53.0488 5896 Mup - ok
01:23:53.0520 5896 [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
01:23:53.0520 5896 MyWiFiDHCPDNS - ok
01:23:53.0551 5896 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:23:53.0551 5896 napagent - ok
01:23:53.0582 5896 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:23:53.0598 5896 NativeWifiP - ok
01:23:53.0644 5896 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:23:53.0660 5896 NDIS - ok
01:23:53.0676 5896 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:23:53.0676 5896 NdisCap - ok
01:23:53.0738 5896 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:23:53.0754 5896 NdisTapi - ok
01:23:53.0769 5896 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:23:53.0769 5896 Ndisuio - ok
01:23:53.0785 5896 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:23:53.0785 5896 NdisWan - ok
01:23:53.0800 5896 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:23:53.0800 5896 NDProxy - ok
01:23:53.0816 5896 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:23:53.0816 5896 NetBIOS - ok
01:23:53.0847 5896 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:23:53.0847 5896 NetBT - ok
01:23:53.0863 5896 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:23:53.0878 5896 Netlogon - ok
01:23:53.0925 5896 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:23:53.0925 5896 Netman - ok
01:23:53.0972 5896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:23:53.0988 5896 NetMsmqActivator - ok
01:23:53.0988 5896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:23:53.0988 5896 NetPipeActivator - ok
01:23:54.0003 5896 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:23:54.0019 5896 netprofm - ok
01:23:54.0019 5896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:23:54.0019 5896 NetTcpActivator - ok
01:23:54.0019 5896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:23:54.0019 5896 NetTcpPortSharing - ok
01:23:54.0331 5896 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
01:23:54.0502 5896 NETwNs64 - ok
01:23:54.0518 5896 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:23:54.0518 5896 nfrd960 - ok
01:23:54.0565 5896 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:23:54.0565 5896 NlaSvc - ok
01:23:54.0596 5896 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:23:54.0596 5896 Npfs - ok
01:23:54.0612 5896 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:23:54.0612 5896 nsi - ok
01:23:54.0658 5896 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:23:54.0658 5896 nsiproxy - ok
01:23:54.0705 5896 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:23:54.0721 5896 Ntfs - ok
01:23:54.0736 5896 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:23:54.0736 5896 Null - ok
01:23:54.0768 5896 [ 01266516E6E88D183A2B58722EEB4443 ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
01:23:54.0768 5896 nusb3hub - ok
01:23:54.0799 5896 [ 5EC04F55CC5F165F21752712437DF638 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
01:23:54.0799 5896 nusb3xhc - ok
01:23:55.0688 5896 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:23:55.0938 5896 nvlddmkm - ok
01:23:55.0984 5896 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:23:55.0984 5896 nvraid - ok
01:23:56.0016 5896 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:23:56.0016 5896 nvstor - ok
01:23:56.0031 5896 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:23:56.0047 5896 nv_agp - ok
01:23:56.0094 5896 [ 07571684567859DA796A566CC78FFA74 ] Oasis2Service C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
01:23:56.0094 5896 Oasis2Service - ok
01:23:56.0125 5896 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:23:56.0125 5896 ohci1394 - ok
01:23:56.0250 5896 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:23:56.0250 5896 ose - ok
01:23:56.0499 5896 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:23:56.0593 5896 osppsvc - ok
01:23:56.0655 5896 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:23:56.0655 5896 p2pimsvc - ok
01:23:56.0718 5896 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:23:56.0718 5896 p2psvc - ok
01:23:56.0764 5896 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
01:23:56.0764 5896 Parport - ok
01:23:56.0827 5896 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:23:56.0827 5896 partmgr - ok
01:23:56.0858 5896 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:23:56.0858 5896 PcaSvc - ok
01:23:56.0905 5896 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:23:56.0905 5896 pci - ok
01:23:56.0920 5896 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:23:56.0920 5896 pciide - ok
01:23:56.0967 5896 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:23:56.0967 5896 pcmcia - ok
01:23:56.0983 5896 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:23:56.0998 5896 pcw - ok
01:23:57.0014 5896 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:23:57.0030 5896 PEAUTH - ok
01:23:57.0092 5896 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:23:57.0092 5896 PerfHost - ok
01:23:57.0217 5896 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:23:57.0248 5896 pla - ok
01:23:57.0342 5896 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:23:57.0342 5896 PlugPlay - ok
01:23:57.0451 5896 [ E9605A180001A6B5551112D91DE92CA1 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
01:23:57.0451 5896 PMBDeviceInfoProvider - ok
01:23:57.0482 5896 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:23:57.0482 5896 PNRPAutoReg - ok
01:23:57.0498 5896 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:23:57.0498 5896 PNRPsvc - ok
01:23:57.0576 5896 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:23:57.0591 5896 PolicyAgent - ok
01:23:57.0622 5896 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:23:57.0622 5896 Power - ok
01:23:57.0654 5896 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:23:57.0654 5896 PptpMiniport - ok
01:23:57.0685 5896 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
01:23:57.0685 5896 Processor - ok
01:23:57.0716 5896 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
01:23:57.0732 5896 ProfSvc - ok
01:23:57.0763 5896 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:23:57.0763 5896 ProtectedStorage - ok
01:23:57.0810 5896 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:23:57.0810 5896 Psched - ok
01:23:57.0888 5896 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:23:57.0903 5896 ql2300 - ok
01:23:57.0919 5896 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:23:57.0919 5896 ql40xx - ok
01:23:57.0950 5896 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:23:57.0950 5896 QWAVE - ok
01:23:57.0981 5896 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:23:57.0981 5896 QWAVEdrv - ok
01:23:57.0997 5896 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:23:57.0997 5896 RasAcd - ok
01:23:58.0028 5896 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:23:58.0028 5896 RasAgileVpn - ok
01:23:58.0044 5896 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:23:58.0044 5896 RasAuto - ok
01:23:58.0059 5896 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:23:58.0059 5896 Rasl2tp - ok
01:23:58.0090 5896 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:23:58.0106 5896 RasMan - ok
01:23:58.0122 5896 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:23:58.0122 5896 RasPppoe - ok
01:23:58.0153 5896 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:23:58.0153 5896 RasSstp - ok
01:23:58.0168 5896 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:23:58.0184 5896 rdbss - ok
01:23:58.0200 5896 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
01:23:58.0200 5896 rdpbus - ok
01:23:58.0215 5896 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:23:58.0215 5896 RDPCDD - ok
01:23:58.0231 5896 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:23:58.0231 5896 RDPENCDD - ok
01:23:58.0262 5896 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:23:58.0262 5896 RDPREFMP - ok
01:23:58.0293 5896 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:23:58.0309 5896 RDPWD - ok
01:23:58.0340 5896 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:23:58.0340 5896 rdyboost - ok
01:23:58.0434 5896 [ 52428FEADFD814DFD224227C6F9B7529 ] ReflectService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe
01:23:58.0449 5896 ReflectService.exe - ok
01:23:58.0496 5896 [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
01:23:58.0496 5896 RegSrvc - ok
01:23:58.0527 5896 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:23:58.0527 5896 RemoteAccess - ok
01:23:58.0574 5896 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:23:58.0574 5896 RemoteRegistry - ok
01:23:58.0621 5896 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
01:23:58.0621 5896 RFCOMM - ok
01:23:58.0636 5896 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:23:58.0636 5896 RpcEptMapper - ok
01:23:58.0668 5896 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:23:58.0668 5896 RpcLocator - ok
01:23:58.0699 5896 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
01:23:58.0699 5896 RpcSs - ok
01:23:58.0730 5896 [ 9D21618E7A3B2C75CF1A2ECBBE723730 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
01:23:58.0730 5896 RSPCIESTOR - ok
01:23:58.0761 5896 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:23:58.0761 5896 rspndr - ok
01:23:58.0792 5896 [ 5D63CCD46688B775382AA68EF844510C ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
01:23:58.0808 5896 RtkAudioService - ok
01:23:58.0824 5896 [ EA5532868BA76923D75BCB2A1448D810 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
01:23:58.0824 5896 RTL8167 - ok
01:23:58.0839 5896 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:23:58.0855 5896 SamSs - ok
01:23:58.0933 5896 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
01:23:58.0933 5896 SASDIFSV - ok
01:23:58.0964 5896 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
01:23:58.0964 5896 SASKUTIL - ok
01:23:58.0980 5896 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:23:58.0995 5896 sbp2port - ok
01:23:59.0011 5896 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:23:59.0011 5896 SCardSvr - ok
01:23:59.0026 5896 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:23:59.0026 5896 scfilter - ok
01:23:59.0073 5896 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:23:59.0089 5896 Schedule - ok
01:23:59.0104 5896 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:23:59.0104 5896 SCPolicySvc - ok
01:23:59.0136 5896 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
01:23:59.0136 5896 sdbus - ok
01:23:59.0167 5896 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:23:59.0182 5896 SDRSVC - ok
01:23:59.0276 5896 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
01:23:59.0276 5896 SeaPort - ok
01:23:59.0323 5896 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:23:59.0323 5896 secdrv - ok
01:23:59.0354 5896 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:23:59.0370 5896 seclogon - ok
01:23:59.0385 5896 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
01:23:59.0385 5896 SENS - ok
01:23:59.0401 5896 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:23:59.0401 5896 SensrSvc - ok
01:23:59.0432 5896 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
01:23:59.0448 5896 Serenum - ok
01:23:59.0463 5896 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
01:23:59.0463 5896 Serial - ok
01:23:59.0479 5896 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:23:59.0479 5896 sermouse - ok
01:23:59.0510 5896 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:23:59.0526 5896 SessionEnv - ok
01:23:59.0619 5896 [ 4C99E251D89C95DCAAA26F9243747C99 ] sesvc C:\Program Files (x86)\ShadowExplorer\sesvc.exe
01:23:59.0619 5896 sesvc - ok
01:23:59.0666 5896 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\drivers\SFEP.sys
01:23:59.0666 5896 SFEP - ok
01:23:59.0713 5896 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:23:59.0728 5896 sffdisk - ok
01:23:59.0760 5896 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:23:59.0760 5896 sffp_mmc - ok
01:23:59.0760 5896 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:23:59.0760 5896 sffp_sd - ok
01:23:59.0775 5896 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:23:59.0791 5896 sfloppy - ok
01:23:59.0822 5896 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:23:59.0822 5896 SharedAccess - ok
01:23:59.0853 5896 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:23:59.0869 5896 ShellHWDetection - ok
01:23:59.0900 5896 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
01:23:59.0900 5896 SiSRaid2 - ok
01:23:59.0931 5896 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:23:59.0931 5896 SiSRaid4 - ok
01:23:59.0994 5896 [ 17EAB7852FF9F15FBAAB4E95EFC0B812 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
01:23:59.0994 5896 SkypeUpdate - ok
01:24:00.0040 5896 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:24:00.0040 5896 Smb - ok
01:24:00.0087 5896 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:24:00.0087 5896 SNMPTRAP - ok
01:24:00.0165 5896 [ DDF2EC98AF6FC70608A4F9CE4DB52758 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
01:24:00.0165 5896 SOHCImp - ok
01:24:00.0196 5896 [ 5FA03F5EA6EFEF6D17B4A1A48C40A23C ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
01:24:00.0196 5896 SOHDs - ok
01:24:00.0274 5896 [ 65E5659E9C2A0762D05657C0E22A7CA2 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
01:24:00.0274 5896 SpfService - ok
01:24:00.0306 5896 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:24:00.0306 5896 spldr - ok
01:24:00.0352 5896 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
01:24:00.0352 5896 Spooler - ok
01:24:00.0462 5896 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:24:00.0540 5896 sppsvc - ok
01:24:00.0555 5896 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:24:00.0555 5896 sppuinotify - ok
01:24:00.0602 5896 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:24:00.0618 5896 srv - ok
01:24:00.0633 5896 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:24:00.0649 5896 srv2 - ok
01:24:00.0664 5896 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:24:00.0664 5896 srvnet - ok
01:24:00.0696 5896 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:24:00.0696 5896 SSDPSRV - ok
01:24:00.0711 5896 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:24:00.0711 5896 SstpSvc - ok
01:24:00.0727 5896 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
01:24:00.0727 5896 stexstor - ok
01:24:00.0758 5896 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:24:00.0774 5896 stisvc - ok
01:24:00.0789 5896 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
01:24:00.0789 5896 swenum - ok
01:24:00.0820 5896 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:24:00.0836 5896 swprv - ok
01:24:00.0914 5896 [ E7001F38B797D1CE4264BCE252DFD76E ] SynTP C:\Windows\system32\drivers\SynTP.sys
01:24:00.0930 5896 SynTP - ok
01:24:01.0054 5896 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:24:01.0101 5896 SysMain - ok
01:24:01.0117 5896 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:24:01.0117 5896 TabletInputService - ok
01:24:01.0148 5896 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:24:01.0148 5896 TapiSrv - ok
01:24:01.0164 5896 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:24:01.0164 5896 TBS - ok
01:24:01.0273 5896 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:24:01.0288 5896 Tcpip - ok
01:24:01.0320 5896 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:24:01.0335 5896 TCPIP6 - ok
01:24:01.0366 5896 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:24:01.0366 5896 tcpipreg - ok
01:24:01.0382 5896 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:24:01.0382 5896 TDPIPE - ok
01:24:01.0413 5896 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:24:01.0413 5896 TDTCP - ok
01:24:01.0429 5896 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:24:01.0429 5896 tdx - ok
01:24:01.0632 5896 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
01:24:01.0663 5896 TeamViewer7 - ok
01:24:01.0710 5896 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
01:24:01.0710 5896 TermDD - ok
01:24:01.0741 5896 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:24:01.0741 5896 TermService - ok
01:24:01.0756 5896 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:24:01.0756 5896 Themes - ok
01:24:01.0772 5896 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:24:01.0788 5896 THREADORDER - ok
01:24:01.0819 5896 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
01:24:01.0819 5896 TPM - ok
01:24:01.0834 5896 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:24:01.0834 5896 TrkWks - ok
01:24:01.0912 5896 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:24:01.0928 5896 TrustedInstaller - ok
01:24:01.0944 5896 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:24:01.0944 5896 tssecsrv - ok
01:24:01.0944 5896 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:24:01.0959 5896 TsUsbFlt - ok
01:24:01.0959 5896 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
01:24:01.0959 5896 TsUsbGD - ok
01:24:01.0990 5896 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:24:01.0990 5896 tunnel - ok
01:24:02.0022 5896 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:24:02.0022 5896 uagp35 - ok
01:24:02.0084 5896 [ 1FE69F3C1CA1CF4B7EC7E2E9090FFFDC ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
01:24:02.0084 5896 uCamMonitor - ok
01:24:02.0115 5896 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:24:02.0115 5896 udfs - ok
01:24:02.0162 5896 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:24:02.0162 5896 UI0Detect - ok
01:24:02.0209 5896 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:24:02.0209 5896 uliagpkx - ok
01:24:02.0256 5896 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:24:02.0256 5896 umbus - ok
01:24:02.0287 5896 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
01:24:02.0287 5896 UmPass - ok
01:24:02.0443 5896 [ DB641944F7E4B14C13C3FEFC89843F69 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
01:24:02.0458 5896 UNS - ok
01:24:02.0505 5896 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:24:02.0505 5896 upnphost - ok
01:24:02.0521 5896 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:24:02.0536 5896 usbccgp - ok
01:24:02.0552 5896 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:24:02.0552 5896 usbcir - ok
01:24:02.0583 5896 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
01:24:02.0583 5896 usbehci - ok
01:24:02.0646 5896 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
01:24:02.0646 5896 usbhub - ok
01:24:02.0661 5896 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:24:02.0661 5896 usbohci - ok
01:24:02.0692 5896 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:24:02.0692 5896 usbprint - ok
01:24:02.0724 5896 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
01:24:02.0739 5896 usbscan - ok
01:24:02.0755 5896 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:24:02.0755 5896 USBSTOR - ok
01:24:02.0786 5896 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
01:24:02.0786 5896 usbuhci - ok
01:24:02.0817 5896 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
01:24:02.0817 5896 usbvideo - ok
01:24:02.0848 5896 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:24:02.0848 5896 UxSms - ok
01:24:02.0926 5896 [ 387D3DFFCF0A544539E9C5D8B81169A2 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
01:24:02.0926 5896 VAIO Event Service - ok
01:24:03.0020 5896 [ D1933E428D991B15AFFD48B1A7BEB643 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
01:24:03.0036 5896 VAIO Power Management - ok
01:24:03.0051 5896 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:24:03.0051 5896 VaultSvc - ok
01:24:03.0114 5896 [ D00058C1FFF3F3DE990444A5734E9639 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
01:24:03.0129 5896 VCFw - ok
01:24:03.0176 5896 [ F19275655B42086C884ABCDAE2C659AE ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
01:24:03.0176 5896 VcmIAlzMgr - ok
01:24:03.0223 5896 [ 2F06D134554BA84FE253DBC481DCFE6D ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
01:24:03.0223 5896 VcmINSMgr - ok
01:24:03.0254 5896 [ 32A3735F6874B7783C6209ED5CA36D9D ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
01:24:03.0270 5896 VcmXmlIfHelper - ok
01:24:03.0316 5896 [ 3C7EBB0924B7F469674EA417FDB6D7E3 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
01:24:03.0332 5896 VCService - ok
01:24:03.0348 5896 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:24:03.0363 5896 vdrvroot - ok
01:24:03.0394 5896 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:24:03.0410 5896 vds - ok
01:24:03.0426 5896 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:24:03.0426 5896 vga - ok
01:24:03.0441 5896 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:24:03.0441 5896 VgaSave - ok
01:24:03.0457 5896 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:24:03.0457 5896 vhdmp - ok
01:24:03.0472 5896 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:24:03.0488 5896 viaide - ok
01:24:03.0519 5896 [ 6AD85F32EA4AA65BB2EA652F2B9D4005 ] VIPAppService C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
01:24:03.0519 5896 VIPAppService - ok
01:24:03.0535 5896 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:24:03.0535 5896 volmgr - ok
01:24:03.0566 5896 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:24:03.0566 5896 volmgrx - ok
01:24:03.0628 5896 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:24:03.0628 5896 volsnap - ok
01:24:03.0675 5896 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:24:03.0675 5896 vsmraid - ok
01:24:03.0722 5896 [ 8BE8C47D5B09F5550DCBF6FCD8832CCB ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
01:24:03.0738 5896 VSNService - ok
01:24:03.0800 5896 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:24:03.0816 5896 VSS - ok
01:24:03.0894 5896 [ 0826112CC64529AD5CF28AC6DD6EBA44 ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
01:24:03.0909 5896 VUAgent - ok
01:24:03.0925 5896 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
01:24:03.0940 5896 vwifibus - ok
01:24:03.0956 5896 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
01:24:03.0956 5896 vwififlt - ok
01:24:03.0972 5896 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
01:24:03.0972 5896 vwifimp - ok
01:24:03.0987 5896 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:24:03.0987 5896 W32Time - ok
01:24:04.0003 5896 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:24:04.0003 5896 WacomPen - ok
01:24:04.0034 5896 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:24:04.0034 5896 WANARP - ok
01:24:04.0050 5896 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:24:04.0050 5896 Wanarpv6 - ok
01:24:04.0112 5896 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
01:24:04.0128 5896 WatAdminSvc - ok
01:24:04.0174 5896 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:24:04.0190 5896 wbengine - ok
01:24:04.0221 5896 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:24:04.0237 5896 WbioSrvc - ok
01:24:04.0252 5896 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:24:04.0268 5896 wcncsvc - ok
01:24:04.0284 5896 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:24:04.0284 5896 WcsPlugInService - ok
01:24:04.0299 5896 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
01:24:04.0315 5896 Wd - ok
01:24:04.0346 5896 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:24:04.0346 5896 Wdf01000 - ok
01:24:04.0362 5896 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:24:04.0362 5896 WdiServiceHost - ok
01:24:04.0362 5896 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:24:04.0377 5896 WdiSystemHost - ok
01:24:04.0424 5896 [ 63CE387483E74A0BD79EE4E5EBA1FD2E ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
01:24:04.0424 5896 wdkmd - ok
01:24:04.0440 5896 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:24:04.0455 5896 WebClient - ok
01:24:04.0471 5896 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:24:04.0471 5896 Wecsvc - ok
01:24:04.0486 5896 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:24:04.0486 5896 wercplsupport - ok
01:24:04.0502 5896 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:24:04.0518 5896 WerSvc - ok
01:24:04.0549 5896 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:24:04.0549 5896 WfpLwf - ok
01:24:04.0564 5896 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:24:04.0580 5896 WIMMount - ok
01:24:04.0580 5896 WinDefend - ok
01:24:04.0596 5896 WinHttpAutoProxySvc - ok
01:24:04.0642 5896 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:24:04.0642 5896 Winmgmt - ok
01:24:04.0705 5896 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:24:04.0720 5896 WinRM - ok
01:24:04.0767 5896 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:24:04.0783 5896 Wlansvc - ok
01:24:04.0830 5896 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:24:04.0830 5896 wlcrasvc - ok
01:24:05.0298 5896 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:24:05.0329 5896 wlidsvc - ok
01:24:05.0360 5896 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:24:05.0376 5896 WmiAcpi - ok
01:24:05.0407 5896 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:24:05.0407 5896 wmiApSrv - ok
01:24:05.0438 5896 WMPNetworkSvc - ok
01:24:05.0469 5896 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:24:05.0469 5896 WPCSvc - ok
01:24:05.0485 5896 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:24:05.0500 5896 WPDBusEnum - ok
01:24:05.0516 5896 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:24:05.0516 5896 ws2ifsl - ok
01:24:05.0532 5896 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
01:24:05.0532 5896 wscsvc - ok
01:24:05.0532 5896 WSearch - ok
01:24:05.0719 5896 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:24:05.0781 5896 wuauserv - ok
01:24:05.0922 5896 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:24:05.0922 5896 WudfPf - ok
01:24:05.0968 5896 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:24:05.0968 5896 WUDFRd - ok
01:24:06.0000 5896 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:24:06.0000 5896 wudfsvc - ok
01:24:06.0031 5896 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
01:24:06.0031 5896 WwanSvc - ok
01:24:06.0109 5896 ================ Scan global ===============================
01:24:06.0124 5896 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:24:06.0171 5896 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
01:24:06.0187 5896 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
01:24:06.0202 5896 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:24:06.0249 5896 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:24:06.0249 5896 [Global] - ok
01:24:06.0249 5896 ================ Scan MBR ==================================
01:24:06.0265 5896 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:24:06.0967 5896 \Device\Harddisk0\DR0 - ok
01:24:06.0967 5896 ================ Scan VBR ==================================
01:24:07.0014 5896 [ C4818B17C7C1075EE8F6FF6BFACCAF6D ] \Device\Harddisk0\DR0\Partition1
01:24:07.0014 5896 \Device\Harddisk0\DR0\Partition1 - ok
01:24:07.0045 5896 [ 62FE386246823D23E5463001351B4A68 ] \Device\Harddisk0\DR0\Partition2
01:24:07.0045 5896 \Device\Harddisk0\DR0\Partition2 - ok
01:24:07.0045 5896 ============================================================
01:24:07.0045 5896 Scan finished
01:24:07.0045 5896 ============================================================
01:24:07.0060 7640 Detected object count: 0
01:24:07.0060 7640 Actual detected object count: 0

#7 Blixx

Blixx
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 03 October 2012 - 03:49 AM

From ESET instructions:

"5.Click the button.

6.Accept any security warnings from your browser.


7.Under scan settings, check and check Remove found threats

8.Click Advanced settings and select the following:•Scan potentially unwanted applications

•Scan for potentially unsafe applications

•Enable Anti-Stealth technology


9.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time."





After step #5, ESET gave the following instruction (I was using IE 9.0) which is not mentioned in your instructions:

"Click here to install the following ActiveX control: 'OnlineScanner.cab' from 'ESET, spol.s r.o.'..."


Can you confirm that this is normal and I should accept it?

It's not mentioned in your instructions.

Edited by Blixx, 03 October 2012 - 03:50 AM.


#8 Blixx

Blixx
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 03 October 2012 - 03:55 AM

I'd like to mention that after my OP here, but before beginning to follow your instructions, I had done a Full scan with MBAM, and a Full Scan as well as a Boot Scan with my real time antivirus, avast! Free Antivirus.
None of these found anything.

I also did a full scan with SUPERAntiSpyware Free Edition, which also found nothing, other than a bunch of tracking cookies which the other 2 antivirus didn't deem important enough to delete (I did delete them).

The only real time antivirus I use is avast!

Edited by Blixx, 03 October 2012 - 03:58 AM.


#9 Blixx

Blixx
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 03 October 2012 - 04:02 AM

I did find the following thread in the Mozilla Support Forum:

http://support.mozilla.org/en-US/questions/748176?page=1



In it, several people afflicted with the Scour redirect (I don't know if my redirect is specifically Scour) had success getting rid of it with ComboFix.

My IE 9 is not affected by it, only my Firefox.
I'm quite sure I picked it up using streaming sports sites.
Someone in the thread mentioned something about a Security Certificate.
That made me recall that I had accepted a bad security certificate - that was probably or very likely what caused the redirect. I'm usually very cautious - can't remember what exactly made me fall for this - probably a site where I've legitimately seen that before - or because long ago I stopped taking those warnings seriously (although now I will) as legitimate sites sometimes have those warnings pop up, and it's been my understanding that if a company doesn't pay Microsoft for an approved certificate it causes the warning.

Edited by Blixx, 03 October 2012 - 04:07 AM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:30 AM

Posted 03 October 2012 - 06:27 PM

One more thing,, In FireFox it may be the Add ons/Plugins. try disabling them one at a time and see which one was at fault.

How to disable extensions and plugins

Keeping your third-party plugins up to date


If you still redirect then we will need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#11 Blixx

Blixx
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 03 October 2012 - 06:30 PM

Please read my post #7.

You have failed to respond to the question there.

Also - as I've pointed out previously, you have never answered several of my initial questions - see questions #1 and #2 in my OP.

Thank you.

Edited by Blixx, 03 October 2012 - 06:32 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 62,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:30 AM

Posted 03 October 2012 - 07:20 PM

Hello, I am sorry, I swore I replied to that earlier today.. I must not ave hit post... Anyway...

Yes insyall the active x it is needed.

Do not run Combofix yet. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer.

If the ESET and FF plugins from post 9 fail to fix it then do the Prep guide. After we review that log we will determine if we want to use Combofix with you.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#13 Blixx

Blixx
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 04 October 2012 - 06:37 AM

ESET found 8 files:


C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Default\aaoknidagnpjfkldecjkkagjfljpeeje\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Rick\AppData\Local\Temp\Temp1_SopCast.zip\Setup-SopCast-3.5.0-2012-3-22.exe Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Rick\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\6ef6f7a3-1924c6fc multiple threats deleted - quarantined
C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\b0bsday5.default\extensions\[email protected] JS/Redirector.NBX trojan deleted - quarantined
C:\Users\Rick\Desktop\Downloads\avc-free (1).exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Rick\Desktop\Downloads\avc-free.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Rick\Desktop\Downloads\winamp5621_full_emusic-7plus_en-us.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Rick\Documents\SopCast\Setup-SopCast-3.5.0-2012-3-22.exe Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined

#14 Blixx

Blixx
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 04 October 2012 - 06:52 AM

However, the specific redirect I was trying to get rid of was seemingly stopped when I used your suggestion of:

"One more thing,, In FireFox it may be the Add ons/Plugins. try disabling them one at a time and see which one was at fault.

How to disable extensions and plugins".



It seems it was caused by a Firefox Add on/Extension.
I found a thread in which someone you were helping found the same thing for the same problem:

http://www.bleepingcomputer.com/forums/topic448623.html

"Posted 03 April 2012 - 03:31 PM

Thanks! In the Add On - Extensions Tab there is Performance Cache 1.0. I disabled it and so far haven't had any redirect problems."


I disabled it, and it seemed to stop the redirects, and now after the ESET scan it's gone - apparently ESET quarantined it.

I suppose this is it: "C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\b0bsday5.default\extensions\[email protected] JS/Redirector.NBX trojan deleted - quarantined".

Edited by Blixx, 04 October 2012 - 07:02 AM.


#15 Blixx

Blixx
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 04 October 2012 - 06:54 AM

Thank you for your help.



Now my only remaining question is:


Why do you ignore my questions 1 and 2 in my op, which I've pointed out to you twice since you originally ignored it?

I don't understand. Is it that you don't know the answer? Is it your policy to simply ignore some of the questions you are asked?
??????????




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users